summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStef Walter <stefw@redhat.com>2016-11-29 13:30:55 +0100
committerStef Walter <stefw@redhat.com>2016-11-29 13:32:23 +0100
commit561ee23f218c7a68a2ef46525502f978e56fc1bb (patch)
tree8deb8569f109a0e9dea11736f56ad5e47f42dc11
parenta96f354c3068edb6c8ac80ae6d9a6611651145d7 (diff)
downloadp11-kit-master.tar.gz
MOVED TO: https://github.com/p11-glue/p11-kitHEADmaster
This repository has moved to GitHub to allow further contributions and more flexibility who can merge changes. More details here: https://lists.freedesktop.org/archives/p11-glue/2016-November/000626.html
Diffstat
-rw-r--r--AUTHORS1
-rw-r--r--ChangeLog31
-rw-r--r--HACKING7
-rw-r--r--Makefile.am108
-rw-r--r--NEWS300
-rw-r--r--README4
-rwxr-xr-xautogen.sh37
-rwxr-xr-xautomaint.sh52
-rw-r--r--build/certs/Makefile51
-rw-r--r--build/certs/cacert-ca.derbin1857 -> 0 bytes
-rw-r--r--build/certs/cacert3.derbin1885 -> 0 bytes
-rw-r--r--build/certs/distant-end-date.derbin366 -> 0 bytes
-rw-r--r--build/certs/entrust-invalid.derbin1120 -> 0 bytes
-rw-r--r--build/certs/redhat-newca.derbin948 -> 0 bytes
-rw-r--r--build/certs/self-server.derbin396 -> 0 bytes
-rw-r--r--build/certs/self-signed-with-eku.derbin480 -> 0 bytes
-rw-r--r--build/certs/self-signed-with-ku.derbin478 -> 0 bytes
-rw-r--r--build/certs/testing-ca.derbin970 -> 0 bytes
-rw-r--r--build/certs/testing-server.derbin554 -> 0 bytes
-rw-r--r--build/certs/verisign-v1.derbin576 -> 0 bytes
-rw-r--r--build/certs/with-eku.conf19
-rw-r--r--build/certs/with-ku.conf19
-rw-r--r--build/gtk-doc.make259
-rw-r--r--build/litter/.empty1
-rw-r--r--build/m4/.empty1
-rw-r--r--build/tx-update66
-rw-r--r--common/Makefile.am111
-rw-r--r--common/argv.c115
-rw-r--r--common/argv.h44
-rw-r--r--common/array.c129
-rw-r--r--common/array.h68
-rw-r--r--common/attrs.c903
-rw-r--r--common/attrs.h136
-rw-r--r--common/buffer.c197
-rw-r--r--common/buffer.h93
-rw-r--r--common/compat.c924
-rw-r--r--common/compat.h341
-rw-r--r--common/constants.c708
-rw-r--r--common/constants.h82
-rw-r--r--common/debug.c158
-rw-r--r--common/debug.h145
-rw-r--r--common/dict.c389
-rw-r--r--common/dict.h180
-rw-r--r--common/frob-getauxval.c61
-rw-r--r--common/frob-getenv.c65
-rw-r--r--common/hash.c174
-rw-r--r--common/hash.h47
-rw-r--r--common/lexer.c239
-rw-r--r--common/lexer.h84
-rw-r--r--common/library.c212
-rw-r--r--common/library.h74
-rw-r--r--common/message.c172
-rw-r--r--common/message.h66
-rw-r--r--common/mock.c3975
-rw-r--r--common/mock.h1134
-rw-r--r--common/path.c325
-rw-r--r--common/path.h69
-rw-r--r--common/pkcs11.h1398
-rw-r--r--common/pkcs11i.h505
-rw-r--r--common/pkcs11x.h149
-rw-r--r--common/test-array.c209
-rw-r--r--common/test-attrs.c757
-rw-r--r--common/test-buffer.c199
-rw-r--r--common/test-compat.c145
-rw-r--r--common/test-constants.c102
-rw-r--r--common/test-dict.c522
-rw-r--r--common/test-hash.c106
-rw-r--r--common/test-lexer.c253
-rw-r--r--common/test-message.c65
-rw-r--r--common/test-path.c216
-rw-r--r--common/test-tests.c95
-rw-r--r--common/test-url.c164
-rw-r--r--common/test.c548
-rw-r--r--common/test.h152
-rw-r--r--common/tool.c333
-rw-r--r--common/tool.h65
-rw-r--r--common/url.c133
-rw-r--r--common/url.h60
-rw-r--r--configure.ac539
-rw-r--r--doc/Makefile.am6
-rw-r--r--doc/internal/persist-format.txt59
-rw-r--r--doc/manual/Makefile.am169
-rw-r--r--doc/manual/annotation-glossary.xml67
-rw-r--r--doc/manual/docbook-params.xsl39
-rw-r--r--doc/manual/p11-kit-config.xml98
-rw-r--r--doc/manual/p11-kit-devel.xml323
-rw-r--r--doc/manual/p11-kit-docs.xml45
-rw-r--r--doc/manual/p11-kit-overrides.txt0
-rw-r--r--doc/manual/p11-kit-proxy.xml29
-rw-r--r--doc/manual/p11-kit-sections.txt136
-rw-r--r--doc/manual/p11-kit-sharing.xml110
-rw-r--r--doc/manual/p11-kit-trust.xml128
-rw-r--r--doc/manual/p11-kit.xml131
-rw-r--r--doc/manual/pkcs11.conf.xml281
-rw-r--r--doc/manual/style.css116
-rw-r--r--doc/manual/trust.xml372
-rw-r--r--p11-kit/Makefile.am253
-rw-r--r--p11-kit/conf.c509
-rw-r--r--p11-kit/conf.h75
-rw-r--r--p11-kit/deprecated.h97
-rw-r--r--p11-kit/docs.h38
-rw-r--r--p11-kit/fixtures/package-modules/four.module5
-rw-r--r--p11-kit/fixtures/package-modules/win32/four.module4
-rw-r--r--p11-kit/fixtures/system-modules/one.module5
-rw-r--r--p11-kit/fixtures/system-modules/two-duplicate.module4
-rw-r--r--p11-kit/fixtures/system-modules/two.badname6
-rw-r--r--p11-kit/fixtures/system-modules/win32/one.module4
-rw-r--r--p11-kit/fixtures/system-modules/win32/two-duplicate.module4
-rw-r--r--p11-kit/fixtures/system-modules/win32/two.badname6
-rw-r--r--p11-kit/fixtures/system-pkcs11.conf6
-rw-r--r--p11-kit/fixtures/test-1.conf6
-rw-r--r--p11-kit/fixtures/test-pinfile1
-rw-r--r--p11-kit/fixtures/test-pinfile-large53
-rw-r--r--p11-kit/fixtures/test-system-invalid.conf3
-rw-r--r--p11-kit/fixtures/test-system-merge.conf7
-rw-r--r--p11-kit/fixtures/test-system-none.conf8
-rw-r--r--p11-kit/fixtures/test-system-only.conf8
-rw-r--r--p11-kit/fixtures/test-user-invalid.conf3
-rw-r--r--p11-kit/fixtures/test-user-only.conf4
-rw-r--r--p11-kit/fixtures/test-user.conf3
-rw-r--r--p11-kit/fixtures/user-modules/one.module4
-rw-r--r--p11-kit/fixtures/user-modules/three.module6
-rw-r--r--p11-kit/fixtures/user-modules/win32/one.module2
-rw-r--r--p11-kit/fixtures/user-modules/win32/three.module6
-rw-r--r--p11-kit/frob-setuid.c95
-rw-r--r--p11-kit/iter.c983
-rw-r--r--p11-kit/iter.h117
-rw-r--r--p11-kit/lists.c290
-rw-r--r--p11-kit/log.c2022
-rw-r--r--p11-kit/log.h53
-rw-r--r--p11-kit/messages.c242
-rw-r--r--p11-kit/mock-module-ep.c54
-rw-r--r--p11-kit/mock-module-ep2.c56
-rw-r--r--p11-kit/mock-module-ep3.c68
-rw-r--r--p11-kit/modules.c2704
-rw-r--r--p11-kit/modules.h51
-rw-r--r--p11-kit/p11-kit-1.pc.in22
-rw-r--r--p11-kit/p11-kit.c135
-rw-r--r--p11-kit/p11-kit.h122
-rw-r--r--p11-kit/pin.c704
-rw-r--r--p11-kit/pin.h107
-rw-r--r--p11-kit/pkcs11.conf.example.in9
-rw-r--r--p11-kit/pkcs11.h40
-rw-r--r--p11-kit/print-messages.c137
-rw-r--r--p11-kit/private.h67
-rw-r--r--p11-kit/proxy.c2425
-rw-r--r--p11-kit/proxy.h43
-rw-r--r--p11-kit/remote.c111
-rw-r--r--p11-kit/remote.h56
-rw-r--r--p11-kit/rpc-client.c2104
-rw-r--r--p11-kit/rpc-message.c769
-rw-r--r--p11-kit/rpc-message.h370
-rw-r--r--p11-kit/rpc-server.c2017
-rw-r--r--p11-kit/rpc-transport.c864
-rw-r--r--p11-kit/rpc.h95
-rw-r--r--p11-kit/test-conf.c456
-rw-r--r--p11-kit/test-deprecated.c513
-rw-r--r--p11-kit/test-init.c420
-rw-r--r--p11-kit/test-iter.c1512
-rw-r--r--p11-kit/test-log.c112
-rw-r--r--p11-kit/test-managed.c271
-rw-r--r--p11-kit/test-mock.c1685
-rw-r--r--p11-kit/test-modules.c453
-rw-r--r--p11-kit/test-pin.c313
-rw-r--r--p11-kit/test-progname.c86
-rw-r--r--p11-kit/test-proxy.c296
-rw-r--r--p11-kit/test-rpc.c1061
-rw-r--r--p11-kit/test-transport.c318
-rw-r--r--p11-kit/test-uri.c1512
-rw-r--r--p11-kit/test-util.c59
-rw-r--r--p11-kit/test-virtual.c171
-rw-r--r--p11-kit/uri.c1490
-rw-r--r--p11-kit/uri.h177
-rw-r--r--p11-kit/util.c295
-rw-r--r--p11-kit/virtual.c2975
-rw-r--r--p11-kit/virtual.h68
-rw-r--r--po/LINGUAS71
-rw-r--r--po/Makevars41
-rw-r--r--po/POTFILES.in2
-rw-r--r--po/ar.po342
-rw-r--r--po/as.po342
-rw-r--r--po/az.po342
-rw-r--r--po/bg.po342
-rw-r--r--po/bn_IN.po342
-rw-r--r--po/boldquot.sed10
-rw-r--r--po/ca.po342
-rw-r--r--po/ca@valencia.po342
-rw-r--r--po/cs.po343
-rw-r--r--po/cy.po342
-rw-r--r--po/da.po343
-rw-r--r--po/de.po344
-rw-r--r--po/el.po343
-rw-r--r--po/en@boldquot.header25
-rw-r--r--po/en@quot.header22
-rw-r--r--po/en_GB.po343
-rw-r--r--po/eo.po343
-rw-r--r--po/es.po344
-rw-r--r--po/et.po342
-rw-r--r--po/eu.po342
-rw-r--r--po/fa.po342
-rw-r--r--po/fi.po345
-rw-r--r--po/fo.po342
-rw-r--r--po/fr.po344
-rw-r--r--po/ga.po342
-rw-r--r--po/gl.po343
-rw-r--r--po/gu.po342
-rw-r--r--po/he.po342
-rw-r--r--po/hi.po342
-rw-r--r--po/hr.po343
-rw-r--r--po/hu.po344
-rw-r--r--po/ia.po342
-rw-r--r--po/id.po343
-rw-r--r--po/insert-header.sin23
-rw-r--r--po/it.po345
-rw-r--r--po/ja.po343
-rw-r--r--po/ka.po343
-rw-r--r--po/kk.po343
-rw-r--r--po/kn.po342
-rw-r--r--po/ko.po345
-rw-r--r--po/lt.po342
-rw-r--r--po/lv.po343
-rw-r--r--po/ml.po342
-rw-r--r--po/mr.po342
-rw-r--r--po/ms.po342
-rw-r--r--po/nb.po342
-rw-r--r--po/nl.po343
-rw-r--r--po/nn.po342
-rw-r--r--po/oc.po342
-rw-r--r--po/or.po342
-rw-r--r--po/pa.po343
-rw-r--r--po/pl.po343
-rw-r--r--po/pt.po342
-rw-r--r--po/pt_BR.po343
-rw-r--r--po/quot.sed6
-rw-r--r--po/remove-potcdate.sin19
-rw-r--r--po/ro.po342
-rw-r--r--po/ru.po345
-rw-r--r--po/sk.po344
-rw-r--r--po/sl.po343
-rw-r--r--po/sq.po342
-rw-r--r--po/sr.po343
-rw-r--r--po/sr@latin.po342
-rw-r--r--po/sv.po343
-rw-r--r--po/ta.po342
-rw-r--r--po/te.po342
-rw-r--r--po/th.po342
-rw-r--r--po/tr.po343
-rw-r--r--po/uk.po343
-rw-r--r--po/vi.po342
-rw-r--r--po/wa.po342
-rw-r--r--po/zh_CN.po344
-rw-r--r--po/zh_HK.po342
-rw-r--r--po/zh_TW.po343
-rw-r--r--trust/Makefile.am295
-rw-r--r--trust/anchor.c660
-rw-r--r--trust/anchor.h43
-rw-r--r--trust/asn1.c374
-rw-r--r--trust/asn1.h86
-rw-r--r--trust/base64.c251
-rw-r--r--trust/base64.h59
-rw-r--r--trust/basic.asn12
-rw-r--r--trust/basic.asn.h13
-rw-r--r--trust/builder.c1872
-rw-r--r--trust/builder.h67
-rw-r--r--trust/digest.c632
-rw-r--r--trust/digest.h60
-rw-r--r--trust/enumerate.c743
-rw-r--r--trust/enumerate.h107
-rw-r--r--trust/extract-cer.c116
-rw-r--r--trust/extract-jks.c330
-rw-r--r--trust/extract-openssl.c696
-rw-r--r--trust/extract-pem.c178
-rw-r--r--trust/extract.c322
-rw-r--r--trust/extract.h86
-rw-r--r--trust/fixtures/cacert-ca.derbin1857 -> 0 bytes
-rw-r--r--trust/fixtures/cacert3-distrust-all.pem44
-rw-r--r--trust/fixtures/cacert3-distrusted-all.pem43
-rw-r--r--trust/fixtures/cacert3-not-trusted.pem42
-rw-r--r--trust/fixtures/cacert3-trusted-alias.pem42
-rw-r--r--trust/fixtures/cacert3-trusted-keyid.pem42
-rw-r--r--trust/fixtures/cacert3-trusted-server-alias.pem43
-rw-r--r--trust/fixtures/cacert3-trusted.pem43
-rw-r--r--trust/fixtures/cacert3-twice.pem84
-rw-r--r--trust/fixtures/cacert3.derbin1885 -> 0 bytes
-rw-r--r--trust/fixtures/cacert3.pem42
-rw-r--r--trust/fixtures/distrusted.pem23
-rw-r--r--trust/fixtures/empty-file0
-rw-r--r--trust/fixtures/multiple.pem58
-rw-r--r--trust/fixtures/openssl-trust-no-trust.pem27
-rw-r--r--trust/fixtures/redhat-ca.derbin948 -> 0 bytes
-rw-r--r--trust/fixtures/self-signed-with-eku.derbin480 -> 0 bytes
-rw-r--r--trust/fixtures/self-signed-with-ku.derbin478 -> 0 bytes
-rw-r--r--trust/fixtures/simple-string1
-rw-r--r--trust/fixtures/testing-server.derbin554 -> 0 bytes
-rw-r--r--trust/fixtures/thawte.pem25
-rw-r--r--trust/fixtures/unrecognized-file.txt1
-rw-r--r--trust/fixtures/verisign-v1.derbin576 -> 0 bytes
-rw-r--r--trust/fixtures/verisign-v1.pem15
-rw-r--r--trust/frob-bc.c102
-rw-r--r--trust/frob-cert.c134
-rw-r--r--trust/frob-eku.c103
-rw-r--r--trust/frob-ext.c119
-rw-r--r--trust/frob-ku.c126
-rw-r--r--trust/frob-multi-init.c69
-rw-r--r--trust/frob-nss-trust.c221
-rw-r--r--trust/frob-oid.c102
-rw-r--r--trust/frob-pow.c57
-rw-r--r--trust/frob-token.c64
-rw-r--r--trust/index.c912
-rw-r--r--trust/index.h127
-rw-r--r--trust/input/anchors/cacert3.derbin1885 -> 0 bytes
-rw-r--r--trust/input/anchors/testing-ca.derbin970 -> 0 bytes
-rw-r--r--trust/input/blacklist/self-server.derbin396 -> 0 bytes
-rw-r--r--trust/input/cacert-ca.derbin1857 -> 0 bytes
-rw-r--r--trust/input/distrusted.pem23
-rw-r--r--trust/input/verisign-v1.p11-kit17
-rw-r--r--trust/list.c260
-rw-r--r--trust/list.h43
-rw-r--r--trust/module.c1837
-rw-r--r--trust/module.h42
-rw-r--r--trust/oid.c96
-rw-r--r--trust/oid.h236
-rw-r--r--trust/openssl.asn28
-rw-r--r--trust/openssl.asn.h28
-rw-r--r--trust/p11-kit-trust.module17
-rw-r--r--trust/parser.c762
-rw-r--r--trust/parser.h89
-rw-r--r--trust/pem.c288
-rw-r--r--trust/pem.h58
-rw-r--r--trust/persist.c768
-rw-r--r--trust/persist.h63
-rw-r--r--trust/pkix.asn566
-rw-r--r--trust/pkix.asn.h408
-rw-r--r--trust/save.c593
-rw-r--r--trust/save.h85
-rw-r--r--trust/session.c97
-rw-r--r--trust/session.h66
-rw-r--r--trust/test-asn1.c164
-rw-r--r--trust/test-base64.c204
-rw-r--r--trust/test-builder.c2237
-rw-r--r--trust/test-bundle.c272
-rw-r--r--trust/test-cer.c247
-rw-r--r--trust/test-digest.c143
-rw-r--r--trust/test-enumerate.c538
-rw-r--r--trust/test-extract.in189
-rw-r--r--trust/test-index.c1144
-rw-r--r--trust/test-module.c1218
-rw-r--r--trust/test-oid.c127
-rw-r--r--trust/test-openssl.c662
-rw-r--r--trust/test-parser.c567
-rw-r--r--trust/test-pem.c341
-rw-r--r--trust/test-persist.c635
-rw-r--r--trust/test-save.c595
-rw-r--r--trust/test-token.c793
-rw-r--r--trust/test-trust.c333
-rw-r--r--trust/test-trust.h431
-rw-r--r--trust/test-utf8.c244
-rw-r--r--trust/test-x509.c416
-rw-r--r--trust/token.c909
-rw-r--r--trust/token.h68
-rwxr-xr-xtrust/trust-extract-compat.in32
-rw-r--r--trust/trust.c69
-rw-r--r--trust/types.h54
-rw-r--r--trust/utf8.c329
-rw-r--r--trust/utf8.h53
-rw-r--r--trust/x509.c370
-rw-r--r--trust/x509.h89
367 files changed, 10 insertions, 106672 deletions
diff --git a/AUTHORS b/AUTHORS
deleted file mode 100644
index 27270fb..0000000
--- a/AUTHORS
+++ /dev/null
@@ -1 +0,0 @@
-Stef Walter <stefw@collabora.co.uk>
diff --git a/ChangeLog b/ChangeLog
deleted file mode 100644
index 0be3835..0000000
--- a/ChangeLog
+++ /dev/null
@@ -1,31 +0,0 @@
-=== ChangeLog is autogenerated ===
-
- This project relys on commit messages to provide change history. Please
- write commit messages in the following format:
-
-=== begin example commit ===
-
- Short explanation of the commit
-
- Longer explanation explaining exactly what's changed, whether any
- external or private interfaces changed, what bugs were fixed (with bug
- tracker reference if applicable) and so forth. Be concise but not too
- brief.
-
-=== end example commit ===
-
- - Always add a brief description of the commit to the _first_ line of
- the commit and terminate by two newlines. This may be the title of
- a fixed bug, copied from Bugzilla.
-
- - First line (the brief description) must only be one sentence and
- should start with a capital letter unless it starts with a
- lowercase symbol or identifier. Don't use a trailing full stop,
- and don't exceed 72 characters.
-
- - The main description (the body) is normal prose and should use
- normal punctuation and capital letters where appropriate.
-
- - When committing code on behalf of others use the --author option,
- e.g. git commit -a --author "Joe Coder <joe@coder.org>" and
- --signoff.
diff --git a/HACKING b/HACKING
index 5fa9570..acb2e65 100644
--- a/HACKING
+++ b/HACKING
@@ -1,4 +1,9 @@
-HACKING p11-kit
+MOVED: The code for p11-kit has moved:
+
+https://github.com/p11-glue/p11-kit
+
+
+HACKING on p11-kit
* Documentation on developing p11-kit:
http://p11-glue.freedesktop.org/doc/p11-kit/devel.html
diff --git a/Makefile.am b/Makefile.am
deleted file mode 100644
index f310068..0000000
--- a/Makefile.am
+++ /dev/null
@@ -1,108 +0,0 @@
-
-NULL =
-WEBHOST = anarchy.freedesktop.org
-WEBBASE = /srv/p11-glue.freedesktop.org/www
-
-AM_CPPFLAGS = \
- -I$(top_srcdir) \
- -I$(top_srcdir)/common \
- -DBINDIR=\"$(bindir)\" \
- -DBUILDDIR=\"$(abs_builddir)\" \
- -DDATA_DIR=\"$(datadir)\" \
- -DPRIVATEDIR=\"$(privatedir)\" \
- -DSRCDIR=\"$(abs_srcdir)\" \
- -DSYSCONFDIR=\"$(sysconfdir)\" \
- -DP11_KIT_FUTURE_UNSTABLE_API
-
-bin_PROGRAMS =
-private_PROGRAMS =
-
-CHECK_PROGS =
-
-EXTRA_DIST = HACKING
-
-incdir = $(includedir)/p11-kit-1/p11-kit
-inc_HEADERS =
-
-lib_LTLIBRARIES =
-
-noinst_LTLIBRARIES =
-noinst_PROGRAMS = $(CHECK_PROGS)
-noinst_SCRIPTS =
-
-TESTS = $(CHECK_PROGS)
-
-include common/Makefile.am
-include p11-kit/Makefile.am
-
-if WITH_TRUST_MODULE
-include trust/Makefile.am
-endif
-
-SUBDIRS = . doc po
-
-ACLOCAL_AMFLAGS = -I build/m4
-
-DISTCHECK_CONFIGURE_FLAGS = \
- --enable-doc \
- --disable-coverage \
- --enable-strict \
- CFLAGS='-O2'
-
-
-MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet
-
-LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes
-
-HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind
-
-memcheck: all
- make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(MEMCHECK_ENV)" check-TESTS
-
-leakcheck: all
- make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS
-
-hellcheck: all
- make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS
-
-dist-hook:
- @if test -d "$(srcdir)/.git"; \
- then \
- echo Creating ChangeLog && \
- ( cd "$(top_srcdir)" && \
- echo '# Generate automatically. Do not edit.'; echo; \
- $(top_srcdir)/missing --run git log --stat --date=short ) > ChangeLog.tmp \
- && mv -f ChangeLog.tmp $(top_distdir)/ChangeLog \
- || ( rm -f ChangeLog.tmp ; \
- echo Failed to generate ChangeLog >&2 ); \
- else \
- echo A git clone is required to generate a ChangeLog >&2; \
- fi
-
-if WITH_COVERAGE
-coverage:
- mkdir -p build/coverage
- $(LCOV) --directory . --zerocounters
- $(MAKE) check
- $(LCOV) --directory . --capture --output-file build/coverage.info
- $(GENHTML) --output-directory build/coverage \
- --title "p11-kit $(PACKAGE_VERSION)" \
- build/coverage.info
- @echo "file://$(abs_top_builddir)/build/coverage/index.html"
-
-upload-coverage: coverage
- rsync -Hvax build/coverage/./ $(WEBHOST):$(WEBBASE)/build/coverage/./
-endif
-
-if ENABLE_GTK_DOC
-upload-doc: all
- rsync -Hvax --exclude doc --exclude build \
- doc/manual/html/./ $(WEBHOST):$(WEBBASE)/doc/p11-kit/./
-endif
-
-upload-release: $(DIST_ARCHIVES)
- gpg --detach-sign --local-user 'stef@thewalter.net' $<
- scp $< $<.sig $(WEBHOST):$(WEBBASE)/releases/
-
-transifex:
- cd $(srcdir) && sh build/tx-update
diff --git a/NEWS b/NEWS
deleted file mode 100644
index 0cf48e4..0000000
--- a/NEWS
+++ /dev/null
@@ -1,300 +0,0 @@
-0.23.2 (devel)
- * Fix forking issues with libffi [#90289 ...]
- * Updated translations
- * Build fixes [#90827 #89081 #92434 #92520 #92445 #92551 #92843 #92842 #92807 #93211 ...]
-
-0.23.1 (devel)
- * Use new PKCS#11 URI draft fields for URIs [#86474 #87582]
- * Add pem-directory-hash extract format
- * Build fixes
-
-0.22.1 (stable)
- * Use SubjectKeyIdentifier for CKA_ID when available [#84761]
- * Allow 'BEGIN PuBLIC KEY' PEM blocks in .p11-kit files
- * Bump libtool library version
- * Build fixes [#84665 ...]
-
-0.22.0 (stable)
- * Remove the 'isolated = yes' option due to unclear semantics
- replacement forth coming in later versions.
- * Use secure_getenv() where necessary
- * Run separate binary for 'p11-kit remote' command
-
-0.21.3 (unstable)
- * New public pkcs11x.h header containing extensions [#83495]
- * Export necessary defines to lookup attached extensions [#83495]
- * Use term 'attached extensions' rather than 'stabled extensions'
- * Make proxy module respect 'critical = no' [#83651]
- * Show public-key-info in 'trust list --details'
- * Build fixes [#75674 ...]
-
-0.21.2 (unstable)
- * Don't use invalid keys for looking up stapled extensions [#82328]
- * Better error messages when invalid certificate extensions
- * Fix parsing of some odd OpenSSL TRUSTED CERTIFICATE files
- * Fix some leaks, and memory issues
- * Silence some clang scanner warnings
- * Fix build against older pthread implementations [#82617]
- * Move to a non-recursive Makefile
- * Can now specify which tests to run on command line
-
-0.21.1 (unstable)
- * Add new 'isolate' pkcs11 config option [#80472]
- * Add 'p11-kit remote' command for isolating modules [#54105]
- * Don't complain about C_Finalize after a fork
- * Other minor fixes
-
-0.20.3 (stable)
- * Fix problems reinitializing managed modules after fork
- * Fix bad bookeeping when fail initializing one of the modules
- * Fix case where module would be unloaded while in use [#74919]
- * Remove assertions when module used before initialized [#74919]
- * Fix handling of mmap failure and mapping empty files [#74773]
- * Stable p11_kit_be_quiet() and p11_kit_be_loud() functions
- * Require automake 1.12 or later
- * Build fixes for Windows [#76594 #74149]
-
-0.20.2 (stable)
- * Fix bug where blacklist didn't affect extracted ca-anchors if the anchor
- and blacklist were not in the same trust path (regression) [#73558]
- * Check for race in BasicConstraints stapled extension [#69314]
- * autogen.sh now runs configure as srcdir != builddir by default
- * Build fixes and cleanup
-
-0.20.1 (stable)
- * Extract compat trust data after we've changes
- * Skip compat extraction if running as non-root
- * Better failure messages when removing anchors
- * Build cleanup
-
-0.20.0 (stable)
- * Doc fixes
-
-0.19.4 (unstable)
- * 'trust anchor' now adds/removes certificate anchors
- * 'trust list' lists trust policy stuff
- * 'p11-kit extract' is now 'trust extract'
- * 'p11-kit extract-trust' is now 'trust extract-compat'
- * Workarounds for working on broken zfsonlinux.org [#68525]
- * Add --with-module-config parameter to the configure script [#68122]
- * Add support for removing stored PKCS#11 objects in trust module
- * Various debugging tweaks
-
-0.19.3 (unstable)
- * Fix up problems with automake testing
- * Fix a bunch of memory leaks in newly refactored code
- * Don't use _GNU_SOURCE and the unportability it brings
- * Testing fixes
-
-0.19.2 (unstable)
- * Add basic 'trust anchor' command to store a new anchor
- * Support for writing out trust token objects
- * Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec
- * Add option to use freebl for hashing
- * Implement reloading of token data
- * Fix warnings and possible minor bugs higlighted by code scanners
- * Don't load configs in home directories when running setuid or setgid
- * Support treating ~/.config as $XDG_CONFIG_HOME
- * Use $XDG_DATA_HOME/pkcs11 as default user config directory
- * Use $TMPDIR instead of $TEMP while testing
- * Open files and fds with O_CLOEXEC
- * Abort initialization if a critical module fails to load
- * Don't use thread-unsafe functions: strerror, getpwuid
- * Fix p11_kit_space_strlen() result when empty string
- * Refactoring of where various components live
- * Build fixes
-
-0.19.1 (unstable)
- * Refactor API to be able to handle managed modules
- * Deprecate much of old p11-kit API
- * Implement concept of managed modules
- * Make C_CloseAllSessions function work for multiple callers
- * New dependency on libffi
- * Fix possible threading problems reported by hellgrind
- * Add log-calls option
- * Mark p11_kit_message() as a stable function
- * Use our own unit testing framework
-
-0.18.3 (stable)
- * Fix reinitialization of trust module [#65401]
- * Fix crash in trust module C_Initialize
- * Mac OS fixes [#57714]
-
-0.18.2 (stable)
- * Build fixes [#64378 ...]
-
-0.18.1 (stable)
- * Put the external tools in $libdir/p11-kit
- * Documentation build fixes
-
-0.18.0 (stable)
- * Fix use of trust module with gcr and empathy [#62896]
- * Further tweaks to trust module date parsing
- * Fix unaligned memory reads [#62819]
- * Win32 fixes [#63062, #63046]
- * Debug and logging tweaks [#62874]
- * Other build fixes
-
-0.17.5 (unstable)
- * Don't try to guess at overflowing time values on 32-bit systems [#62825]
- * Test fixes [#927394]
-
-0.17.4 (unstable)
- * Check for duplicate certificates in a token, warn and discard [#62548]
- * Implement a proper index so we have decent load performance
-
-0.17.3 (unstable)
- * Use descriptive labels for the trust module tokens [#62534]
- * Remove the temporary built in distrust objects
- * Make extracted output directories and files read-only [#61898]
- * Don't export unneccessary ABI
- * Build fixes [#62479]
-
-0.17.2 (unstable)
- * Fix build on 32-bit linux
- * Fix several crashers
-
-0.17.1 (unstable)
- * Support a p11-kit specific PKCS#11 attribute persistance format [#62156]
- * Use the SHA1 hash of SPKI as the CKA_ID in the trust module by default [#62329]
- * Refactor a trust builder which builds objects out of parsed data [#62329]
- * Combine trust policy when extracting certificates [#61497]
- * The extract --comment option adds comments to PEM bundles [#62029]
- * A new 'priority' config option for ordering modules [#61978]
- * Make each configured path its own trust module token [#61499]
- * Use --with-trust-paths to configure trust module [#62327]
- * Fix bug decoding some PEM files
- * Better debug output for trust module lookups
- * Work around bug in NSS when doing serial number lookups
- * Work around broken strndup() function in firefox
- * Fix the nickname for the distrusted attribute
- * Build fixes
-
-0.16.4 (stable)
- * Display per command help again [#62153]
- * Don't always print tools debug output [#62152]
-
-0.16.3 (stable)
- * When iterating don't skip tokens without the CKF_TOKEN_INITIALIZED flag
- * Hardcode some distrust records for NSS temporarily
- * Parse global options better in the p11-kit command
- * Better debugging
-
-0.16.2 (stable)
- * Fix regression in 'p11-kit extract --purpose' option [#62009]
- * Documentation updates
- * Build fixes [#62001, ...]
-
-0.16.1 (stable)
- * Don't break when cA field of BasicConstraints is missing [#61975]
- * Documentation fixes and updates
- * p11-kit extract-trust is a placeholder script now
-
-0.16.0 (stable)
- * Update the pkcs11.h header for new mechanisms
- * Fix build and tests on mingw64 (ie: win32)
- * Relicense LGPL code to BSD license
- * Documentation tweaks
- * Pull translations from Transifex [#60792]
- * Build fixes [#61739, #60894, #61740]
-
-0.15.2 (unstable)
- * Add German and Finish translations
- * Better define the libtasn1 dependency
- * Crasher and bug fixes
- * Build fixes
-
-0.15.1 (unstable)
- * Fix some memory leaks
- * Add a location for packages to drop module configs
- * Documentation updates and fixes
- * Add command line tool manual page
- * Remove unused err() function and friends
- * Move more code into common/ directory and refactor
- * Add a system trust policy module
- * Refactor how the p11-kit command line tool works
- * Add p11-kit extract and extract-trust commands
- * Don't complain if we cannot access ~/.pkcs11/pkcs11.conf
- * Refuse to load the p11-kit-proxy.so as a registered module
- * Don't fail initialization if last initialized module fails
-
-0.14
- * Change default for user-config to merge
- * Always URI-encode the 'id' attribute in PKCS#11 URIs
- * Expect a .module extension on module configs
- * Windows compatibility fixes
- * Testing fixes
- * Build fixes
-
-0.13
- * Don't allow reading of PIN files larger than 4096 bytes
- * If a module is not marked as critical then ignore init failure
- * Use preconditions to check for input problems and out of memory
- * Add enable-in and disable-in options to module config
- * Fix the flags in pin.h
- * Use gcc extensions to check varargs during compile
- * Fix crasher when a duplicate module is present
- * Fix broken hashmap behavior
- * Testing fixes
- * Win32 build fixes
- * 'p11-kit -h' now works
- * Documentation fixes
-
-0.12
- * Build fix
-
-0.11
- * Remove automatic reinitialization of PKCS#11 after fork
-
-0.10
- * Build fixes, for windows, gcc 4.6.1
-
-0.9
- * p11-kit can't be used as a static library
- * Fix problems crashing when freeing TLS on windows
- * Add debug output to windows init and uninit of library
- * Build fixes, especially for windows
-
-0.8
- * Rename non-static functions to have a _p11_xxx prefix
- * No concurrent calling of C_Initialize and C_Finalize
- * Print more information in 'p11-kit -l'
- * Initial port to win32
- * Build, testing fixes
-
-0.7
- * Expand p11-kit config variables correctly invarious build scenarios
- * Add test tool to print out error messages
- * Build fix on FreeBSD
-
-0.6
- * Add concept of a default module directory from which modules with
- relative paths are loaded.
- * Renamed pkg-config variables to make it clearer what's what.
-
-0.5
- * Fix crasher in p11_kit_registered_modules()
- * Add 'critical' setting for modules, which defaults to 'no'
- * Fix initialization issues in the proxy module
-
-0.4
- * Fix endless loop if module forks during initialization
- * Update PKCS#11 URI code for new draft of spec
- * Don't fail when duplicate modules are configured
- * Better debug output
- * Add example configuration documentation
- * Support whitespace in PKCS#11 URIs
-
-0.3
- * Rewrite hash table, and simplify licensing.
- * Correct paths for p11-kit config files.
- * Many build fixes and tweaks.
-
-0.2
- * List token labels in 'p11-kit -l'
- * Add API's for handing the pinfile part of URIs
- * Use /etc/pkcs11 by default instead of ${prefix}/etc/pkcs11
- * Bug fixes
-
-0.1
- * Initial release
diff --git a/README b/README
index 5e9943a..42f44f6 100644
--- a/README
+++ b/README
@@ -1,3 +1,7 @@
+MOVED: The code for p11-kit has moved:
+
+https://github.com/p11-glue/p11-kit
+
P11-KIT
Provides a way to load and enumerate PKCS#11 modules. Provides a standard
diff --git a/autogen.sh b/autogen.sh
deleted file mode 100755
index 94b54ab..0000000
--- a/autogen.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/sh -e
-
-set -e
-
-oldpwd=$(pwd)
-topdir=$(dirname $0)
-cd $topdir
-
-# Some boiler plate to get git setup as expected
-if test -d .git; then
- if test -f .git/hooks/pre-commit.sample && \
- test ! -f .git/hooks/pre-commit; then
- cp -pv .git/hooks/pre-commit.sample .git/hooks/pre-commit
- fi
-fi
-
-set -x
-
-gettextize=$(which gettextize || true)
-if test -z "$gettextize"; then
- echo "Couldn't find gettextize" >&2
- exit 1
-fi
-
-# Copied from avahi's autogen.sh to work around gettext braindamage
-rm -f Makefile.am~ configure.ac~
-# Evil, evil, evil, evil hack
-sed 's/read dummy/\#/' $gettextize | sh -s -- --copy --force --no-changelog
-test -f Makefile.am~ && mv Makefile.am~ Makefile.am
-test -f configure.ac~ && mv configure.ac~ configure.ac
-
-autoreconf --force --install --verbose
-if test x"$NOCONFIGURE" = x; then
- cd $oldpwd
- exec $topdir/configure "$@"
-fi
-
diff --git a/automaint.sh b/automaint.sh
deleted file mode 100755
index 8859dcc..0000000
--- a/automaint.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/sh
-
-set -e
-
-NOCONFIGURE=1 ./autogen.sh
-
-ARGS="--enable-strict --enable-debug"
-CROSS="x86_64-w64-mingw32"
-
-configure()
-(
- build=$1
- shift
-
- pwd=$(pwd)
- mkdir -p $build
- cd $build
- echo "Configuring for: $build" >&2
- echo $pwd/configure "$@" >&2
- $pwd/configure "$@"
-)
-
-# Configure the local build. To control which arguments are used create a
-# CONFIG_SITE script as directed in the autoconf documentation:
-# http://www.gnu.org/software/autoconf/manual/autoconf.html#Site-Defaults
-configure ./build --prefix=/usr --enable-doc --enable-coverage $ARGS "$@"
-
-# Configure the cross builds
-for cross in $CROSS; do
- configure ./$cross --prefix=/opt/$cross --host=$cross $ARGS "$@"
-done
-
-# B
-
-(
- echo "CROSS = $CROSS"
-
- for target in all check clean distclean; do
- echo "$target:"
- echo ' $(MAKE) -C ./build' $target
- echo ' @for dir in $(CROSS); do \'
- echo ' $(MAKE) -C ./$$dir' $target '; \'
- echo ' done'
- done
-
- for target in distcheck memcheck leakcheck hellcheck install upload-coverage \
- coverage upload-doc upload-release transifex; do
- echo "$target:"
- echo ' $(MAKE) -C ./build' $target
- done
-
-) > ./makefile
diff --git a/build/certs/Makefile b/build/certs/Makefile
deleted file mode 100644
index 033ecde..0000000
--- a/build/certs/Makefile
+++ /dev/null
@@ -1,51 +0,0 @@
-
-# Note that nothing here is distributed. It just lives in the git repository
-# We copy everything into its final location, and those test files are
-# distributed in the tarballs
-
-TRUST = ../../trust
-
-prepare-certs:
- cp -v cacert3.der $(TRUST)/input/anchors
- cp -v cacert3.der $(TRUST)/fixtures
- cp -v cacert3.der $(TRUST)/fixtures
- openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3.pem
- openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3.pem
- cat $(TRUST)/fixtures/cacert3.pem $(TRUST)/fixtures/cacert3.pem > $(TRUST)/fixtures/cacert3-twice.pem
- openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3-trusted.pem \
- -addtrust serverAuth -addreject emailProtection \
- -setalias "Custom Label"
- cp $(TRUST)/fixtures/cacert3-trusted.pem $(TRUST)/fixtures/cacert3-trusted-server-alias.pem
- openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3-trusted-alias.pem \
- -setalias "Custom Label"
- openssl x509 -in cacert3.der -inform DER -out $(TRUST)/fixtures/cacert3-distrust-all.pem \
- -addreject serverAuth -addreject clientAuth -addreject codeSigning \
- -addreject emailProtection -addreject ipsecEndSystem -addreject ipsecTunnel \
- -addreject ipsecUser -addreject timeStamping
- openssl x509 -in verisign-v1.der -inform DER -out $(TRUST)/fixtures/verisign-v1.pem \
- -setalias "Custom Label"
- cat $(TRUST)/fixtures/cacert3-trusted-server-alias.pem \
- $(TRUST)/fixtures/verisign-v1.pem > $(TRUST)/fixtures/multiple.pem
- cp -v cacert-ca.der $(TRUST)/input
- cp -v cacert-ca.der $(TRUST)/fixtures
- openssl x509 -in redhat-newca.der -inform DER -out $(TRUST)/fixtures/distrusted.pem \
- -addreject clientAuth -setalias "Red Hat Is the CA"
- cp -v $(TRUST)/fixtures/distrusted.pem $(TRUST)/input
- cp -v self-server.der $(TRUST)/input/blacklist
- cp -v self-signed-with-eku.der $(TRUST)/fixtures
- cp -v self-signed-with-ku.der $(TRUST)/fixtures
- cp -v testing-ca.der $(TRUST)/input/anchors
- cp -v testing-server.der $(TRUST)/fixtures
-
-# Rebuild the self-signed certificates. This is almost never necessary and
-# will require other changes in the code, mostly here as documentation
-build-self-signed:
- openssl req -new -x509 -outform DER -out self-signed-with-eku.der \
- -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-eku.example.com \
- -config with-eku.conf -set_serial 888 -extensions v3_ca
- openssl req -new -x509 -outform DER -out self-signed-with-ku.der \
- -newkey rsa -keyout /dev/null -nodes -subj /CN=self-signed-with-ku.example.com \
- -config with-ku.conf -set_serial 888 -extensions v3_ca
- openssl req -new -x509 -outform DER -out distant-end-date.der \
- -newkey rsa:512 -keyout /dev/null -nodes -subj /CN=far-in-the-future.example.com \
- -config with-ku.conf -set_serial 999 -extensions v3_ca -days 20000
diff --git a/build/certs/cacert-ca.der b/build/certs/cacert-ca.der
deleted file mode 100644
index 719b0ff..0000000
--- a/build/certs/cacert-ca.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/cacert3.der b/build/certs/cacert3.der
deleted file mode 100644
index 56f8c88..0000000
--- a/build/certs/cacert3.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/distant-end-date.der b/build/certs/distant-end-date.der
deleted file mode 100644
index 1b3fd47..0000000
--- a/build/certs/distant-end-date.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/entrust-invalid.der b/build/certs/entrust-invalid.der
deleted file mode 100644
index 7be5c18..0000000
--- a/build/certs/entrust-invalid.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/redhat-newca.der b/build/certs/redhat-newca.der
deleted file mode 100644
index affae24..0000000
--- a/build/certs/redhat-newca.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/self-server.der b/build/certs/self-server.der
deleted file mode 100644
index 68fe9af..0000000
--- a/build/certs/self-server.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/self-signed-with-eku.der b/build/certs/self-signed-with-eku.der
deleted file mode 100644
index 33e0760..0000000
--- a/build/certs/self-signed-with-eku.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/self-signed-with-ku.der b/build/certs/self-signed-with-ku.der
deleted file mode 100644
index 51bb227..0000000
--- a/build/certs/self-signed-with-ku.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/testing-ca.der b/build/certs/testing-ca.der
deleted file mode 100644
index d3f70ea..0000000
--- a/build/certs/testing-ca.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/testing-server.der b/build/certs/testing-server.der
deleted file mode 100644
index cf2de65..0000000
--- a/build/certs/testing-server.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/verisign-v1.der b/build/certs/verisign-v1.der
deleted file mode 100644
index bcd5ebb..0000000
--- a/build/certs/verisign-v1.der
+++ /dev/null
Binary files differ
diff --git a/build/certs/with-eku.conf b/build/certs/with-eku.conf
deleted file mode 100644
index 8eab21d..0000000
--- a/build/certs/with-eku.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# Use with the following command
-# $ openssl req -new -x509 -outform DER -out self-signed-with-ku.pem \
-# -newkey rsa -keyout self-signed-with-ku.key -nodes \
-# -config with-ku.conf -set_serial 888 -extensions v3_ca
-#
-
-[ req ]
-default_bits = 1024
-distinguished_name = req_distinguished_name
-x509_extensions = v3_ca
-dirstring_type = nobmp
-
-[ req_distinguished_name ]
-commonName = Common Name
-commonName_max = 64
-
-[ v3_ca ]
-keyUsage=keyCertSign,digitalSignature \ No newline at end of file
diff --git a/build/certs/with-ku.conf b/build/certs/with-ku.conf
deleted file mode 100644
index aa0acc1..0000000
--- a/build/certs/with-ku.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# Use with the following command
-# $ openssl req -new -x509 -outform DER -out self-signed-with-eku.pem \
-# -newkey rsa -keyout self-signed-with-eku.key -nodes \
-# -config with-eku.conf -set_serial 888 -extensions v3_ca
-#
-
-[ req ]
-default_bits = 1024
-distinguished_name = req_distinguished_name
-x509_extensions = v3_ca
-dirstring_type = nobmp
-
-[ req_distinguished_name ]
-commonName = Common Name
-commonName_max = 64
-
-[ v3_ca ]
-extendedKeyUsage=clientAuth,emailProtection,1.2.3.4 \ No newline at end of file
diff --git a/build/gtk-doc.make b/build/gtk-doc.make
deleted file mode 100644
index 4709268..0000000
--- a/build/gtk-doc.make
+++ /dev/null
@@ -1,259 +0,0 @@
-# -*- mode: makefile -*-
-
-####################################
-# Everything below here is generic #
-####################################
-
-if GTK_DOC_USE_LIBTOOL
-GTKDOC_CC = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-GTKDOC_LD = $(LIBTOOL) --tag=CC --mode=link $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS)
-GTKDOC_RUN = $(LIBTOOL) --mode=execute
-else
-GTKDOC_CC = $(CC) $(INCLUDES) $(GTKDOC_DEPS_CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-GTKDOC_LD = $(CC) $(GTKDOC_DEPS_LIBS) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS)
-GTKDOC_RUN =
-endif
-
-# We set GPATH here; this gives us semantics for GNU make
-# which are more like other make's VPATH, when it comes to
-# whether a source that is a target of one rule is then
-# searched for in VPATH/GPATH.
-#
-GPATH = $(srcdir)
-
-TARGET_DIR=$(HTML_DIR)/$(DOC_MODULE)
-
-SETUP_FILES = \
- $(content_files) \
- $(DOC_MAIN_SGML_FILE) \
- $(DOC_MODULE)-sections.txt \
- $(DOC_MODULE)-overrides.txt \
- style.css
-
-EXTRA_DIST = \
- $(HTML_IMAGES) \
- $(SETUP_FILES)
-
-DOC_STAMPS=setup-build.stamp scan-build.stamp sgml-build.stamp \
- html-build.stamp pdf-build.stamp \
- sgml.stamp html.stamp pdf.stamp
-
-SCANOBJ_FILES = \
- $(DOC_MODULE).args \
- $(DOC_MODULE).hierarchy \
- $(DOC_MODULE).interfaces \
- $(DOC_MODULE).prerequisites \
- $(DOC_MODULE).signals
-
-REPORT_FILES = \
- $(DOC_MODULE)-undocumented.txt \
- $(DOC_MODULE)-undeclared.txt \
- $(DOC_MODULE)-unused.txt
-
-CLEANFILES = $(SCANOBJ_FILES) $(REPORT_FILES) $(DOC_STAMPS)
-
-if ENABLE_GTK_DOC
-if GTK_DOC_BUILD_HTML
-HTML_BUILD_STAMP=html-build.stamp
-else
-HTML_BUILD_STAMP=
-endif
-if GTK_DOC_BUILD_PDF
-PDF_BUILD_STAMP=pdf-build.stamp
-else
-PDF_BUILD_STAMP=
-endif
-
-all-local: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP)
-else
-all-local:
-endif
-
-docs: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP)
-
-$(REPORT_FILES): sgml-build.stamp
-
-#### setup ####
-
-setup-build.stamp:
- -@if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \
- echo ' DOC Preparing build'; \
- files=`echo $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types`; \
- if test "x$$files" != "x" ; then \
- for file in $$files ; do \
- test -f $(abs_srcdir)/$$file && \
- cp -pu $(abs_srcdir)/$$file $(abs_builddir)/ || true; \
- done; \
- fi; \
- fi
- @touch setup-build.stamp
-
-
-#### scan ####
-
-scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB)
- @echo ' DOC Scanning header files'
- @_source_dir='' ; \
- for i in $(DOC_SOURCE_DIR) ; do \
- _source_dir="$${_source_dir} --source-dir=$$i" ; \
- done ; \
- gtkdoc-scan --module=$(DOC_MODULE) --ignore-headers="$(IGNORE_HFILES)" $${_source_dir} $(SCAN_OPTIONS) $(EXTRA_HFILES)
- @if grep -l '^..*$$' $(DOC_MODULE).types > /dev/null 2>&1 ; then \
- echo " DOC Introspecting gobjects"; \
- scanobj_options=""; \
- gtkdoc-scangobj 2>&1 --help | grep >/dev/null "\-\-verbose"; \
- if test "$(?)" = "0"; then \
- if test "x$(V)" = "x1"; then \
- scanobj_options="--verbose"; \
- fi; \
- fi; \
- CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" RUN="$(GTKDOC_RUN)" CFLAGS="$(GTKDOC_CFLAGS) $(CFLAGS)" LDFLAGS="$(GTKDOC_LIBS) $(LDFLAGS)" \
- gtkdoc-scangobj $(SCANGOBJ_OPTIONS) $$scanobj_options --module=$(DOC_MODULE); \
- else \
- for i in $(SCANOBJ_FILES) ; do \
- test -f $$i || touch $$i ; \
- done \
- fi
- @touch scan-build.stamp
-
-$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES): scan-build.stamp
- @true
-
-#### xml ####
-
-sgml-build.stamp: setup-build.stamp $(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt $(expand_content_files)
- @echo ' DOC Building XML'
- @_source_dir='' ; \
- for i in $(DOC_SOURCE_DIR) ; do \
- _source_dir="$${_source_dir} --source-dir=$$i" ; \
- done ; \
- gtkdoc-mkdb --module=$(DOC_MODULE) --output-format=xml --expand-content-files="$(expand_content_files)" --main-sgml-file=$(DOC_MAIN_SGML_FILE) $${_source_dir} $(MKDB_OPTIONS)
- @touch sgml-build.stamp
-
-sgml.stamp: sgml-build.stamp
- @true
-
-#### html ####
-
-html-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) $(srcdir)/style.css
- @echo ' DOC Building HTML'
- @rm -rf html
- @mkdir html
- @mkhtml_options=""; \
- gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-verbose"; \
- if test "$(?)" = "0"; then \
- if test "x$(V)" = "x1"; then \
- mkhtml_options="$$mkhtml_options --verbose"; \
- fi; \
- fi; \
- gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-path"; \
- if test "$(?)" = "0"; then \
- mkhtml_options="$$mkhtml_options --path=\"$(abs_srcdir)\""; \
- fi; \
- cd html && gtkdoc-mkhtml $$mkhtml_options $(MKHTML_OPTIONS) $(DOC_MODULE) ../$(DOC_MAIN_SGML_FILE)
- -@test "x$(HTML_IMAGES)" = "x" || \
- for file in $(HTML_IMAGES) ; do \
- if test -f $(abs_srcdir)/$$file ; then \
- cp $(abs_srcdir)/$$file $(abs_builddir)/html; \
- fi; \
- if test -f $(abs_builddir)/$$file ; then \
- cp $(abs_builddir)/$$file $(abs_builddir)/html; \
- fi; \
- done;
- @echo ' DOC Fixing cross-references'
- @gtkdoc-fixxref --module=$(DOC_MODULE) --module-dir=html --html-dir=$(HTML_DIR) $(FIXXREF_OPTIONS)
- @mv $(builddir)/html/style.css $(builddir)/html/gtk-doc.css
- @cp $(srcdir)/style.css $(builddir)/html/style.css
- @touch html-build.stamp
-
-#### pdf ####
-
-pdf-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files)
- @echo ' DOC Building PDF'
- @rm -f $(DOC_MODULE).pdf
- @mkpdf_options=""; \
- gtkdoc-mkpdf 2>&1 --help | grep >/dev/null "\-\-verbose"; \
- if test "$(?)" = "0"; then \
- if test "x$(V)" = "x1"; then \
- mkpdf_options="$$mkpdf_options --verbose"; \
- fi; \
- fi; \
- if test "x$(HTML_IMAGES)" != "x"; then \
- for img in $(HTML_IMAGES); do \
- part=`dirname $$img`; \
- echo $$mkpdf_options | grep >/dev/null "\-\-imgdir=$$part "; \
- if test $$? != 0; then \
- mkpdf_options="$$mkpdf_options --imgdir=$$part"; \
- fi; \
- done; \
- fi; \
- gtkdoc-mkpdf --path="$(abs_srcdir)" $$mkpdf_options $(DOC_MODULE) $(DOC_MAIN_SGML_FILE) $(MKPDF_OPTIONS)
- @touch pdf-build.stamp
-
-##############
-
-clean-local:
- @rm -f *~ *.bak
- @rm -rf .libs
-
-distclean-local:
- @rm -rf xml html $(REPORT_FILES) $(DOC_MODULE).pdf \
- $(DOC_MODULE)-decl-list.txt $(DOC_MODULE)-decl.txt
- @if test "$(abs_srcdir)" != "$(abs_builddir)" ; then \
- rm -f $(SETUP_FILES) $(expand_content_files) $(DOC_MODULE).types; \
- fi
-
-maintainer-clean-local: clean
- @rm -rf xml html
-
-install-data-local:
- @installfiles=`echo $(builddir)/html/*`; \
- if test "$$installfiles" = '$(builddir)/html/*'; \
- then echo 1>&2 'Nothing to install' ; \
- else \
- if test -n "$(DOC_MODULE_VERSION)"; then \
- installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \
- else \
- installdir="$(DESTDIR)$(TARGET_DIR)"; \
- fi; \
- $(mkinstalldirs) $${installdir} ; \
- for i in $$installfiles; do \
- echo ' $(INSTALL_DATA) '$$i ; \
- $(INSTALL_DATA) $$i $${installdir}; \
- done; \
- if test -n "$(DOC_MODULE_VERSION)"; then \
- mv -f $${installdir}/$(DOC_MODULE).devhelp2 \
- $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp2; \
- fi; \
- $(GTKDOC_REBASE) --relative --dest-dir=$(DESTDIR) --html-dir=$${installdir}; \
- fi
-
-uninstall-local:
- @if test -n "$(DOC_MODULE_VERSION)"; then \
- installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \
- else \
- installdir="$(DESTDIR)$(TARGET_DIR)"; \
- fi; \
- rm -rf $${installdir}
-
-#
-# Require gtk-doc when making dist
-#
-if ENABLE_GTK_DOC
-dist-check-gtkdoc:
-else
-dist-check-gtkdoc:
- @echo "*** gtk-doc must be installed and --enable-doc in order to make dist"
- @false
-endif
-
-dist-hook: dist-check-gtkdoc dist-hook-local
- @mkdir $(distdir)/html
- @cp ./html/* $(distdir)/html
- @-cp ./$(DOC_MODULE).pdf $(distdir)/
- @-cp ./$(DOC_MODULE).types $(distdir)/
- @-cp ./$(DOC_MODULE)-sections.txt $(distdir)/
- @cd $(distdir) && rm -f $(DISTCLEANFILES)
- @$(GTKDOC_REBASE) --online --relative --html-dir=$(distdir)/html
-
-.PHONY : dist-hook-local docs
diff --git a/build/litter/.empty b/build/litter/.empty
deleted file mode 100644
index be533a1..0000000
--- a/build/litter/.empty
+++ /dev/null
@@ -1 +0,0 @@
-Stub file to track in git
diff --git a/build/m4/.empty b/build/m4/.empty
deleted file mode 100644
index be533a1..0000000
--- a/build/m4/.empty
+++ /dev/null
@@ -1 +0,0 @@
-Stub file to track in git
diff --git a/build/tx-update b/build/tx-update
deleted file mode 100644
index 5d61335..0000000
--- a/build/tx-update
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/bin/sh
-
-set -euf
-
-TX_PROJECT="p11-kit"
-TX_HOST="https://www.transifex.com"
-TX_RESOURCE="$TX_PROJECT.master"
-
-fail()
-{
- echo "tx-update: $@" >&2
- exit 2
-}
-
-tx_langs()
-(
- cd .tx/$TX_RESOURCE
- ls | sed 's/_translation//'
-)
-
-lingua_langs()
-{
- cat po/LINGUAS | while read lang extra; do
- case $lang in \
- \#*) ;;
- en) ;;
- *) echo -n "$lang "
- esac
- done
-}
-
-if [ ! -d po ]; then
- fail "run this script in the top level project directory"
-fi
-
-if [ ! -d .tx ]; then
- tx init --host=$TX_HOST
- tx set --source -r $TX_RESOURCE -l en po/$TX_PROJECT.pot
-fi
-
-# Push source to server
-tx push -s
-
-# Pull from the server
-tx pull -a
-
-pull_again="no"
-
-# Update LINGUAS
-for lang in $(tx_langs); do
- if ! grep -qw $lang po/LINGUAS; then
- echo $lang >> po/LINGUAS
- pull_again="yes"
- fi
-done
-
-# Setup associations
-for lang in $(lingua_langs); do
- tx set -r $TX_RESOURCE -l $lang po/$lang.po
- pull_again="yes"
-done
-
-# Pull and get all translations
-if [ "$pull_again" = "yes" ]; then
- tx pull
-fi
diff --git a/common/Makefile.am b/common/Makefile.am
deleted file mode 100644
index b053ec0..0000000
--- a/common/Makefile.am
+++ /dev/null
@@ -1,111 +0,0 @@
-
-inc_HEADERS += \
- common/pkcs11.h \
- common/pkcs11x.h \
- $(NULL)
-
-noinst_LTLIBRARIES += \
- libp11-common.la \
- libp11-library.la \
- libp11-test.la \
- libp11-tool.la \
- $(NULL)
-
-libp11_common_la_SOURCES = \
- common/argv.c common/argv.h \
- common/attrs.c common/attrs.h \
- common/array.c common/array.h \
- common/buffer.c common/buffer.h \
- common/compat.c common/compat.h \
- common/constants.c common/constants.h \
- common/debug.c common/debug.h \
- common/dict.c common/dict.h \
- common/hash.c common/hash.h \
- common/lexer.c common/lexer.h \
- common/message.c common/message.h \
- common/path.c common/path.h \
- common/pkcs11.h common/pkcs11x.h common/pkcs11i.h \
- common/url.c common/url.h \
- $(NULL)
-
-libp11_library_la_SOURCES = \
- common/library.c common/library.h \
- $(NULL)
-
-libp11_test_la_SOURCES = \
- common/mock.c common/mock.h \
- common/test.c common/test.h \
- $(NULL)
-
-libp11_tool_la_SOURCES = \
- common/tool.c common/tool.h \
- $(NULL)
-
-# Tests ----------------------------------------------------------------
-
-common_LIBS = \
- libp11-test.la \
- libp11-common.la \
- $(NULL)
-
-CHECK_PROGS += \
- test-tests \
- test-compat \
- test-hash \
- test-dict \
- test-array \
- test-constants \
- test-attrs \
- test-buffer \
- test-url \
- test-path \
- test-lexer \
- test-message \
- $(NULL)
-
-test_array_SOURCES = common/test-array.c
-test_array_LDADD = $(common_LIBS)
-
-test_attrs_SOURCES = common/test-attrs.c
-test_attrs_LDADD = $(common_LIBS)
-
-test_buffer_SOURCES = common/test-buffer.c
-test_buffer_LDADD = $(common_LIBS)
-
-test_compat_SOURCES = common/test-compat.c
-test_compat_LDADD = $(common_LIBS)
-
-test_constants_SOURCES = common/test-constants.c
-test_constants_LDADD = $(common_LIBS)
-
-test_dict_SOURCES = common/test-dict.c
-test_dict_LDADD = $(common_LIBS)
-
-test_hash_SOURCES = common/test-hash.c
-test_hash_LDADD = $(common_LIBS)
-
-test_lexer_SOURCES = common/test-lexer.c
-test_lexer_LDADD = $(common_LIBS)
-
-test_message_SOURCES = common/test-message.c
-test_message_LDADD = $(common_LIBS)
-
-test_path_SOURCES = common/test-path.c
-test_path_LDADD = $(common_LIBS)
-
-test_tests_SOURCES = common/test-tests.c
-test_tests_LDADD = $(common_LIBS)
-
-test_url_SOURCES = common/test-url.c
-test_url_LDADD = $(common_LIBS)
-
-noinst_PROGRAMS += \
- frob-getauxval \
- frob-getenv \
- $(NULL)
-
-frob_getauxval_SOURCES = common/frob-getauxval.c
-frob_getauxval_LDADD = $(common_LIBS)
-
-frob_getenv_SOURCES = common/frob-getenv.c
-frob_getenv_LDADD = $(common_LIBS)
diff --git a/common/argv.c b/common/argv.c
deleted file mode 100644
index 6d91bfa..0000000
--- a/common/argv.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "argv.h"
-#include "debug.h"
-
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-
-bool
-p11_argv_parse (const char *string,
- void (*sink) (char *, void *),
- void *argument)
-{
- char quote = '\0';
- char *src, *dup, *at, *arg;
- bool ret = true;
-
- return_val_if_fail (string != NULL, false);
- return_val_if_fail (sink != NULL, false);
-
- src = dup = strdup (string);
- return_val_if_fail (dup != NULL, false);
-
- arg = at = src;
- for (src = dup; *src; src++) {
-
- /* Matching quote */
- if (quote == *src) {
- quote = '\0';
-
- /* Inside of quotes */
- } else if (quote != '\0') {
- if (*src == '\\') {
- *at++ = *src++;
- if (!*src) {
- ret = false;
- goto done;
- }
- if (*src != quote)
- *at++ = '\\';
- }
- *at++ = *src;
-
- /* Space, not inside of quotes */
- } else if (isspace (*src)) {
- *at = 0;
- sink (arg, argument);
- arg = at;
-
- /* Other character outside of quotes */
- } else {
- switch (*src) {
- case '\'':
- case '"':
- quote = *src;
- break;
- case '\\':
- *at++ = *src++;
- if (!*src) {
- ret = false;
- goto done;
- }
- /* fall through */
- default:
- *at++ = *src;
- break;
- }
- }
- }
-
-
- if (at != arg) {
- *at = 0;
- sink (arg, argument);
- }
-
-done:
- free (dup);
- return ret;
-}
diff --git a/common/argv.h b/common/argv.h
deleted file mode 100644
index 8f95490..0000000
--- a/common/argv.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_ARGV_H_
-#define P11_ARGV_H_
-
-#include "compat.h"
-
-bool p11_argv_parse (const char *string,
- void (*sink) (char *, void *),
- void *argument);
-
-#endif /* P11_ARGV_H_ */
diff --git a/common/array.c b/common/array.c
deleted file mode 100644
index 185ea2f..0000000
--- a/common/array.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- */
-
-#include "config.h"
-
-#include "array.h"
-#include "debug.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-static bool
-maybe_expand_array (p11_array *array,
- unsigned int length)
-{
- unsigned int new_allocated;
- void **new_memory;
-
- if (length <= array->allocated)
- return true;
-
-
- new_allocated = array->allocated * 2;
- if (new_allocated == 0)
- new_allocated = 16;
- if (new_allocated < length)
- new_allocated = length;
-
- new_memory = realloc (array->elem, new_allocated * sizeof (void*));
- return_val_if_fail (new_memory != NULL, false);
-
- array->elem = new_memory;
- array->allocated = new_allocated;
- return true;
-}
-
-p11_array *
-p11_array_new (p11_destroyer destroyer)
-{
- p11_array *array;
-
- array = calloc (1, sizeof (p11_array));
- if (array == NULL)
- return NULL;
-
- if (!maybe_expand_array (array, 2)) {
- p11_array_free (array);
- return NULL;
- }
-
- array->destroyer = destroyer;
- return array;
-}
-
-void
-p11_array_free (p11_array *array)
-{
- if (array == NULL)
- return;
-
- p11_array_clear (array);
- free (array->elem);
- free (array);
-}
-
-bool
-p11_array_push (p11_array *array,
- void *value)
-{
- if (!maybe_expand_array (array, array->num + 1))
- return_val_if_reached (false);
-
- array->elem[array->num] = value;
- array->num++;
- return true;
-}
-
-void
-p11_array_remove (p11_array *array,
- unsigned int index)
-{
- if (array->destroyer)
- (array->destroyer) (array->elem[index]);
- memmove (array->elem + index, array->elem + index + 1,
- (array->num - (index + 1)) * sizeof (void*));
- array->num--;
-}
-
-void
-p11_array_clear (p11_array *array)
-{
- unsigned int i;
-
- if (array->destroyer) {
- for (i = 0; i < array->num; i++)
- (array->destroyer) (array->elem[i]);
- }
-
- array->num = 0;
-}
diff --git a/common/array.h b/common/array.h
deleted file mode 100644
index 94be29c..0000000
--- a/common/array.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Waler <stefw@collabora.co.uk>
- */
-
-#ifndef __P11_ARRAY_H__
-#define __P11_ARRAY_H__
-
-#include "compat.h"
-
-#ifndef P11_DESTROYER_DEFINED
-#define P11_DESTROYER_DEFINED
-
-typedef void (*p11_destroyer) (void *data);
-
-#endif
-
-typedef struct _p11_array {
- void **elem;
- unsigned int num;
-
- /* private */
- unsigned int allocated;
- p11_destroyer destroyer;
-} p11_array;
-
-p11_array * p11_array_new (p11_destroyer destroyer);
-
-void p11_array_free (p11_array *array);
-
-bool p11_array_push (p11_array *array,
- void *value);
-
-void p11_array_remove (p11_array *array,
- unsigned int index);
-
-void p11_array_clear (p11_array *array);
-
-#endif /* __P11_ARRAY_H__ */
diff --git a/common/attrs.c b/common/attrs.c
deleted file mode 100644
index 5a138a8..0000000
--- a/common/attrs.c
+++ /dev/null
@@ -1,903 +0,0 @@
-/*
- * Copyright (C) 2012, Redhat Inc.
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "attrs.h"
-#include "buffer.h"
-#include "compat.h"
-#include "constants.h"
-#include "debug.h"
-#include "hash.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-#include "pkcs11x.h"
-
-#include <assert.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
-
-bool
-p11_attrs_terminator (const CK_ATTRIBUTE *attrs)
-{
- return (attrs == NULL || attrs->type == CKA_INVALID);
-}
-
-CK_ULONG
-p11_attrs_count (const CK_ATTRIBUTE *attrs)
-{
- CK_ULONG count;
-
- if (attrs == NULL)
- return 0UL;
-
- for (count = 0; !p11_attrs_terminator (attrs); count++, attrs++);
-
- return count;
-}
-
-void
-p11_attrs_free (void *attrs)
-{
- CK_ATTRIBUTE *ats = attrs;
- int i;
-
- if (!attrs)
- return;
-
- for (i = 0; !p11_attrs_terminator (ats + i); i++)
- free (ats[i].pValue);
- free (ats);
-}
-
-static CK_ATTRIBUTE *
-attrs_build (CK_ATTRIBUTE *attrs,
- CK_ULONG count_to_add,
- bool take_values,
- bool override,
- CK_ATTRIBUTE * (*generator) (void *),
- void *state)
-{
- CK_ATTRIBUTE *attr;
- CK_ATTRIBUTE *add;
- CK_ULONG current;
- CK_ULONG at;
- CK_ULONG j;
- CK_ULONG i;
-
- /* How many attributes we already have */
- current = p11_attrs_count (attrs);
-
- /* Reallocate for how many we need */
- attrs = realloc (attrs, (current + count_to_add + 1) * sizeof (CK_ATTRIBUTE));
- return_val_if_fail (attrs != NULL, NULL);
-
- at = current;
- for (i = 0; i < count_to_add; i++) {
- add = (generator) (state);
-
- /* Skip with invalid type */
- if (!add || add->type == CKA_INVALID)
- continue;
-
- attr = NULL;
-
- /* Do we have this attribute? */
- for (j = 0; attr == NULL && j < current; j++) {
- if (attrs[j].type == add->type) {
- attr = attrs + j;
- break;
- }
- }
-
- /* The attribute doesn't exist */
- if (attr == NULL) {
- attr = attrs + at;
- at++;
-
- /* The attribute exists and we're not overriding */
- } else if (!override) {
- if (take_values)
- free (add->pValue);
- continue;
-
- /* The attribute exitss, and we're overriding */
- } else {
- free (attr->pValue);
- }
-
- memcpy (attr, add, sizeof (CK_ATTRIBUTE));
- if (!take_values && attr->pValue != NULL) {
- if (attr->ulValueLen == 0)
- attr->pValue = malloc (1);
- else
- attr->pValue = memdup (attr->pValue, attr->ulValueLen);
- return_val_if_fail (attr->pValue != NULL, NULL);
- }
- }
-
- /* Mark this as the end */
- (attrs + at)->type = CKA_INVALID;
- assert (p11_attrs_terminator (attrs + at));
- return attrs;
-}
-
-static CK_ATTRIBUTE *
-vararg_generator (void *state)
-{
- va_list *va = state;
- return va_arg (*va, CK_ATTRIBUTE *);
-}
-
-CK_ATTRIBUTE *
-p11_attrs_build (CK_ATTRIBUTE *attrs,
- ...)
-{
- CK_ULONG count;
- va_list va;
-
- count = 0UL;
- va_start (va, attrs);
- while (va_arg (va, CK_ATTRIBUTE *))
- count++;
- va_end (va);
-
- va_start (va, attrs);
- attrs = attrs_build (attrs, count, false, true,
- vararg_generator, &va);
- va_end (va);
-
- return attrs;
-}
-
-static CK_ATTRIBUTE *
-template_generator (void *state)
-{
- CK_ATTRIBUTE **template = state;
- return (*template)++;
-}
-
-CK_ATTRIBUTE *
-p11_attrs_buildn (CK_ATTRIBUTE *attrs,
- const CK_ATTRIBUTE *add,
- CK_ULONG count)
-{
- return attrs_build (attrs, count, false, true,
- template_generator, &add);
-}
-
-CK_ATTRIBUTE *
-p11_attrs_take (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR value,
- CK_ULONG length)
-{
- CK_ATTRIBUTE attr = { type, value, length };
- CK_ATTRIBUTE *add = &attr;
- return attrs_build (attrs, 1, true, true,
- template_generator, &add);
-}
-
-CK_ATTRIBUTE *
-p11_attrs_merge (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- bool replace)
-{
- CK_ATTRIBUTE *ptr;
- CK_ULONG count;
-
- if (attrs == NULL)
- return merge;
-
- ptr = merge;
- count = p11_attrs_count (merge);
-
- attrs = attrs_build (attrs, count, true, replace,
- template_generator, &ptr);
-
- /*
- * Since we're supposed to own the merge attributes,
- * free the container array.
- */
- free (merge);
-
- return attrs;
-}
-
-CK_ATTRIBUTE *
-p11_attrs_dup (const CK_ATTRIBUTE *attrs)
-{
- CK_ULONG count;
-
- count = p11_attrs_count (attrs);
- return p11_attrs_buildn (NULL, attrs, count);
-}
-
-CK_ATTRIBUTE *
-p11_attrs_find (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type)
-{
- CK_ULONG i;
-
- for (i = 0; !p11_attrs_terminator (attrs + i); i++) {
- if (attrs[i].type == type)
- return attrs + i;
- }
-
- return NULL;
-}
-
-CK_ATTRIBUTE *
-p11_attrs_findn (CK_ATTRIBUTE *attrs,
- CK_ULONG count,
- CK_ATTRIBUTE_TYPE type)
-{
- CK_ULONG i;
-
- for (i = 0; i < count; i++) {
- if (attrs[i].type == type)
- return attrs + i;
- }
-
- return NULL;
-}
-
-bool
-p11_attrs_find_bool (const CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type,
- CK_BBOOL *value)
-{
- CK_ULONG i;
-
- for (i = 0; !p11_attrs_terminator (attrs + i); i++) {
- if (attrs[i].type == type &&
- attrs[i].ulValueLen == sizeof (CK_BBOOL) &&
- attrs[i].pValue != NULL) {
- *value = *((CK_BBOOL *)attrs[i].pValue);
- return true;
- }
- }
-
- return false;
-}
-
-bool
-p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs,
- CK_ULONG count,
- CK_ATTRIBUTE_TYPE type,
- CK_BBOOL *value)
-{
- CK_ULONG i;
-
- for (i = 0; i < count; i++) {
- if (attrs[i].type == type &&
- attrs[i].ulValueLen == sizeof (CK_BBOOL) &&
- attrs[i].pValue != NULL) {
- *value = *((CK_BBOOL *)attrs[i].pValue);
- return true;
- }
- }
-
- return false;
-}
-
-bool
-p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type,
- CK_ULONG *value)
-{
- CK_ULONG i;
-
- for (i = 0; !p11_attrs_terminator (attrs + i); i++) {
- if (attrs[i].type == type &&
- attrs[i].ulValueLen == sizeof (CK_ULONG) &&
- attrs[i].pValue != NULL) {
- *value = *((CK_ULONG *)attrs[i].pValue);
- return true;
- }
- }
-
- return false;
-}
-
-bool
-p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs,
- CK_ULONG count,
- CK_ATTRIBUTE_TYPE type,
- CK_ULONG *value)
-{
- CK_ULONG i;
-
- for (i = 0; i < count; i++) {
- if (attrs[i].type == type &&
- attrs[i].ulValueLen == sizeof (CK_ULONG) &&
- attrs[i].pValue != NULL) {
- *value = *((CK_ULONG *)attrs[i].pValue);
- return true;
- }
- }
-
- return false;
-}
-
-void *
-p11_attrs_find_value (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type,
- size_t *length)
-{
- CK_ULONG i;
-
- for (i = 0; !p11_attrs_terminator (attrs + i); i++) {
- if (attrs[i].type == type &&
- attrs[i].ulValueLen != 0 &&
- attrs[i].ulValueLen != (CK_ULONG)-1 &&
- attrs[i].pValue != NULL) {
- if (length)
- *length = attrs[i].ulValueLen;
- return attrs[i].pValue;
- }
- }
-
- return NULL;
-}
-
-CK_ATTRIBUTE *
-p11_attrs_find_valid (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type)
-{
- CK_ULONG i;
-
- for (i = 0; !p11_attrs_terminator (attrs + i); i++) {
- if (attrs[i].type == type &&
- attrs[i].pValue != NULL &&
- attrs[i].ulValueLen != 0 &&
- attrs[i].ulValueLen != (CK_ULONG)-1)
- return attrs + i;
- }
-
- return NULL;
-}
-
-bool
-p11_attrs_remove (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type)
-{
- CK_ULONG count;
- CK_ULONG i;
-
- count = p11_attrs_count (attrs);
- for (i = 0; i < count; i++) {
- if (attrs[i].type == type)
- break;
- }
-
- if (i == count)
- return false;
-
- if (attrs[i].pValue)
- free (attrs[i].pValue);
-
- memmove (attrs + i, attrs + i + 1, (count - (i + 1)) * sizeof (CK_ATTRIBUTE));
- attrs[count - 1].type = CKA_INVALID;
- return true;
-}
-
-void
-p11_attrs_purge (CK_ATTRIBUTE *attrs)
-{
- int in, out;
-
- for (in = 0, out = 0; !p11_attrs_terminator (attrs + in); in++) {
- if (attrs[in].ulValueLen == (CK_ULONG)-1) {
- free (attrs[in].pValue);
- attrs[in].pValue = NULL;
- attrs[in].ulValueLen = 0;
- } else {
- if (in != out)
- memcpy (attrs + out, attrs + in, sizeof (CK_ATTRIBUTE));
- out++;
- }
- }
-
- attrs[out].type = CKA_INVALID;
- assert (p11_attrs_terminator (attrs + out));
-
-}
-
-bool
-p11_attrs_match (const CK_ATTRIBUTE *attrs,
- const CK_ATTRIBUTE *match)
-{
- CK_ATTRIBUTE *attr;
-
- for (; !p11_attrs_terminator (match); match++) {
- attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match->type);
- if (!attr)
- return false;
- if (!p11_attr_equal (attr, match))
- return false;
- }
-
- return true;
-}
-
-bool
-p11_attrs_matchn (const CK_ATTRIBUTE *attrs,
- const CK_ATTRIBUTE *match,
- CK_ULONG count)
-{
- CK_ATTRIBUTE *attr;
- CK_ULONG i;
-
- for (i = 0; i < count; i++) {
- attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match[i].type);
- if (!attr)
- return false;
- if (!p11_attr_equal (attr, match + i))
- return false;
- }
-
- return true;
-
-}
-
-
-bool
-p11_attr_match_value (const CK_ATTRIBUTE *attr,
- const void *value,
- ssize_t length)
-{
- if (length < 0)
- length = strlen (value);
- return (attr != NULL &&
- attr->ulValueLen == length &&
- (attr->pValue == value ||
- (attr->pValue && value &&
- memcmp (attr->pValue, value, attr->ulValueLen) == 0)));
-}
-
-bool
-p11_attr_equal (const void *v1,
- const void *v2)
-{
- const CK_ATTRIBUTE *one = v1;
- const CK_ATTRIBUTE *two = v2;
-
- return (one == two ||
- (one && two && one->type == two->type &&
- p11_attr_match_value (one, two->pValue, two->ulValueLen)));
-}
-
-unsigned int
-p11_attr_hash (const void *data)
-{
- const CK_ATTRIBUTE *attr = data;
- uint32_t hash = 0;
-
- if (attr != NULL) {
- p11_hash_murmur3 (&hash,
- &attr->type, sizeof (attr->type),
- attr->pValue, (size_t)attr->ulValueLen,
- NULL);
- }
-
- return hash;
-}
-
-static void
-buffer_append_printf (p11_buffer *buffer,
- const char *format,
- ...) GNUC_PRINTF(2, 3);
-
-static void
-buffer_append_printf (p11_buffer *buffer,
- const char *format,
- ...)
-{
- char *string;
- va_list va;
-
- va_start (va, format);
- if (vasprintf (&string, format, va) < 0)
- return_if_reached ();
- va_end (va);
-
- p11_buffer_add (buffer, string, -1);
- free (string);
-}
-
-static bool
-attribute_is_ulong_of_type (const CK_ATTRIBUTE *attr,
- CK_ULONG type)
-{
- if (attr->type != type)
- return false;
- if (attr->ulValueLen != sizeof (CK_ULONG))
- return false;
- if (!attr->pValue)
- return false;
- return true;
-}
-
-static bool
-attribute_is_trust_value (const CK_ATTRIBUTE *attr)
-{
- switch (attr->type) {
- case CKA_TRUST_DIGITAL_SIGNATURE:
- case CKA_TRUST_NON_REPUDIATION:
- case CKA_TRUST_KEY_ENCIPHERMENT:
- case CKA_TRUST_DATA_ENCIPHERMENT:
- case CKA_TRUST_KEY_AGREEMENT:
- case CKA_TRUST_KEY_CERT_SIGN:
- case CKA_TRUST_CRL_SIGN:
- case CKA_TRUST_SERVER_AUTH:
- case CKA_TRUST_CLIENT_AUTH:
- case CKA_TRUST_CODE_SIGNING:
- case CKA_TRUST_EMAIL_PROTECTION:
- case CKA_TRUST_IPSEC_END_SYSTEM:
- case CKA_TRUST_IPSEC_TUNNEL:
- case CKA_TRUST_IPSEC_USER:
- case CKA_TRUST_TIME_STAMPING:
- break;
- default:
- return false;
- }
-
- return attribute_is_ulong_of_type (attr, attr->type);
-}
-
-static bool
-attribute_is_sensitive (const CK_ATTRIBUTE *attr,
- CK_OBJECT_CLASS klass)
-{
- /*
- * Don't print any just attribute, since they may contain
- * sensitive data
- */
-
- switch (attr->type) {
- #define X(x) case x: return false;
- X (CKA_CLASS)
- X (CKA_TOKEN)
- X (CKA_PRIVATE)
- X (CKA_LABEL)
- X (CKA_APPLICATION)
- X (CKA_OBJECT_ID)
- X (CKA_CERTIFICATE_TYPE)
- X (CKA_ISSUER)
- X (CKA_SERIAL_NUMBER)
- X (CKA_AC_ISSUER)
- X (CKA_OWNER)
- X (CKA_ATTR_TYPES)
- X (CKA_TRUSTED)
- X (CKA_CERTIFICATE_CATEGORY)
- X (CKA_JAVA_MIDP_SECURITY_DOMAIN)
- X (CKA_URL)
- X (CKA_HASH_OF_SUBJECT_PUBLIC_KEY)
- X (CKA_HASH_OF_ISSUER_PUBLIC_KEY)
- X (CKA_CHECK_VALUE)
- X (CKA_KEY_TYPE)
- X (CKA_SUBJECT)
- X (CKA_ID)
- X (CKA_SENSITIVE)
- X (CKA_ENCRYPT)
- X (CKA_DECRYPT)
- X (CKA_WRAP)
- X (CKA_UNWRAP)
- X (CKA_SIGN)
- X (CKA_SIGN_RECOVER)
- X (CKA_VERIFY)
- X (CKA_VERIFY_RECOVER)
- X (CKA_DERIVE)
- X (CKA_START_DATE)
- X (CKA_END_DATE)
- X (CKA_MODULUS_BITS)
- X (CKA_PRIME_BITS)
- /* X (CKA_SUBPRIME_BITS) */
- /* X (CKA_SUB_PRIME_BITS) */
- X (CKA_VALUE_BITS)
- X (CKA_VALUE_LEN)
- X (CKA_EXTRACTABLE)
- X (CKA_LOCAL)
- X (CKA_NEVER_EXTRACTABLE)
- X (CKA_ALWAYS_SENSITIVE)
- X (CKA_KEY_GEN_MECHANISM)
- X (CKA_MODIFIABLE)
- X (CKA_SECONDARY_AUTH)
- X (CKA_AUTH_PIN_FLAGS)
- X (CKA_ALWAYS_AUTHENTICATE)
- X (CKA_WRAP_WITH_TRUSTED)
- X (CKA_WRAP_TEMPLATE)
- X (CKA_UNWRAP_TEMPLATE)
- X (CKA_HW_FEATURE_TYPE)
- X (CKA_RESET_ON_INIT)
- X (CKA_HAS_RESET)
- X (CKA_PIXEL_X)
- X (CKA_PIXEL_Y)
- X (CKA_RESOLUTION)
- X (CKA_CHAR_ROWS)
- X (CKA_CHAR_COLUMNS)
- X (CKA_COLOR)
- X (CKA_BITS_PER_PIXEL)
- X (CKA_CHAR_SETS)
- X (CKA_ENCODING_METHODS)
- X (CKA_MIME_TYPES)
- X (CKA_MECHANISM_TYPE)
- X (CKA_REQUIRED_CMS_ATTRIBUTES)
- X (CKA_DEFAULT_CMS_ATTRIBUTES)
- X (CKA_SUPPORTED_CMS_ATTRIBUTES)
- X (CKA_ALLOWED_MECHANISMS)
- X (CKA_X_ASSERTION_TYPE)
- X (CKA_X_CERTIFICATE_VALUE)
- X (CKA_X_PURPOSE)
- X (CKA_X_PEER)
- X (CKA_X_DISTRUSTED)
- X (CKA_X_CRITICAL)
- X (CKA_PUBLIC_KEY_INFO)
- X (CKA_NSS_URL)
- X (CKA_NSS_EMAIL)
- X (CKA_NSS_SMIME_INFO)
- X (CKA_NSS_SMIME_TIMESTAMP)
- X (CKA_NSS_PKCS8_SALT)
- X (CKA_NSS_PASSWORD_CHECK)
- X (CKA_NSS_EXPIRES)
- X (CKA_NSS_KRL)
- X (CKA_NSS_PQG_COUNTER)
- X (CKA_NSS_PQG_SEED)
- X (CKA_NSS_PQG_H)
- X (CKA_NSS_PQG_SEED_BITS)
- X (CKA_NSS_MODULE_SPEC)
- X (CKA_TRUST_DIGITAL_SIGNATURE)
- X (CKA_TRUST_NON_REPUDIATION)
- X (CKA_TRUST_KEY_ENCIPHERMENT)
- X (CKA_TRUST_DATA_ENCIPHERMENT)
- X (CKA_TRUST_KEY_AGREEMENT)
- X (CKA_TRUST_KEY_CERT_SIGN)
- X (CKA_TRUST_CRL_SIGN)
- X (CKA_TRUST_SERVER_AUTH)
- X (CKA_TRUST_CLIENT_AUTH)
- X (CKA_TRUST_CODE_SIGNING)
- X (CKA_TRUST_EMAIL_PROTECTION)
- X (CKA_TRUST_IPSEC_END_SYSTEM)
- X (CKA_TRUST_IPSEC_TUNNEL)
- X (CKA_TRUST_IPSEC_USER)
- X (CKA_TRUST_TIME_STAMPING)
- X (CKA_TRUST_STEP_UP_APPROVED)
- X (CKA_CERT_SHA1_HASH)
- X (CKA_CERT_MD5_HASH)
- case CKA_VALUE:
- return (klass != CKO_CERTIFICATE &&
- klass != CKO_X_CERTIFICATE_EXTENSION);
- #undef X
- }
-
- return true;
-}
-
-static void
-format_class (p11_buffer *buffer,
- CK_OBJECT_CLASS klass)
-{
- const char *string = p11_constant_name (p11_constant_classes, klass);
- if (string != NULL)
- p11_buffer_add (buffer, string, -1);
- else
- buffer_append_printf (buffer, "0x%08lX", klass);
-}
-
-static void
-format_assertion_type (p11_buffer *buffer,
- CK_X_ASSERTION_TYPE type)
-{
- const char *string = p11_constant_name (p11_constant_asserts, type);
- if (string != NULL)
- p11_buffer_add (buffer, string, -1);
- else
- buffer_append_printf (buffer, "0x%08lX", type);
-}
-
-static void
-format_key_type (p11_buffer *buffer,
- CK_KEY_TYPE type)
-{
- const char *string = p11_constant_name (p11_constant_keys, type);
- if (string != NULL)
- p11_buffer_add (buffer, string, -1);
- else
- buffer_append_printf (buffer, "0x%08lX", type);
-}
-
-static void
-format_certificate_type (p11_buffer *buffer,
- CK_CERTIFICATE_TYPE type)
-{
- const char *string = p11_constant_name (p11_constant_certs, type);
- if (string != NULL)
- p11_buffer_add (buffer, string, -1);
- else
- buffer_append_printf (buffer, "0x%08lX", type);
-}
-
-static void
-format_trust_value (p11_buffer *buffer,
- CK_TRUST trust)
-{
- const char *string = p11_constant_name (p11_constant_trusts, trust);
- if (string != NULL)
- p11_buffer_add (buffer, string, -1);
- else
- buffer_append_printf (buffer, "0x%08lX", trust);
-}
-
-static void
-format_certificate_category (p11_buffer *buffer,
- CK_ULONG category)
-{
- const char *string = p11_constant_name (p11_constant_categories, category);
- if (string != NULL)
- buffer_append_printf (buffer, "%lu (%s)", category, string);
- else
- buffer_append_printf (buffer, "%lu", category);
-}
-
-static void
-format_attribute_type (p11_buffer *buffer,
- CK_ULONG type)
-{
- const char *string = p11_constant_name (p11_constant_types, type);
- if (string != NULL)
- p11_buffer_add (buffer, string, -1);
- else
- buffer_append_printf (buffer, "CKA_0x%08lX", type);
-}
-
-static void
-format_some_bytes (p11_buffer *buffer,
- void *bytes,
- CK_ULONG length)
-{
- unsigned char ch;
- const unsigned char *data = bytes;
- CK_ULONG i;
-
- if (bytes == NULL) {
- p11_buffer_add (buffer, "NULL", -1);
- return;
- }
-
- p11_buffer_add (buffer, "\"", 1);
- for (i = 0; i < length && i < 128; i++) {
- ch = data[i];
- if (ch == '\t')
- p11_buffer_add (buffer, "\\t", -1);
- else if (ch == '\n')
- p11_buffer_add (buffer, "\\n", -1);
- else if (ch == '\r')
- p11_buffer_add (buffer, "\\r", -1);
- else if (ch >= 32 && ch < 127)
- p11_buffer_add (buffer, &ch, 1);
- else
- buffer_append_printf (buffer, "\\x%02x", ch);
- }
-
- if (i < length)
- buffer_append_printf (buffer, "...");
- p11_buffer_add (buffer, "\"", 1);
-}
-
-void
-p11_attr_format (p11_buffer *buffer,
- const CK_ATTRIBUTE *attr,
- CK_OBJECT_CLASS klass)
-{
- p11_buffer_add (buffer, "{ ", -1);
- format_attribute_type (buffer, attr->type);
- p11_buffer_add (buffer, " = ", -1);
- if (attr->ulValueLen == CKA_INVALID) {
- buffer_append_printf (buffer, "(-1) INVALID");
- } else if (attribute_is_ulong_of_type (attr, CKA_CLASS)) {
- format_class (buffer, *((CK_OBJECT_CLASS *)attr->pValue));
- } else if (attribute_is_ulong_of_type (attr, CKA_X_ASSERTION_TYPE)) {
- format_assertion_type (buffer, *((CK_X_ASSERTION_TYPE *)attr->pValue));
- } else if (attribute_is_ulong_of_type (attr, CKA_CERTIFICATE_TYPE)) {
- format_certificate_type (buffer, *((CK_CERTIFICATE_TYPE *)attr->pValue));
- } else if (attribute_is_ulong_of_type (attr, CKA_CERTIFICATE_CATEGORY)) {
- format_certificate_category (buffer, *((CK_ULONG *)attr->pValue));
- } else if (attribute_is_ulong_of_type (attr, CKA_KEY_TYPE)) {
- format_key_type (buffer, *((CK_KEY_TYPE *)attr->pValue));
- } else if (attribute_is_trust_value (attr)) {
- format_trust_value (buffer, *((CK_TRUST *)attr->pValue));
- } else if (attribute_is_sensitive (attr, klass)) {
- buffer_append_printf (buffer, "(%lu) NOT-PRINTED", attr->ulValueLen);
- } else {
- buffer_append_printf (buffer, "(%lu) ", attr->ulValueLen);
- format_some_bytes (buffer, attr->pValue, attr->ulValueLen);
- }
- p11_buffer_add (buffer, " }", -1);
-}
-
-void
-p11_attrs_format (p11_buffer *buffer,
- const CK_ATTRIBUTE *attrs,
- int count)
-{
- CK_BBOOL first = CK_TRUE;
- CK_OBJECT_CLASS klass;
- int i;
-
- if (count < 0)
- count = p11_attrs_count (attrs);
-
- if (!p11_attrs_findn_ulong (attrs, CKA_CLASS, count, &klass))
- klass = CKA_INVALID;
-
- buffer_append_printf (buffer, "(%d) [", count);
- for (i = 0; i < count; i++) {
- if (first)
- p11_buffer_add (buffer, " ", 1);
- else
- p11_buffer_add (buffer, ", ", 2);
- first = CK_FALSE;
- p11_attr_format (buffer, attrs + i, klass);
- }
- p11_buffer_add (buffer, " ]", -1);
-}
-
-char *
-p11_attrs_to_string (const CK_ATTRIBUTE *attrs,
- int count)
-{
- p11_buffer buffer;
- if (!p11_buffer_init_null (&buffer, 128))
- return_val_if_reached (NULL);
- p11_attrs_format (&buffer, attrs, count);
- return p11_buffer_steal (&buffer, NULL);
-}
-
-char *
-p11_attr_to_string (const CK_ATTRIBUTE *attr,
- CK_OBJECT_CLASS klass)
-{
- p11_buffer buffer;
- if (!p11_buffer_init_null (&buffer, 32))
- return_val_if_reached (NULL);
- p11_attr_format (&buffer, attr, klass);
- return p11_buffer_steal (&buffer, NULL);
-}
diff --git a/common/attrs.h b/common/attrs.h
deleted file mode 100644
index 2780013..0000000
--- a/common/attrs.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (C) 2012, Redhat Inc.
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef P11_ATTRS_H_
-#define P11_ATTRS_H_
-
-#include "buffer.h"
-#include "compat.h"
-#include "pkcs11.h"
-
-#define CKA_INVALID ((CK_ULONG)-1)
-
-CK_ATTRIBUTE * p11_attrs_dup (const CK_ATTRIBUTE *attrs);
-
-CK_ATTRIBUTE * p11_attrs_build (CK_ATTRIBUTE *attrs,
- ...);
-
-CK_ATTRIBUTE * p11_attrs_buildn (CK_ATTRIBUTE *attrs,
- const CK_ATTRIBUTE *add,
- CK_ULONG count);
-
-CK_ATTRIBUTE * p11_attrs_take (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type,
- CK_VOID_PTR value,
- CK_ULONG length);
-
-CK_ATTRIBUTE * p11_attrs_merge (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- bool replace);
-
-void p11_attrs_purge (CK_ATTRIBUTE *attrs);
-
-bool p11_attrs_terminator (const CK_ATTRIBUTE *attrs);
-
-CK_ULONG p11_attrs_count (const CK_ATTRIBUTE *attrs);
-
-void p11_attrs_free (void *attrs);
-
-CK_ATTRIBUTE * p11_attrs_find (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type);
-
-CK_ATTRIBUTE * p11_attrs_findn (CK_ATTRIBUTE *attrs,
- CK_ULONG count,
- CK_ATTRIBUTE_TYPE type);
-
-bool p11_attrs_find_bool (const CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type,
- CK_BBOOL *value);
-
-bool p11_attrs_findn_bool (const CK_ATTRIBUTE *attrs,
- CK_ULONG count,
- CK_ATTRIBUTE_TYPE type,
- CK_BBOOL *value);
-
-bool p11_attrs_find_ulong (const CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type,
- CK_ULONG *value);
-
-bool p11_attrs_findn_ulong (const CK_ATTRIBUTE *attrs,
- CK_ULONG count,
- CK_ATTRIBUTE_TYPE type,
- CK_ULONG *value);
-
-void * p11_attrs_find_value (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type,
- size_t *length);
-
-CK_ATTRIBUTE * p11_attrs_find_valid (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type);
-
-bool p11_attrs_remove (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE_TYPE type);
-
-bool p11_attrs_match (const CK_ATTRIBUTE *attrs,
- const CK_ATTRIBUTE *match);
-
-bool p11_attrs_matchn (const CK_ATTRIBUTE *attrs,
- const CK_ATTRIBUTE *match,
- CK_ULONG count);
-
-char * p11_attrs_to_string (const CK_ATTRIBUTE *attrs,
- int count);
-
-void p11_attrs_format (p11_buffer *buffer,
- const CK_ATTRIBUTE *attrs,
- int count);
-
-char * p11_attr_to_string (const CK_ATTRIBUTE *attr,
- CK_OBJECT_CLASS klass);
-
-void p11_attr_format (p11_buffer *buffer,
- const CK_ATTRIBUTE *attr,
- CK_OBJECT_CLASS klass);
-
-bool p11_attr_equal (const void *one,
- const void *two);
-
-unsigned int p11_attr_hash (const void *data);
-
-bool p11_attr_match_value (const CK_ATTRIBUTE *attr,
- const void *value,
- ssize_t length);
-
-#endif /* P11_ATTRS_H_ */
diff --git a/common/buffer.c b/common/buffer.c
deleted file mode 100644
index f2e2cb8..0000000
--- a/common/buffer.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Copyright (C) 2007, 2012 Stefan Walter
- * Copyright (C) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-
-#include "buffer.h"
-#include "debug.h"
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdarg.h>
-
-static bool
-buffer_realloc (p11_buffer *buffer,
- size_t size)
-{
- void *data;
-
- /* Memory owned elsewhere can't be reallocated */
- return_val_if_fail (buffer->frealloc != NULL, false);
-
- /* Reallocate built in buffer using allocator */
- data = (buffer->frealloc) (buffer->data, size);
- if (!data && size > 0) {
- p11_buffer_fail (buffer);
- return_val_if_reached (false);
- }
-
- buffer->data = data;
- buffer->size = size;
- return true;
-}
-
-bool
-p11_buffer_init (p11_buffer *buffer,
- size_t reserve)
-{
- p11_buffer_init_full (buffer, NULL, 0, 0, realloc, free);
- return buffer_realloc (buffer, reserve);
-}
-
-bool
-p11_buffer_init_null (p11_buffer *buffer,
- size_t reserve)
-{
- p11_buffer_init_full (buffer, NULL, 0, P11_BUFFER_NULL, realloc, free);
- return buffer_realloc (buffer, reserve);
-}
-
-void
-p11_buffer_init_full (p11_buffer *buffer,
- void *data,
- size_t len,
- int flags,
- void * (* frealloc) (void *, size_t),
- void (* ffree) (void *))
-{
- memset (buffer, 0, sizeof (*buffer));
-
- buffer->data = data;
- buffer->len = len;
- buffer->size = len;
- buffer->flags = flags;
- buffer->frealloc = frealloc;
- buffer->ffree = ffree;
-
- return_if_fail (!(flags & P11_BUFFER_FAILED));
-}
-
-void
-p11_buffer_uninit (p11_buffer *buffer)
-{
- return_if_fail (buffer != NULL);
-
- if (buffer->ffree && buffer->data)
- (buffer->ffree) (buffer->data);
- memset (buffer, 0, sizeof (*buffer));
-}
-
-void *
-p11_buffer_steal (p11_buffer *buffer,
- size_t *length)
-{
- void *data;
-
- return_val_if_fail (p11_buffer_ok (buffer), NULL);
-
- if (length)
- *length = buffer->len;
- data = buffer->data;
-
- buffer->data = NULL;
- buffer->size = 0;
- buffer->len = 0;
- return data;
-}
-
-bool
-p11_buffer_reset (p11_buffer *buffer,
- size_t reserve)
-{
- buffer->flags &= ~P11_BUFFER_FAILED;
- buffer->len = 0;
-
- if (reserve < buffer->size)
- return true;
- return buffer_realloc (buffer, reserve);
-}
-
-void *
-p11_buffer_append (p11_buffer *buffer,
- size_t length)
-{
- unsigned char *data;
- size_t terminator;
- size_t newlen;
- size_t reserve;
-
- return_val_if_fail (p11_buffer_ok (buffer), NULL);
-
- terminator = (buffer->flags & P11_BUFFER_NULL) ? 1 : 0;
-
- /* Check for unlikely and unrecoverable integer overflow */
- return_val_if_fail (SIZE_MAX - (terminator + length) > buffer->len, NULL);
-
- reserve = terminator + length + buffer->len;
-
- if (reserve > buffer->size) {
-
- /* Calculate a new length, minimize number of buffer allocations */
- return_val_if_fail (buffer->size < SIZE_MAX / 2, NULL);
- newlen = buffer->size * 2;
- if (!newlen)
- newlen = 16;
- if (reserve > newlen)
- newlen = reserve;
-
- if (!buffer_realloc (buffer, newlen))
- return_val_if_reached (NULL);
- }
-
- data = buffer->data;
- data += buffer->len;
- buffer->len += length;
- if (terminator)
- data[length] = '\0';
- return data;
-}
-
-void
-p11_buffer_add (p11_buffer *buffer,
- const void *data,
- ssize_t length)
-{
- void *at;
-
- if (length < 0)
- length = strlen (data);
-
- at = p11_buffer_append (buffer, length);
- return_if_fail (at != NULL);
- memcpy (at, data, length);
-}
diff --git a/common/buffer.h b/common/buffer.h
deleted file mode 100644
index 6a61083..0000000
--- a/common/buffer.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Copyright (C) 2007, 2012 Stefan Walter
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#ifndef P11_BUFFER_H_
-#define P11_BUFFER_H_
-
-#include "compat.h"
-
-enum {
- P11_BUFFER_FAILED = 1 << 0,
- P11_BUFFER_NULL = 1 << 1,
-};
-
-typedef struct {
- void *data;
- size_t len;
-
- int flags;
- size_t size;
- void * (* frealloc) (void *, size_t);
- void (* ffree) (void *);
-} p11_buffer;
-
-bool p11_buffer_init (p11_buffer *buffer,
- size_t size);
-
-bool p11_buffer_init_null (p11_buffer *buffer,
- size_t size);
-
-void p11_buffer_init_full (p11_buffer *buffer,
- void *data,
- size_t len,
- int flags,
- void * (* frealloc) (void *, size_t),
- void (* ffree) (void *));
-
-void p11_buffer_uninit (p11_buffer *buffer);
-
-void * p11_buffer_steal (p11_buffer *buffer,
- size_t *length);
-
-bool p11_buffer_reset (p11_buffer *buffer,
- size_t size);
-
-void * p11_buffer_append (p11_buffer *buffer,
- size_t length);
-
-void p11_buffer_add (p11_buffer *buffer,
- const void *data,
- ssize_t length);
-
-#define p11_buffer_fail(buf) \
- ((buf)->flags |= P11_BUFFER_FAILED)
-
-#define p11_buffer_ok(buf) \
- (((buf)->flags & P11_BUFFER_FAILED) ? false : true)
-
-#define p11_buffer_failed(buf) \
- (((buf)->flags & P11_BUFFER_FAILED) ? true : false)
-
-#endif /* BUFFER_H */
diff --git a/common/compat.c b/common/compat.c
deleted file mode 100644
index de5b99b..0000000
--- a/common/compat.c
+++ /dev/null
@@ -1,924 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-/*
- * This is needed to expose pthread_mutexattr_settype and PTHREAD_MUTEX_DEFAULT
- * on older pthreads implementations
- */
-#define _XOPEN_SOURCE 700
-
-#include "compat.h"
-
-#include <assert.h>
-#include <dirent.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*-
- * Portions of this file are covered by the following copyright:
- *
- * Copyright (c) 2001 Mike Barcroft <mike@FreeBSD.org>
- * Copyright (c) 1990, 1993
- * Copyright (c) 1987, 1993
- * The Regents of the University of California. All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * Chris Torek.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the University nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef HAVE_GETPROGNAME
-
-#ifdef OS_UNIX
-
-#include <unistd.h>
-
-#if defined (HAVE_PROGRAM_INVOCATION_SHORT_NAME) && !HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME
-extern char *program_invocation_short_name;
-#endif
-
-#if defined (HAVE___PROGNAME) && !HAVE_DECL___PROGNAME
-extern char *__progname;
-#endif
-
-const char *
-getprogname (void)
-{
- const char *name;
-
-#if defined (HAVE_GETEXECNAME)
- const char *p;
- name = getexecname();
- p = strrchr (name ? name : "", '/');
- if (p != NULL)
- name = p + 1;
-#elif defined (HAVE_PROGRAM_INVOCATION_SHORT_NAME)
- name = program_invocation_short_name;
-#elif defined (HAVE___PROGNAME)
- name = __progname;
-#else
- #error No way to retrieve short program name
-#endif
-
- return name;
-}
-
-#else /* OS_WIN32 */
-
-extern char **__argv;
-static char prognamebuf[256];
-
-const char *
-getprogname (void)
-{
- const char *name;
- const char *p, *p2;
- size_t length;
-
- name = __argv[0];
- if (name == NULL)
- return NULL;
-
- p = strrchr (name, '\\');
- p2 = strrchr (name, '/');
- if (p2 > p)
- p = p2;
- if (p != NULL)
- name = p + 1;
-
- length = sizeof (prognamebuf) - 1;
- strncpy (prognamebuf, name, length);
- prognamebuf[length] = 0;
- length = strlen (prognamebuf);
- if (length > 4 && _stricmp (prognamebuf + (length - 4), ".exe") == 0)
- prognamebuf[length - 4] = '\0';
-
- return prognamebuf;
-}
-
-#endif /* OS_WIN32 */
-
-#endif /* HAVE_GETPROGNAME */
-
-#ifdef OS_UNIX
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <fcntl.h>
-#include <unistd.h>
-
-void
-p11_mutex_init (p11_mutex_t *mutex)
-{
- pthread_mutexattr_t attr;
- int ret;
-
- pthread_mutexattr_init (&attr);
- pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_DEFAULT);
- ret = pthread_mutex_init (mutex, &attr);
- assert (ret == 0);
- pthread_mutexattr_destroy (&attr);
-}
-
-char *
-p11_dl_error (void)
-{
- const char *msg = dlerror ();
- return msg ? strdup (msg) : NULL;
-}
-
-struct _p11_mmap {
- int fd;
- void *data;
- size_t size;
-};
-
-p11_mmap *
-p11_mmap_open (const char *path,
- struct stat *sb,
- void **data,
- size_t *size)
-{
- struct stat stb;
- p11_mmap *map;
-
- map = calloc (1, sizeof (p11_mmap));
- if (map == NULL)
- return NULL;
-
- map->fd = open (path, O_RDONLY | O_CLOEXEC);
- if (map->fd == -1) {
- free (map);
- return NULL;
- }
-
- if (sb == NULL) {
- sb = &stb;
- if (fstat (map->fd, &stb) < 0) {
- close (map->fd);
- free (map);
- return NULL;
- }
- }
-
- /* Workaround for broken ZFS on Linux */
- if (S_ISDIR (sb->st_mode)) {
- errno = EISDIR;
- close (map->fd);
- free (map);
- return NULL;
- }
-
- if (sb->st_size == 0) {
- *data = "";
- *size = 0;
- return map;
- }
-
- map->size = sb->st_size;
- map->data = mmap (NULL, map->size, PROT_READ, MAP_PRIVATE, map->fd, 0);
- if (map->data == MAP_FAILED) {
- close (map->fd);
- free (map);
- return NULL;
- }
-
- *data = map->data;
- *size = map->size;
- return map;
-}
-
-void
-p11_mmap_close (p11_mmap *map)
-{
- if (map->size)
- munmap (map->data, map->size);
- close (map->fd);
- free (map);
-}
-
-#endif /* OS_UNIX */
-
-#ifdef OS_WIN32
-
-char *
-p11_dl_error (void)
-{
- DWORD code = GetLastError();
- LPVOID msg_buf;
-
- FormatMessageA (FORMAT_MESSAGE_ALLOCATE_BUFFER |
- FORMAT_MESSAGE_FROM_SYSTEM |
- FORMAT_MESSAGE_IGNORE_INSERTS,
- NULL, code,
- MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT),
- (LPSTR)&msg_buf, 0, NULL);
-
- return msg_buf;
-}
-
-void
-p11_dl_close (void *dl)
-{
- FreeLibrary (dl);
-}
-
-int
-p11_thread_create (p11_thread_t *thread,
- p11_thread_routine routine,
- void *arg)
-{
- assert (thread);
-
- *thread = CreateThread (NULL, 0,
- (LPTHREAD_START_ROUTINE)routine,
- arg, 0, NULL);
-
- if (*thread == NULL)
- return GetLastError ();
-
- return 0;
-}
-
-int
-p11_thread_join (p11_thread_t thread)
-{
- DWORD res;
-
- res = WaitForSingleObject (thread, INFINITE);
- if (res == WAIT_FAILED)
- return GetLastError ();
-
- CloseHandle (thread);
- return 0;
-}
-
-struct _p11_mmap {
- HANDLE file;
- HANDLE mapping;
- void *data;
-};
-
-p11_mmap *
-p11_mmap_open (const char *path,
- struct stat *sb,
- void **data,
- size_t *size)
-{
- HANDLE mapping;
- LARGE_INTEGER large;
- DWORD errn;
- p11_mmap *map;
-
- map = calloc (1, sizeof (p11_mmap));
- if (map == NULL) {
- errno = ENOMEM;
- return NULL;
- }
-
- map->file = CreateFile (path, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_FLAG_RANDOM_ACCESS, NULL);
- if (map->file == INVALID_HANDLE_VALUE) {
- errn = GetLastError ();
- free (map);
- SetLastError (errn);
- if (errn == ERROR_PATH_NOT_FOUND || errn == ERROR_FILE_NOT_FOUND)
- errno = ENOENT;
- else if (errn == ERROR_ACCESS_DENIED)
- errno = EPERM;
- return NULL;
- }
-
- if (sb == NULL) {
- if (!GetFileSizeEx (map->file, &large)) {
- errn = GetLastError ();
- CloseHandle (map->file);
- free (map);
- SetLastError (errn);
- if (errn == ERROR_ACCESS_DENIED)
- errno = EPERM;
- return NULL;
- }
- } else {
- large.QuadPart = sb->st_size;
- }
-
- mapping = CreateFileMapping (map->file, NULL, PAGE_READONLY, 0, 0, NULL);
- if (!mapping) {
- errn = GetLastError ();
- CloseHandle (map->file);
- free (map);
- SetLastError (errn);
- if (errn == ERROR_ACCESS_DENIED)
- errno = EPERM;
- return NULL;
- }
-
- map->data = MapViewOfFile (mapping, FILE_MAP_READ, 0, 0, large.QuadPart);
- CloseHandle (mapping);
-
- if (map->data == NULL) {
- errn = GetLastError ();
- CloseHandle (map->file);
- free (map);
- SetLastError (errn);
- if (errn == ERROR_ACCESS_DENIED)
- errno = EPERM;
- return NULL;
- }
-
- *data = map->data;
- *size = large.QuadPart;
- return map;
-}
-
-void
-p11_mmap_close (p11_mmap *map)
-{
- UnmapViewOfFile (map->data);
- CloseHandle (map->file);
- free (map);
-}
-
-#endif /* OS_WIN32 */
-
-#ifndef HAVE_STRNSTR
-#include <string.h>
-
-/*
- * Find the first occurrence of find in s, where the search is limited to the
- * first slen characters of s.
- */
-char *
-strnstr (const char *s,
- const char *find,
- size_t slen)
-{
- char c, sc;
- size_t len;
-
- if ((c = *find++) != '\0') {
- len = strlen (find);
- do {
- do {
- if (slen-- < 1 || (sc = *s++) == '\0')
- return (NULL);
- } while (sc != c);
- if (len > slen)
- return (NULL);
- } while (strncmp(s, find, len) != 0);
- s--;
- }
- return ((char *)s);
-}
-
-#endif /* HAVE_STRNSTR */
-
-#ifndef HAVE_MEMDUP
-
-void *
-memdup (const void *data,
- size_t length)
-{
- void *dup;
-
- if (!data)
- return NULL;
-
- dup = malloc (length);
- if (dup != NULL)
- memcpy (dup, data, length);
-
- return dup;
-}
-
-#endif /* HAVE_MEMDUP */
-
-/*
- * WORKAROUND: So in lots of released builds of firefox a completely broken strndup()
- * is present. It does not NULL terminate its string output. It is unconditionally
- * defined, and overrides the libc strndup() function on platforms where it
- * exists as a function. For this reason we (for now) unconditionally define
- * strndup().
- */
-
-#if 1 /* #ifndef HAVE_STRNDUP */
-
-/*
- * HAVE_STRNDUP may be undefined if strndup() isn't working. So it may be
- * present, and yet strndup may still be a defined header macro.
- */
-#ifdef strndup
-#undef strndup
-#endif
-
-char *
-strndup (const char *data,
- size_t length);
-
-char *
-strndup (const char *data,
- size_t length)
-{
- char *ret;
-
- ret = malloc (length + 1);
- if (ret != NULL) {
- strncpy (ret, data, length);
- ret[length] = 0;
- }
-
- return ret;
-}
-
-#endif /* HAVE_STRNDUP */
-
-#ifndef HAVE_STRCONCAT
-
-#include <stdarg.h>
-
-char *
-strconcat (const char *first,
- ...)
-{
- size_t length = 0;
- const char *arg;
- char *result, *at;
- va_list va;
-
- va_start (va, first);
-
- for (arg = first; arg; arg = va_arg (va, const char*))
- length += strlen (arg);
-
- va_end (va);
-
- at = result = malloc (length + 1);
- if (result == NULL)
- return NULL;
-
- va_start (va, first);
-
- for (arg = first; arg; arg = va_arg (va, const char*)) {
- length = strlen (arg);
- memcpy (at, arg, length);
- at += length;
- }
-
- va_end (va);
-
- *at = 0;
- return result;
-}
-
-#endif /* HAVE_STRCONCAT */
-
-#ifndef HAVE_VASPRINTF
-#include <stdio.h>
-
-int vasprintf(char **strp, const char *fmt, va_list ap);
-
-int
-vasprintf (char **strp,
- const char *fmt,
- va_list ap)
-{
- char *buf = NULL;
- char *nbuf;
- int guess = 128;
- int length = 0;
- int ret;
-
- if (fmt == NULL) {
- errno = EINVAL;
- return -1;
- }
-
- for (;;) {
- nbuf = realloc (buf, guess);
- if (!nbuf) {
- free (buf);
- return -1;
- }
-
- buf = nbuf;
- length = guess;
-
- ret = vsnprintf (buf, length, fmt, ap);
-
- if (ret < 0)
- guess *= 2;
-
- else if (ret >= length)
- guess = ret + 1;
-
- else
- break;
- }
-
- *strp = buf;
- return ret;
-}
-
-#endif /* HAVE_VASPRINTF */
-
-#ifndef HAVE_ASPRINTF
-
-int asprintf(char **strp, const char *fmt, ...);
-
-int
-asprintf (char **strp,
- const char *fmt,
- ...)
-{
- va_list va;
- int ret;
-
- va_start (va, fmt);
- ret = vasprintf (strp, fmt, va);
- va_end (va);
-
- return ret;
-}
-
-#endif /* HAVE_ASPRINTF */
-
-#ifndef HAVE_GMTIME_R
-
-struct tm *
-gmtime_r (const time_t *timep,
- struct tm *result)
-{
-#ifdef OS_WIN32
- /*
- * On win32 gmtime() returns thread local storage, so we can
- * just copy it out into the buffer without worrying about races.
- */
- struct tm *tg;
- tg = gmtime (timep);
- if (!tg)
- return NULL;
- memcpy (result, tg, sizeof (struct tm));
- return result;
-#else
- #error Need either gmtime_r() function on Unix
-#endif
-}
-
-#endif /* HAVE_GMTIME_R */
-
-#if !defined(HAVE_MKDTEMP) || !defined(HAVE_MKSTEMP)
-#include <sys/stat.h>
-#include <fcntl.h>
-
-static int
-_gettemp (char *path,
- int *doopen,
- int domkdir,
- int slen)
-{
- static const char padchar[] =
- "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
- static const int maxpathlen = 1024;
-
- char *start, *trv, *suffp, *carryp;
- char *pad;
- struct stat sbuf;
- int rval;
- int rnd;
- char carrybuf[maxpathlen];
-
- if ((doopen != NULL && domkdir) || slen < 0) {
- errno = EINVAL;
- return (0);
- }
-
- for (trv = path; *trv != '\0'; ++trv)
- ;
- if (trv - path >= maxpathlen) {
- errno = ENAMETOOLONG;
- return (0);
- }
- trv -= slen;
- suffp = trv;
- --trv;
- if (trv < path || NULL != strchr (suffp, '/')) {
- errno = EINVAL;
- return (0);
- }
-
- /* Fill space with random characters */
- while (trv >= path && *trv == 'X') {
- rnd = rand () % sizeof (padchar) - 1;
- *trv-- = padchar[rnd];
- }
- start = trv + 1;
-
- /* save first combination of random characters */
- memcpy (carrybuf, start, suffp - start);
-
- /*
- * check the target directory.
- */
- if (doopen != NULL || domkdir) {
- for (; trv > path; --trv) {
- if (*trv == '/') {
- *trv = '\0';
- rval = stat(path, &sbuf);
- *trv = '/';
- if (rval != 0)
- return (0);
- if (!S_ISDIR(sbuf.st_mode)) {
- errno = ENOTDIR;
- return (0);
- }
- break;
- }
- }
- }
-
- for (;;) {
- if (doopen) {
- if ((*doopen = open (path, O_BINARY | O_CREAT | O_EXCL | O_RDWR | O_CLOEXEC, 0600)) >= 0)
- return (1);
- if (errno != EEXIST)
- return (0);
- } else if (domkdir) {
-#ifdef OS_UNIX
- if (mkdir (path, 0700) == 0)
-#else
- if (mkdir (path) == 0)
-#endif
- return (1);
- if (errno != EEXIST)
- return (0);
-#ifdef OS_UNIX
- } else if (lstat (path, &sbuf))
-#else
- } else if (stat (path, &sbuf))
-#endif
- return (errno == ENOENT);
-
- /* If we have a collision, cycle through the space of filenames */
- for (trv = start, carryp = carrybuf;;) {
- /* have we tried all possible permutations? */
- if (trv == suffp)
- return (0); /* yes - exit with EEXIST */
- pad = strchr(padchar, *trv);
- if (pad == NULL) {
- /* this should never happen */
- errno = EIO;
- return (0);
- }
- /* increment character */
- *trv = (*++pad == '\0') ? padchar[0] : *pad;
- /* carry to next position? */
- if (*trv == *carryp) {
- /* increment position and loop */
- ++trv;
- ++carryp;
- } else {
- /* try with new name */
- break;
- }
- }
- }
-
- /*NOTREACHED*/
-}
-
-#endif /* !HAVE_MKDTEMP || !HAVE_MKSTEMP */
-
-#ifndef HAVE_MKSTEMP
-
-int
-mkstemp (char *template)
-{
- int fd;
-
- return (_gettemp (template, &fd, 0, 0) ? fd : -1);
-}
-
-#endif /* HAVE_MKSTEMP */
-
-#ifndef HAVE_MKDTEMP
-
-char *
-mkdtemp (char *template)
-{
- return (_gettemp (template, (int *)NULL, 1, 0) ? template : (char *)NULL);
-}
-
-#endif /* HAVE_MKDTEMP */
-
-#ifndef HAVE_GETAUXVAL
-
-unsigned long
-getauxval (unsigned long type)
-{
- static unsigned long secure = 0UL;
- static bool check_secure_initialized = false;
-
- /*
- * This is the only one our stand-in impl supports and is
- * also the only type we define in compat.h header
- */
- assert (type == AT_SECURE);
-
- if (!check_secure_initialized) {
-#if defined(HAVE___LIBC_ENABLE_SECURE)
- extern int __libc_enable_secure;
- secure = __libc_enable_secure;
-
-#elif defined(HAVE_ISSETUGID)
- secure = issetugid ();
-
-#elif defined(OS_UNIX)
- uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
- gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
-
-#ifdef HAVE_GETRESUID
- if (getresuid (&ruid, &euid, &suid) != 0 ||
- getresgid (&rgid, &egid, &sgid) != 0)
-#endif /* HAVE_GETRESUID */
- {
- suid = ruid = getuid ();
- sgid = rgid = getgid ();
- euid = geteuid ();
- egid = getegid ();
- }
-
- secure = (ruid != euid || ruid != suid ||
- rgid != egid || rgid != sgid);
-#endif /* OS_UNIX */
- check_secure_initialized = true;
- }
-
- return secure;
-}
-
-#endif /* HAVE_GETAUXVAL */
-
-char *
-secure_getenv (const char *name)
-{
- if (getauxval (AT_SECURE))
- return NULL;
- return getenv (name);
-}
-
-#ifndef HAVE_STRERROR_R
-
-int
-strerror_r (int errnum,
- char *buf,
- size_t buflen)
-{
-#ifdef OS_WIN32
-#if _WIN32_WINNT < 0x502 /* WinXP or older */
- int n = sys_nerr;
- const char *p;
- if (errnum < 0 || errnum >= n)
- p = sys_errlist[n];
- else
- p = sys_errlist[errnum];
- if (buf == NULL || buflen == 0)
- return EINVAL;
- strncpy(buf, p, buflen);
- buf[buflen-1] = 0;
- return 0;
-#else /* Server 2003 or newer */
- return strerror_s (buf, buflen, errnum);
-#endif /*_WIN32_WINNT*/
-
-#else
- #error no strerror_r implementation
-#endif
-}
-
-#endif /* HAVE_STRERROR_R */
-
-#ifdef OS_UNIX
-
-#include <unistd.h>
-
-#ifndef HAVE_FDWALK
-
-#ifdef HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-
-int
-fdwalk (int (* cb) (void *data, int fd),
- void *data)
-{
- struct dirent *de;
- char *end;
- DIR *dir;
- int open_max;
- long num;
- int res = 0;
- int fd;
-
-#ifdef HAVE_SYS_RESOURCE_H
- struct rlimit rl;
-#endif
-
- dir = opendir ("/proc/self/fd");
- if (dir != NULL) {
- while ((de = readdir (dir)) != NULL) {
- end = NULL;
- num = (int) strtol (de->d_name, &end, 10);
-
- /* didn't parse or is the opendir() fd */
- if (!end || *end != '\0' ||
- (int)num == dirfd (dir))
- continue;
-
- fd = num;
-
- /* call the callback */
- res = cb (data, fd);
- if (res != 0)
- break;
- }
-
- closedir (dir);
- return res;
- }
-
- /* No /proc, brute force */
-#ifdef HAVE_SYS_RESOURCE_H
- if (getrlimit (RLIMIT_NOFILE, &rl) == 0 && rl.rlim_max != RLIM_INFINITY)
- open_max = rl.rlim_max;
- else
-#endif
- open_max = sysconf (_SC_OPEN_MAX);
-
- for (fd = 0; fd < open_max; fd++) {
- res = cb (data, fd);
- if (res != 0)
- break;
- }
-
- return res;
-}
-
-#endif /* HAVE_FDWALK */
-
-#endif /* OS_UNIX */
diff --git a/common/compat.h b/common/compat.h
deleted file mode 100644
index acbccf9..0000000
--- a/common/compat.h
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __COMPAT_H__
-#define __COMPAT_H__
-
-#include "config.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#ifdef _GNU_SOURCE
-#error Make the crap stop. _GNU_SOURCE is completely unportable and breaks all sorts of behavior
-#endif
-
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-#define GNUC_PRINTF(x, y) __attribute__((__format__(__printf__, x, y)))
-#else
-#define GNUC_PRINTF(x, y)
-#endif
-
-#if __GNUC__ >= 4
-#define GNUC_NULL_TERMINATED __attribute__((__sentinel__))
-#else
-#define GNUC_NULL_TERMINATED
-#endif
-
-/* For detecting clang features */
-#ifndef __has_feature
-#define __has_feature(x) 0
-#endif
-
-#ifndef CLANG_ANALYZER_NORETURN
-#if __has_feature(attribute_analyzer_noreturn)
-#define CLANG_ANALYZER_NORETURN __attribute__((analyzer_noreturn))
-#else
-#define CLANG_ANALYZER_NORETURN
-#endif
-#endif
-
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-#ifndef O_CLOEXEC
-#define O_CLOEXEC 0
-#endif
-
-#ifndef HAVE_GETPROGNAME
-const char * getprogname (void);
-#endif
-
-#ifndef HAVE_MKSTEMP
-
-int mkstemp (char *template);
-
-#endif /* HAVE_MKSTEMP */
-
-#ifndef HAVE_MKDTEMP
-
-char * mkdtemp (char *template);
-
-#endif /* HAVE_MKDTEMP */
-
-char * strdup_path_mangle (const char *template);
-
-/* -----------------------------------------------------------------------------
- * WIN32
- */
-
-#ifdef OS_WIN32
-
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x500
-#endif
-
-#ifndef _WIN32_IE
-#define _WIN32_IE 0x500
-#endif
-
-#define WIN32_LEAN_AND_MEAN 1
-#include <windows.h>
-
-#include <io.h>
-
-/* Oh ... my ... god */
-#undef CreateMutex
-
-typedef CRITICAL_SECTION p11_mutex_t;
-
-typedef HANDLE p11_thread_t;
-
-typedef DWORD p11_thread_id_t;
-
-#define p11_mutex_init(m) \
- (InitializeCriticalSection (m))
-#define p11_mutex_lock(m) \
- (EnterCriticalSection (m))
-#define p11_mutex_unlock(m) \
- (LeaveCriticalSection (m))
-#define p11_mutex_uninit(m) \
- (DeleteCriticalSection (m))
-
-typedef void * (*p11_thread_routine) (void *arg);
-
-int p11_thread_create (p11_thread_t *thread, p11_thread_routine, void *arg);
-
-int p11_thread_join (p11_thread_t thread);
-
-/* Returns a thread_id_t */
-#define p11_thread_id_self() \
- (GetCurrentThreadId ())
-
-typedef HMODULE dl_module_t;
-
-#define p11_dl_open(f) \
- (LoadLibrary (f))
-#define p11_dl_symbol(d, s) \
- ((void *)GetProcAddress ((d), (s)))
-
-char * p11_dl_error (void);
-
-void p11_dl_close (void * dl);
-
-#define p11_sleep_ms(ms) \
- (Sleep (ms))
-
-typedef struct _p11_mmap p11_mmap;
-
-p11_mmap * p11_mmap_open (const char *path,
- struct stat *sb,
- void **data,
- size_t *size);
-
-void p11_mmap_close (p11_mmap *map);
-
-#ifndef HAVE_SETENV
-#define setenv(n, v, z) _putenv_s(n, v)
-#endif /* HAVE_SETENV */
-
-#endif /* OS_WIN32 */
-
-/* ----------------------------------------------------------------------------
- * UNIX
- */
-
-#ifdef OS_UNIX
-
-#include <pthread.h>
-#include <dlfcn.h>
-#include <time.h>
-#include <unistd.h>
-
-typedef pthread_mutex_t p11_mutex_t;
-
-void p11_mutex_init (p11_mutex_t *mutex);
-
-#define p11_mutex_lock(m) \
- (pthread_mutex_lock (m))
-#define p11_mutex_unlock(m) \
- (pthread_mutex_unlock (m))
-#define p11_mutex_uninit(m) \
- (pthread_mutex_destroy(m))
-
-typedef pthread_t p11_thread_t;
-
-typedef pthread_t p11_thread_id_t;
-
-typedef void * (*p11_thread_routine) (void *arg);
-
-#define p11_thread_create(t, r, a) \
- (pthread_create ((t), NULL, (r), (a)))
-#define p11_thread_join(t) \
- (pthread_join ((t), NULL))
-#define p11_thread_id_self(m) \
- (pthread_self ())
-
-typedef void * dl_module_t;
-
-#define p11_dl_open(f) \
- (dlopen ((f), RTLD_LOCAL | RTLD_NOW))
-#define p11_dl_close \
- dlclose
-#define p11_dl_symbol(d, s) \
- (dlsym ((d), (s)))
-
-char * p11_dl_error (void);
-
-#define p11_sleep_ms(ms) \
- do { int _ms = (ms); \
- struct timespec _ts = { _ms / 1000, (_ms % 1000) * 1000 * 1000 }; \
- nanosleep (&_ts, NULL); \
- } while(0)
-
-typedef struct _p11_mmap p11_mmap;
-
-p11_mmap * p11_mmap_open (const char *path,
- struct stat *sb,
- void **data,
- size_t *size);
-
-void p11_mmap_close (p11_mmap *map);
-
-#endif /* OS_UNIX */
-
-/* ----------------------------------------------------------------------------
- * MORE COMPAT
- */
-
-#ifdef HAVE_ERRNO_H
-#include <errno.h>
-#endif /* HAVE_ERRNO_H */
-
-#ifndef HAVE_STRNSTR
-
-char * strnstr (const char *s,
- const char *find,
- size_t slen);
-
-#endif /* HAVE_STRNSTR */
-
-#ifndef HAVE_MEMDUP
-
-void * memdup (const void *data,
- size_t length);
-
-#endif /* HAVE_MEMDUP */
-
-#ifndef HAVE_STRNDUP
-
-char * strndup (const char *data,
- size_t length);
-
-#endif /* HAVE_STRDUP */
-
-#ifdef HAVE_STDBOOL_H
-#include <stdbool.h>
-#else
-typedef enum { false, true } bool;
-#endif
-
-#ifndef HAVE_STRCONCAT
-
-char * strconcat (const char *first,
- ...) GNUC_NULL_TERMINATED;
-
-#endif /* HAVE_STRCONCAT */
-
-#if defined HAVE_DECL_ASPRINTF && !HAVE_DECL_ASPRINTF
-
-int asprintf (char **strp,
- const char *fmt,
- ...);
-
-#endif /* HAVE_ASPRINTF */
-
-#if defined HAVE_DECL_VASPRINTF && !HAVE_DECL_VASPRINTF
-#include <stdarg.h>
-
-int vasprintf (char **strp,
- const char *fmt,
- va_list ap);
-
-#endif /* HAVE_DECL_VASPRINTF */
-
-#ifndef HAVE_GMTIME_R
-#include <time.h>
-
-struct tm * gmtime_r (const time_t *timep,
- struct tm *result);
-
-#endif /* HAVE_GMTIME_R */
-
-#ifndef HAVE_TIMEGM
-#include <time.h>
-
-time_t timegm (struct tm *tm);
-
-#endif /* HAVE_TIMEGM */
-
-#ifdef HAVE_GETAUXVAL
-
-#include <sys/auxv.h>
-
-#else /* !HAVE_GETAUXVAL */
-
-unsigned long getauxval (unsigned long type);
-
-#define AT_SECURE 23
-
-#endif /* !HAVE_GETAUXVAL */
-
-char * secure_getenv (const char *name);
-
-#ifndef HAVE_STRERROR_R
-
-int strerror_r (int errnum,
- char *buf,
- size_t buflen);
-
-#endif /* HAVE_STRERROR_R */
-
-#ifndef HAVE_FDWALK
-
-int fdwalk (int (* cb) (void *data, int fd),
- void *data);
-
-#endif
-
-#endif /* __COMPAT_H__ */
diff --git a/common/constants.c b/common/constants.c
deleted file mode 100644
index f4aa66b..0000000
--- a/common/constants.c
+++ /dev/null
@@ -1,708 +0,0 @@
-/*
- * Copyright (C) 2013, Redhat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "attrs.h"
-#include "constants.h"
-#include "debug.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-#include "pkcs11x.h"
-
-#include <stdlib.h>
-
-#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
-
-/*
- * These are in numeric order of their type for easy lookup
- * After changing something make sure to run the test-attrs
- * test to verify everything is in order.
- */
-
-#define CT(x, n) { x, #x, { n } },
-#define CT2(x, n, n2) { x, #x, { n, n2 } },
-
-const p11_constant p11_constant_types[] = {
- CT (CKA_CLASS, "class")
- CT (CKA_TOKEN, "token")
- CT (CKA_PRIVATE, "private")
- CT (CKA_LABEL, "label")
- CT (CKA_APPLICATION, "application")
- CT (CKA_VALUE, "value")
- CT (CKA_OBJECT_ID, "object-id")
- CT (CKA_CERTIFICATE_TYPE, "certificate-type")
- CT (CKA_ISSUER, "issuer")
- CT (CKA_SERIAL_NUMBER, "serial-number")
- CT (CKA_AC_ISSUER, "ac-issuer")
- CT (CKA_OWNER, "owner")
- CT (CKA_ATTR_TYPES, "attr-types")
- CT (CKA_TRUSTED, "trusted")
- CT (CKA_CERTIFICATE_CATEGORY, "certificate-category")
- CT (CKA_JAVA_MIDP_SECURITY_DOMAIN, "java-midp-security-domain")
- CT (CKA_URL, "url")
- CT (CKA_HASH_OF_SUBJECT_PUBLIC_KEY, "hash-of-subject-public-key")
- CT (CKA_HASH_OF_ISSUER_PUBLIC_KEY, "hash-of-issuer-public-key")
- CT (CKA_CHECK_VALUE, "check-value")
- CT (CKA_KEY_TYPE, "key-type")
- CT (CKA_SUBJECT, "subject")
- CT (CKA_ID, "id")
- CT (CKA_SENSITIVE, "sensitive")
- CT (CKA_ENCRYPT, "encrypt")
- CT (CKA_DECRYPT, "decrypt")
- CT (CKA_WRAP, "wrap")
- CT (CKA_UNWRAP, "unwrap")
- CT (CKA_SIGN, "sign")
- CT (CKA_SIGN_RECOVER, "sign-recover")
- CT (CKA_VERIFY, "verify")
- CT (CKA_VERIFY_RECOVER, "recover")
- CT (CKA_DERIVE, "derive")
- CT (CKA_START_DATE, "start-date")
- CT (CKA_END_DATE, "end-date")
- CT (CKA_MODULUS, "modulus")
- CT (CKA_MODULUS_BITS, "modulus-bits")
- CT (CKA_PUBLIC_EXPONENT, "public-exponent")
- CT (CKA_PRIVATE_EXPONENT, "private-exponent")
- CT (CKA_PRIME_1, "prime-1")
- CT (CKA_PRIME_2, "prime-2")
- CT (CKA_EXPONENT_1, "exponent-1")
- CT (CKA_EXPONENT_2, "exponent-2")
- CT (CKA_COEFFICIENT, "coefficient")
- CT2 (CKA_PUBLIC_KEY_INFO, "public-key-info", "x-public-key-info")
- CT (CKA_PRIME, "prime")
- CT (CKA_SUBPRIME, "subprime")
- CT (CKA_BASE, "base")
- CT (CKA_PRIME_BITS, "prime-bits")
- /* CT (CKA_SUBPRIME_BITS) */
- CT (CKA_SUB_PRIME_BITS, "subprime-bits")
- CT (CKA_VALUE_BITS, "value-bits")
- CT (CKA_VALUE_LEN, "value-len")
- CT (CKA_EXTRACTABLE, "extractable")
- CT (CKA_LOCAL, "local")
- CT (CKA_NEVER_EXTRACTABLE, "never-extractable")
- CT (CKA_ALWAYS_SENSITIVE, "always-sensitive")
- CT (CKA_KEY_GEN_MECHANISM, "key-gen-mechanism")
- CT (CKA_MODIFIABLE, "modifiable")
- CT (CKA_ECDSA_PARAMS, "ecdsa-params")
- /* CT (CKA_EC_PARAMS) */
- CT (CKA_EC_POINT, "ec-point")
- CT (CKA_SECONDARY_AUTH, "secondary-auth")
- CT (CKA_AUTH_PIN_FLAGS, "auth-pin-flags")
- CT (CKA_ALWAYS_AUTHENTICATE, "always-authenticate")
- CT (CKA_WRAP_WITH_TRUSTED, "wrap-with-trusted")
- CT (CKA_HW_FEATURE_TYPE, "hw-feature-type")
- CT (CKA_RESET_ON_INIT, "reset-on-init")
- CT (CKA_HAS_RESET, "has-reset")
- CT (CKA_PIXEL_X, "pixel-x")
- CT (CKA_PIXEL_Y, "pixel-y")
- CT (CKA_RESOLUTION, "resolution")
- CT (CKA_CHAR_ROWS, "char-rows")
- CT (CKA_CHAR_COLUMNS, "char-columns")
- CT (CKA_COLOR, "color")
- CT (CKA_BITS_PER_PIXEL, "bits-per-pixel")
- CT (CKA_CHAR_SETS, "char-sets")
- CT (CKA_ENCODING_METHODS, "encoding-methods")
- CT (CKA_MIME_TYPES, "mime-types")
- CT (CKA_MECHANISM_TYPE, "mechanism-type")
- CT (CKA_REQUIRED_CMS_ATTRIBUTES, "required-cms-attributes")
- CT (CKA_DEFAULT_CMS_ATTRIBUTES, "default-cms-attributes")
- CT (CKA_SUPPORTED_CMS_ATTRIBUTES, "supported-cms-attributes")
- CT (CKA_WRAP_TEMPLATE, "wrap-template")
- CT (CKA_UNWRAP_TEMPLATE, "unwrap-template")
- CT (CKA_ALLOWED_MECHANISMS, "allowed-mechanisms")
- CT (CKA_NSS_URL, "nss-url")
- CT (CKA_NSS_EMAIL, "nss-email")
- CT (CKA_NSS_SMIME_INFO, "nss-smime-constant")
- CT (CKA_NSS_SMIME_TIMESTAMP, "nss-smime-timestamp")
- CT (CKA_NSS_PKCS8_SALT, "nss-pkcs8-salt")
- CT (CKA_NSS_PASSWORD_CHECK, "nss-password-check")
- CT (CKA_NSS_EXPIRES, "nss-expires")
- CT (CKA_NSS_KRL, "nss-krl")
- CT (CKA_NSS_PQG_COUNTER, "nss-pqg-counter")
- CT (CKA_NSS_PQG_SEED, "nss-pqg-seed")
- CT (CKA_NSS_PQG_H, "nss-pqg-h")
- CT (CKA_NSS_PQG_SEED_BITS, "nss-pqg-seed-bits")
- CT (CKA_NSS_MODULE_SPEC, "nss-module-spec")
- CT (CKA_TRUST_DIGITAL_SIGNATURE, "trust-digital-signature")
- CT (CKA_TRUST_NON_REPUDIATION, "trust-non-repudiation")
- CT (CKA_TRUST_KEY_ENCIPHERMENT, "trust-key-encipherment")
- CT (CKA_TRUST_DATA_ENCIPHERMENT, "trust-data-encipherment")
- CT (CKA_TRUST_KEY_AGREEMENT, "trust-key-agreement")
- CT (CKA_TRUST_KEY_CERT_SIGN, "trust-key-cert-sign")
- CT (CKA_TRUST_CRL_SIGN, "trust-crl-sign")
- CT (CKA_TRUST_SERVER_AUTH, "trust-server-auth")
- CT (CKA_TRUST_CLIENT_AUTH, "trust-client-auth")
- CT (CKA_TRUST_CODE_SIGNING, "trust-code-signing")
- CT (CKA_TRUST_EMAIL_PROTECTION, "trust-email-protection")
- CT (CKA_TRUST_IPSEC_END_SYSTEM, "trust-ipsec-end-system")
- CT (CKA_TRUST_IPSEC_TUNNEL, "trust-ipsec-tunnel")
- CT (CKA_TRUST_IPSEC_USER, "trust-ipsec-user")
- CT (CKA_TRUST_TIME_STAMPING, "trust-time-stamping")
- CT (CKA_TRUST_STEP_UP_APPROVED, "trust-step-up-approved")
- CT (CKA_CERT_SHA1_HASH, "cert-sha1-hash")
- CT (CKA_CERT_MD5_HASH, "cert-md5-hash")
- CT (CKA_X_ASSERTION_TYPE, "x-assertion-type")
- CT (CKA_X_CERTIFICATE_VALUE, "x-cetrificate-value")
- CT (CKA_X_PURPOSE, "x-purpose")
- CT (CKA_X_PEER, "x-peer")
- CT (CKA_X_DISTRUSTED, "x-distrusted")
- CT (CKA_X_CRITICAL, "x-critical")
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_classes[] = {
- CT (CKO_DATA, "data")
- CT (CKO_CERTIFICATE, "certificate")
- CT (CKO_PUBLIC_KEY, "public-key")
- CT (CKO_PRIVATE_KEY, "private-key")
- CT (CKO_SECRET_KEY, "secret-key")
- CT (CKO_HW_FEATURE, "hw-feature")
- CT (CKO_DOMAIN_PARAMETERS, "domain-parameters")
- CT (CKO_MECHANISM, "mechanism")
- CT (CKO_NSS_CRL, "nss-crl")
- CT (CKO_NSS_SMIME, "nss-smime")
- CT (CKO_NSS_TRUST, "nss-trust")
- CT (CKO_NSS_BUILTIN_ROOT_LIST, "nss-builtin-root-list")
- CT (CKO_NSS_NEWSLOT, "nss-newslot")
- CT (CKO_NSS_DELSLOT, "nss-delslot")
- CT (CKO_X_TRUST_ASSERTION, "x-trust-assertion")
- CT (CKO_X_CERTIFICATE_EXTENSION, "x-certificate-extension")
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_trusts[] = {
- CT (CKT_NSS_TRUSTED, "nss-trusted")
- CT (CKT_NSS_TRUSTED_DELEGATOR, "nss-trusted-delegator")
- CT (CKT_NSS_MUST_VERIFY_TRUST, "nss-must-verify-trust")
- CT (CKT_NSS_TRUST_UNKNOWN, "nss-trust-unknown")
- CT (CKT_NSS_NOT_TRUSTED, "nss-not-trusted")
- CT (CKT_NSS_VALID_DELEGATOR, "nss-valid-delegator")
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_certs[] = {
- CT (CKC_X_509, "x-509")
- CT (CKC_X_509_ATTR_CERT, "x-509-attr-cert")
- CT (CKC_WTLS, "wtls")
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_keys[] = {
- CT (CKK_RSA, "rsa")
- CT (CKK_DSA, "dsa")
- CT (CKK_DH, "dh")
- /* CT (CKK_ECDSA) */
- CT (CKK_EC, "ec")
- CT (CKK_X9_42_DH, "x9-42-dh")
- CT (CKK_KEA, "kea")
- CT (CKK_GENERIC_SECRET, "generic-secret")
- CT (CKK_RC2, "rc2")
- CT (CKK_RC4, "rc4")
- CT (CKK_DES, "des")
- CT (CKK_DES2, "des2")
- CT (CKK_DES3, "des3")
- CT (CKK_CAST, "cast")
- CT (CKK_CAST3, "cast3")
- CT (CKK_CAST128, "cast128")
- CT (CKK_RC5, "rc5")
- CT (CKK_IDEA, "idea")
- CT (CKK_SKIPJACK, "skipjack")
- CT (CKK_BATON, "baton")
- CT (CKK_JUNIPER, "juniper")
- CT (CKK_CDMF, "cdmf")
- CT (CKK_AES, "aes")
- CT (CKK_BLOWFISH, "blowfish")
- CT (CKK_TWOFISH, "twofish")
- CT (CKK_NSS_PKCS8, "nss-pkcs8")
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_asserts[] = {
- CT (CKT_X_DISTRUSTED_CERTIFICATE, "x-distrusted-certificate")
- CT (CKT_X_PINNED_CERTIFICATE, "x-pinned-certificate")
- CT (CKT_X_ANCHORED_CERTIFICATE, "x-anchored-certificate")
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_categories[] = {
- { 0, "unspecified", { "unspecified" } },
- { 1, "token-user", { "token-user" } },
- { 2, "authority", { "authority" } },
- { 3, "other-entry", { "other-entry" } },
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_users[] = {
- CT (CKU_SO, NULL)
- CT (CKU_USER, NULL)
- CT (CKU_CONTEXT_SPECIFIC, NULL)
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_states[] = {
- CT (CKS_RO_PUBLIC_SESSION, NULL)
- CT (CKS_RO_USER_FUNCTIONS, NULL)
- CT (CKS_RW_PUBLIC_SESSION, NULL)
- CT (CKS_RW_USER_FUNCTIONS, NULL)
- CT (CKS_RW_SO_FUNCTIONS, NULL)
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_returns[] = {
- CT (CKR_OK, NULL)
- CT (CKR_CANCEL, NULL)
- CT (CKR_HOST_MEMORY, NULL)
- CT (CKR_SLOT_ID_INVALID, NULL)
- CT (CKR_GENERAL_ERROR, NULL)
- CT (CKR_FUNCTION_FAILED, NULL)
- CT (CKR_ARGUMENTS_BAD, NULL)
- CT (CKR_NO_EVENT, NULL)
- CT (CKR_NEED_TO_CREATE_THREADS, NULL)
- CT (CKR_CANT_LOCK, NULL)
- CT (CKR_ATTRIBUTE_READ_ONLY, NULL)
- CT (CKR_ATTRIBUTE_SENSITIVE, NULL)
- CT (CKR_ATTRIBUTE_TYPE_INVALID, NULL)
- CT (CKR_ATTRIBUTE_VALUE_INVALID, NULL)
- CT (CKR_DATA_INVALID, NULL)
- CT (CKR_DATA_LEN_RANGE, NULL)
- CT (CKR_DEVICE_ERROR, NULL)
- CT (CKR_DEVICE_MEMORY, NULL)
- CT (CKR_DEVICE_REMOVED, NULL)
- CT (CKR_ENCRYPTED_DATA_INVALID, NULL)
- CT (CKR_ENCRYPTED_DATA_LEN_RANGE, NULL)
- CT (CKR_FUNCTION_CANCELED, NULL)
- CT (CKR_FUNCTION_NOT_PARALLEL, NULL)
- CT (CKR_FUNCTION_NOT_SUPPORTED, NULL)
- CT (CKR_KEY_HANDLE_INVALID, NULL)
- CT (CKR_KEY_SIZE_RANGE, NULL)
- CT (CKR_KEY_TYPE_INCONSISTENT, NULL)
- CT (CKR_KEY_NOT_NEEDED, NULL)
- CT (CKR_KEY_CHANGED, NULL)
- CT (CKR_KEY_NEEDED, NULL)
- CT (CKR_KEY_INDIGESTIBLE, NULL)
- CT (CKR_KEY_FUNCTION_NOT_PERMITTED, NULL)
- CT (CKR_KEY_NOT_WRAPPABLE, NULL)
- CT (CKR_KEY_UNEXTRACTABLE, NULL)
- CT (CKR_MECHANISM_INVALID, NULL)
- CT (CKR_MECHANISM_PARAM_INVALID, NULL)
- CT (CKR_OBJECT_HANDLE_INVALID, NULL)
- CT (CKR_OPERATION_ACTIVE, NULL)
- CT (CKR_OPERATION_NOT_INITIALIZED, NULL)
- CT (CKR_PIN_INCORRECT, NULL)
- CT (CKR_PIN_INVALID, NULL)
- CT (CKR_PIN_LEN_RANGE, NULL)
- CT (CKR_PIN_EXPIRED, NULL)
- CT (CKR_PIN_LOCKED, NULL)
- CT (CKR_SESSION_CLOSED, NULL)
- CT (CKR_SESSION_COUNT, NULL)
- CT (CKR_SESSION_HANDLE_INVALID, NULL)
- CT (CKR_SESSION_PARALLEL_NOT_SUPPORTED, NULL)
- CT (CKR_SESSION_READ_ONLY, NULL)
- CT (CKR_SESSION_EXISTS, NULL)
- CT (CKR_SESSION_READ_ONLY_EXISTS, NULL)
- CT (CKR_SESSION_READ_WRITE_SO_EXISTS, NULL)
- CT (CKR_SIGNATURE_INVALID, NULL)
- CT (CKR_SIGNATURE_LEN_RANGE, NULL)
- CT (CKR_TEMPLATE_INCOMPLETE, NULL)
- CT (CKR_TEMPLATE_INCONSISTENT, NULL)
- CT (CKR_TOKEN_NOT_PRESENT, NULL)
- CT (CKR_TOKEN_NOT_RECOGNIZED, NULL)
- CT (CKR_TOKEN_WRITE_PROTECTED, NULL)
- CT (CKR_UNWRAPPING_KEY_HANDLE_INVALID, NULL)
- CT (CKR_UNWRAPPING_KEY_SIZE_RANGE, NULL)
- CT (CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, NULL)
- CT (CKR_USER_ALREADY_LOGGED_IN, NULL)
- CT (CKR_USER_NOT_LOGGED_IN, NULL)
- CT (CKR_USER_PIN_NOT_INITIALIZED, NULL)
- CT (CKR_USER_TYPE_INVALID, NULL)
- CT (CKR_USER_ANOTHER_ALREADY_LOGGED_IN, NULL)
- CT (CKR_USER_TOO_MANY_TYPES, NULL)
- CT (CKR_WRAPPED_KEY_INVALID, NULL)
- CT (CKR_WRAPPED_KEY_LEN_RANGE, NULL)
- CT (CKR_WRAPPING_KEY_HANDLE_INVALID, NULL)
- CT (CKR_WRAPPING_KEY_SIZE_RANGE, NULL)
- CT (CKR_WRAPPING_KEY_TYPE_INCONSISTENT, NULL)
- CT (CKR_RANDOM_SEED_NOT_SUPPORTED, NULL)
- CT (CKR_RANDOM_NO_RNG, NULL)
- CT (CKR_DOMAIN_PARAMS_INVALID, NULL)
- CT (CKR_BUFFER_TOO_SMALL, NULL)
- CT (CKR_SAVED_STATE_INVALID, NULL)
- CT (CKR_INFORMATION_SENSITIVE, NULL)
- CT (CKR_STATE_UNSAVEABLE, NULL)
- CT (CKR_CRYPTOKI_NOT_INITIALIZED, NULL)
- CT (CKR_CRYPTOKI_ALREADY_INITIALIZED, NULL)
- CT (CKR_MUTEX_BAD, NULL)
- CT (CKR_MUTEX_NOT_LOCKED, NULL)
- CT (CKR_FUNCTION_REJECTED, NULL)
- { CKA_INVALID },
-};
-
-const p11_constant p11_constant_mechanisms[] = {
- CT (CKM_RSA_PKCS_KEY_PAIR_GEN, "rsa-pkcs-key-pair-gen")
- CT (CKM_RSA_PKCS, "rsa-pkcs")
- CT (CKM_RSA_9796, "rsa-9796")
- CT (CKM_RSA_X_509, "rsa-x-509")
- CT (CKM_MD2_RSA_PKCS, "md2-rsa-pkcs")
- CT (CKM_MD5_RSA_PKCS, "md5-rsa-pkcs")
- CT (CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs")
- CT (CKM_RIPEMD128_RSA_PKCS, "ripemd128-rsa-pkcs")
- CT (CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs")
- CT (CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep")
- CT (CKM_RSA_X9_31_KEY_PAIR_GEN, "rsa-x9-31-key-pair-gen")
- CT (CKM_RSA_X9_31, "rsa-x9-31")
- CT (CKM_SHA1_RSA_X9_31, "sha1-rsa-x9-31")
- CT (CKM_RSA_PKCS_PSS, "rsa-pkcs-pss")
- CT (CKM_SHA1_RSA_PKCS_PSS, "sha1-rsa-pkcs-pss")
- CT (CKM_DSA_KEY_PAIR_GEN, "dsa-key-pair-gen")
- CT (CKM_DSA, NULL) /* "dsa" */
- CT (CKM_DSA_SHA1, "dsa-sha1")
- CT (CKM_DH_PKCS_KEY_PAIR_GEN, "dh-pkcs-key-pair-gen")
- CT (CKM_DH_PKCS_DERIVE, "dh-pkcs-derive")
- CT (CKM_X9_42_DH_KEY_PAIR_GEN, "x9-42-dh-key-pair-gen")
- CT (CKM_X9_42_DH_DERIVE, "x9-42-dh-derive")
- CT (CKM_X9_42_DH_HYBRID_DERIVE, "x9-42-dh-hybrid-derive")
- CT (CKM_X9_42_MQV_DERIVE, "x9-42-mqv-derive")
- CT (CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs")
- CT (CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs")
- CT (CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs")
- CT (CKM_SHA256_RSA_PKCS_PSS, "sha256-rsa-pkcs-pss")
- CT (CKM_SHA384_RSA_PKCS_PSS, "sha384-rsa-pkcs-pss")
- CT (CKM_SHA512_RSA_PKCS_PSS, "sha512-rsa-pkcs-pss")
- CT (CKM_RC2_KEY_GEN, "rc2-key-gen")
- CT (CKM_RC2_ECB, "rc2-ecb")
- CT (CKM_RC2_CBC, "rc2-cbc")
- CT (CKM_RC2_MAC, "rc2-mac")
- CT (CKM_RC2_MAC_GENERAL, "rc2-mac-general")
- CT (CKM_RC2_CBC_PAD, "rc2-cbc-pad")
- CT (CKM_RC4_KEY_GEN, "rc4-key-gen")
- CT (CKM_RC4, NULL) /* "rc4" */
- CT (CKM_DES_KEY_GEN, "des-key-gen")
- CT (CKM_DES_ECB, "des-ecb")
- CT (CKM_DES_CBC, "des-cbc")
- CT (CKM_DES_MAC, "des-mac")
- CT (CKM_DES_MAC_GENERAL, "des-mac-general")
- CT (CKM_DES_CBC_PAD, "des-cbc-pad")
- CT (CKM_DES2_KEY_GEN, "des2-key-gen")
- CT (CKM_DES3_KEY_GEN, "des3-key-gen")
- CT (CKM_DES3_ECB, "des3-ecb")
- CT (CKM_DES3_CBC, "des3-cbc")
- CT (CKM_DES3_MAC, "des3-mac")
- CT (CKM_DES3_MAC_GENERAL, "des3-mac-general")
- CT (CKM_DES3_CBC_PAD, "des3-cbc-pad")
- CT (CKM_CDMF_KEY_GEN, "cdmf-key-gen")
- CT (CKM_CDMF_ECB, "cdmf-ecb")
- CT (CKM_CDMF_CBC, "cdmf-cbc")
- CT (CKM_CDMF_MAC, "cdmf-mac")
- CT (CKM_CDMF_MAC_GENERAL, "cdmf-mac-general")
- CT (CKM_CDMF_CBC_PAD, "cdmf-cbc-pad")
- CT (CKM_DES_OFB64, "des-ofb64")
- CT (CKM_DES_OFB8, "des-ofb8")
- CT (CKM_DES_CFB64, "des-cfb64")
- CT (CKM_DES_CFB8, "des-cfb8")
- CT (CKM_MD2, "md2")
- CT (CKM_MD2_HMAC, "md2-hmac")
- CT (CKM_MD2_HMAC_GENERAL, "md2-hmac-general")
- CT (CKM_MD5, "md5")
- CT (CKM_MD5_HMAC, "md5-hmac")
- CT (CKM_MD5_HMAC_GENERAL, "md5-hmac-general")
- CT (CKM_SHA_1, "sha-1")
- CT (CKM_SHA_1_HMAC, "sha-1-hmac")
- CT (CKM_SHA_1_HMAC_GENERAL, "sha-1-hmac-general")
- CT (CKM_RIPEMD128, "ripemd128")
- CT (CKM_RIPEMD128_HMAC, "ripemd128-hmac")
- CT (CKM_RIPEMD128_HMAC_GENERAL, "ripemd128-hmac-general")
- CT (CKM_RIPEMD160, "ripemd160")
- CT (CKM_RIPEMD160_HMAC, "ripemd160-hmac")
- CT (CKM_RIPEMD160_HMAC_GENERAL, "ripemd160-hmac-general")
- CT (CKM_SHA256, "sha256")
- CT (CKM_SHA256_HMAC, "sha256-hmac")
- CT (CKM_SHA256_HMAC_GENERAL, "sha256-hmac-general")
- CT (CKM_SHA384, "sha384")
- CT (CKM_SHA384_HMAC, "sha384-hmac")
- CT (CKM_SHA384_HMAC_GENERAL, "sha384-hmac-general")
- CT (CKM_SHA512, "sha512")
- CT (CKM_SHA512_HMAC, "sha512-hmac")
- CT (CKM_SHA512_HMAC_GENERAL, "sha512-hmac-general")
- CT (CKM_CAST_KEY_GEN, "cast-key-gen")
- CT (CKM_CAST_ECB, "cast-ecb")
- CT (CKM_CAST_CBC, "cast-cbc")
- CT (CKM_CAST_MAC, "cast-mac")
- CT (CKM_CAST_MAC_GENERAL, "cast-mac-general")
- CT (CKM_CAST_CBC_PAD, "cast-cbc-pad")
- CT (CKM_CAST3_KEY_GEN, "cast3-key-gen")
- CT (CKM_CAST3_ECB, "cast3-ecb")
- CT (CKM_CAST3_CBC, "cast3-cbc")
- CT (CKM_CAST3_MAC, "cast3-mac")
- CT (CKM_CAST3_MAC_GENERAL, "cast3-mac-general")
- CT (CKM_CAST3_CBC_PAD, "cast3-cbc-pad")
- CT (CKM_CAST5_KEY_GEN, "cast5-key-gen")
- /* CT (CKM_CAST128_KEY_GEN) */
- CT (CKM_CAST5_ECB, "cast5-ecb")
- /* CT (CKM_CAST128_ECB) */
- CT (CKM_CAST5_CBC, "cast5-cbc")
- /* CT (CKM_CAST128_CBC) */
- CT (CKM_CAST5_MAC, "cast5-mac")
- /* CT (CKM_CAST128_MAC) */
- CT (CKM_CAST5_MAC_GENERAL, "cast5-mac-general")
- /* CT (CKM_CAST128_MAC_GENERAL) */
- CT (CKM_CAST5_CBC_PAD, "cast5-cbc-pad")
- /* CT (CKM_CAST128_CBC_PAD) */
- CT (CKM_RC5_KEY_GEN, "rc5-key-gen")
- CT (CKM_RC5_ECB, "rc5-ecb")
- CT (CKM_RC5_CBC, "rc5-cbc")
- CT (CKM_RC5_MAC, "rc5-mac")
- CT (CKM_RC5_MAC_GENERAL, "rc5-mac-general")
- CT (CKM_RC5_CBC_PAD, "rc5-cbc-pad")
- CT (CKM_IDEA_KEY_GEN, "idea-key-gen")
- CT (CKM_IDEA_ECB, "idea-ecb")
- CT (CKM_IDEA_CBC, "idea-cbc")
- CT (CKM_IDEA_MAC, "idea-mac")
- CT (CKM_IDEA_MAC_GENERAL, "idea-mac-general")
- CT (CKM_IDEA_CBC_PAD, "idea-cbc-pad")
- CT (CKM_GENERIC_SECRET_KEY_GEN, "generic-secret-key-gen")
- CT (CKM_CONCATENATE_BASE_AND_KEY, "concatenate-base-and-key")
- CT (CKM_CONCATENATE_BASE_AND_DATA, "concatenate-base-and-data")
- CT (CKM_CONCATENATE_DATA_AND_BASE, "concatenate-data-and-base")
- CT (CKM_XOR_BASE_AND_DATA, "xor-base-and-data")
- CT (CKM_EXTRACT_KEY_FROM_KEY, "extract-key-from-key")
- CT (CKM_SSL3_PRE_MASTER_KEY_GEN, "ssl3-pre-master-key-gen")
- CT (CKM_SSL3_MASTER_KEY_DERIVE, "ssl3-master-key-derive")
- CT (CKM_SSL3_KEY_AND_MAC_DERIVE, "ssl3-key-and-mac-derive")
- CT (CKM_SSL3_MASTER_KEY_DERIVE_DH, "ssl3-master-key-derive-dh")
- CT (CKM_TLS_PRE_MASTER_KEY_GEN, "tls-pre-master-key-gen")
- CT (CKM_TLS_MASTER_KEY_DERIVE, "tls-master-key-derive")
- CT (CKM_TLS_KEY_AND_MAC_DERIVE, "tls-key-and-mac-derive")
- CT (CKM_TLS_MASTER_KEY_DERIVE_DH, "tls-master-key-derive-dh")
- /* CT (CKM_TLS_PRF) */
- CT (CKM_SSL3_MD5_MAC, "ssl3-md5-mac")
- CT (CKM_SSL3_SHA1_MAC, "ssl3-sha1-mac")
- CT (CKM_MD5_KEY_DERIVATION, "md5-key-derivation")
- CT (CKM_MD2_KEY_DERIVATION, "md2-key-derivation")
- CT (CKM_SHA1_KEY_DERIVATION, "sha1-key-derivation")
- CT (CKM_SHA256_KEY_DERIVATION, "sha256-key-derivation")
- CT (CKM_SHA384_KEY_DERIVATION, "sha384-key-derivation")
- CT (CKM_SHA512_KEY_DERIVATION, "sha512-key-derivation")
- CT (CKM_PBE_MD2_DES_CBC, "pbe-md2-des-cbc")
- CT (CKM_PBE_MD5_DES_CBC, "pbe-md5-des-cbc")
- CT (CKM_PBE_MD5_CAST_CBC, "pbe-md5-cast-cbc")
- CT (CKM_PBE_MD5_CAST3_CBC, "pbe-md5-cast3-cbc")
- CT (CKM_PBE_MD5_CAST5_CBC, "pbe-md5-cast5-cbc")
- /* CT (CKM_PBE_MD5_CAST128_CBC) */
- CT (CKM_PBE_SHA1_CAST5_CBC, "pbe-sha1-cast5-cbc")
- /* CT (CKM_PBE_SHA1_CAST128_CBC) */
- CT (CKM_PBE_SHA1_RC4_128, "pbe-sha1-rc4-128")
- CT (CKM_PBE_SHA1_RC4_40, "pbe-sha1-rc4-40")
- CT (CKM_PBE_SHA1_DES3_EDE_CBC, "pbe-sha1-des3-ede-cbc")
- CT (CKM_PBE_SHA1_DES2_EDE_CBC, "pbe-sha1-des2-ede-cbc")
- CT (CKM_PBE_SHA1_RC2_128_CBC, "pbe-sha1-rc2-128-cbc")
- CT (CKM_PBE_SHA1_RC2_40_CBC, "pbe-sha1-rc2-40-cbc")
- CT (CKM_PKCS5_PBKD2, "pkcs5-pbkd2")
- CT (CKM_PBA_SHA1_WITH_SHA1_HMAC, "pba-sha1-with-sha1-hmac")
- CT (CKM_WTLS_PRE_MASTER_KEY_GEN, "wtls-pre-master-key-gen")
- CT (CKM_WTLS_MASTER_KEY_DERIVE, "wtls-master-key-derive")
- CT (CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC, "wtls-master-key-derive-dh-ecc")
- CT (CKM_WTLS_PRF, "wtls-prf")
- CT (CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE, "wtls-server-key-and-mac-derive")
- CT (CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE, "wtls-client-key-and-mac-derive")
- CT (CKM_KEY_WRAP_LYNKS, "key-wrap-lynks")
- CT (CKM_KEY_WRAP_SET_OAEP, "key-wrap-set-oaep")
- CT (CKM_CMS_SIG, "cms-sig")
- CT (CKM_SKIPJACK_KEY_GEN, "skipjack-key-gen")
- CT (CKM_SKIPJACK_ECB64, "skipjack-ecb64")
- CT (CKM_SKIPJACK_CBC64, "skipjack-cbc64")
- CT (CKM_SKIPJACK_OFB64, "skipjack-ofb64")
- CT (CKM_SKIPJACK_CFB64, "skipjack-cfb64")
- CT (CKM_SKIPJACK_CFB32, "skipjack-cfb32")
- CT (CKM_SKIPJACK_CFB16, "skipjack-cfb16")
- CT (CKM_SKIPJACK_CFB8, "skipjack-cfb8")
- CT (CKM_SKIPJACK_WRAP, "skipjack-wrap")
- CT (CKM_SKIPJACK_PRIVATE_WRAP, "skipjack-private-wrap")
- CT (CKM_SKIPJACK_RELAYX, "skipjack-relayx")
- CT (CKM_KEA_KEY_PAIR_GEN, "kea-key-pair-gen")
- CT (CKM_KEA_KEY_DERIVE, "kea-key-derive")
- CT (CKM_FORTEZZA_TIMESTAMP, "fortezza-timestamp")
- CT (CKM_BATON_KEY_GEN, "baton-key-gen")
- CT (CKM_BATON_ECB128, "baton-ecb128")
- CT (CKM_BATON_ECB96, "baton-ecb96")
- CT (CKM_BATON_CBC128, "baton-cbc128")
- CT (CKM_BATON_COUNTER, "baton-counter")
- CT (CKM_BATON_SHUFFLE, "baton-shuffle")
- CT (CKM_BATON_WRAP, "baton-wrap")
- CT (CKM_ECDSA_KEY_PAIR_GEN, "ecdsa-key-pair-gen")
- /* CT (CKM_EC_KEY_PAIR_GEN) */
- CT (CKM_ECDSA, "ecdsa")
- CT (CKM_ECDSA_SHA1, "ecdsa-sha1")
- CT (CKM_ECDH1_DERIVE, "ecdh1-derive")
- CT (CKM_ECDH1_COFACTOR_DERIVE, "ecdh1-cofactor-derive")
- CT (CKM_ECMQV_DERIVE, "ecmqv-derive")
- CT (CKM_JUNIPER_KEY_GEN, "juniper-key-gen")
- CT (CKM_JUNIPER_ECB128, "juniper-ecb128")
- CT (CKM_JUNIPER_CBC128, "juniper-cbc128")
- CT (CKM_JUNIPER_COUNTER, "juniper-counter")
- CT (CKM_JUNIPER_SHUFFLE, "juniper-shuffle")
- CT (CKM_JUNIPER_WRAP, "juniper-wrap")
- CT (CKM_FASTHASH, "fasthash")
- CT (CKM_AES_KEY_GEN, "aes-key-gen")
- CT (CKM_AES_ECB, "aes-ecb")
- CT (CKM_AES_CBC, "aes-cbc")
- CT (CKM_AES_MAC, "aes-mac")
- CT (CKM_AES_MAC_GENERAL, "aes-mac-general")
- CT (CKM_AES_CBC_PAD, "aes-cbc-pad")
- CT (CKM_BLOWFISH_KEY_GEN, "blowfish-key-gen")
- CT (CKM_BLOWFISH_CBC, "blowfish-cbc")
- CT (CKM_TWOFISH_KEY_GEN, "twofish-key-gen")
- CT (CKM_TWOFISH_CBC, "twofish-cbc")
- CT (CKM_DES_ECB_ENCRYPT_DATA, "des-ecb-encrypt-data")
- CT (CKM_DES_CBC_ENCRYPT_DATA, "des-cbc-encrypt-data")
- CT (CKM_DES3_ECB_ENCRYPT_DATA, "des3-ecb-encrypt-data")
- CT (CKM_DES3_CBC_ENCRYPT_DATA, "des3-cbc-encrypt-data")
- CT (CKM_AES_ECB_ENCRYPT_DATA, "aes-ecb-encrypt-data")
- CT (CKM_AES_CBC_ENCRYPT_DATA, "aes-cbc-encrypt-data")
- CT (CKM_DSA_PARAMETER_GEN, "dsa-parameter-gen")
- CT (CKM_DH_PKCS_PARAMETER_GEN, "dh-pkcs-parameter-gen")
- CT (CKM_X9_42_DH_PARAMETER_GEN, "x9-42-dh-parameter-gen")
- { CKA_INVALID },
-};
-
-#undef CT
-
-struct {
- const p11_constant *table;
- int length;
-} tables[] = {
- { p11_constant_types, ELEMS (p11_constant_types) - 1 },
- { p11_constant_classes, ELEMS (p11_constant_classes) - 1 },
- { p11_constant_trusts, ELEMS (p11_constant_trusts) - 1 },
- { p11_constant_certs, ELEMS (p11_constant_certs) - 1 },
- { p11_constant_keys, ELEMS (p11_constant_keys) - 1 },
- { p11_constant_asserts, ELEMS (p11_constant_asserts) - 1 },
- { p11_constant_categories, ELEMS (p11_constant_categories) - 1 },
- { p11_constant_mechanisms, ELEMS (p11_constant_mechanisms) - 1 },
- { p11_constant_states, ELEMS (p11_constant_states) - 1 },
- { p11_constant_users, ELEMS (p11_constant_users) - 1 },
- { p11_constant_returns, ELEMS (p11_constant_returns) - 1 },
-};
-
-static int
-compar_attr_info (const void *one,
- const void *two)
-{
- const p11_constant *a1 = one;
- const p11_constant *a2 = two;
- if (a1->value == a2->value)
- return 0;
- if (a1->value < a2->value)
- return -1;
- return 1;
-}
-
-static const p11_constant *
-lookup_info (const p11_constant *table,
- CK_ATTRIBUTE_TYPE type)
-{
- p11_constant match = { type, NULL, { NULL } };
- int length = -1;
- int i;
-
- for (i = 0; i < ELEMS (tables); i++) {
- if (table == tables[i].table) {
- length = tables[i].length;
- break;
- }
- }
-
- return_val_if_fail (length != -1, NULL);
- return bsearch (&match, table, length, sizeof (p11_constant), compar_attr_info);
-
-}
-const char *
-p11_constant_name (const p11_constant *constants,
- CK_ULONG type)
-{
- const p11_constant *constant = lookup_info (constants, type);
- return constant ? constant->name : NULL;
-}
-
-const char *
-p11_constant_nick (const p11_constant *constants,
- CK_ULONG type)
-{
- const p11_constant *constant = lookup_info (constants, type);
- return constant ? constant->nicks[0] : NULL;
-}
-
-p11_dict *
-p11_constant_reverse (bool nick)
-{
- const p11_constant *table;
- p11_dict *lookups;
- int length = -1;
- int i, j, k;
-
- lookups = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
- return_val_if_fail (lookups != NULL, NULL);
-
- for (i = 0; i < ELEMS (tables); i++) {
- table = tables[i].table;
- length = tables[i].length;
-
- for (j = 0; j < length; j++) {
- if (nick) {
- for (k = 0; table[j].nicks[k] != NULL; k++) {
- if (!p11_dict_set (lookups, (void *)table[j].nicks[k],
- (void *)&table[j].value))
- return_val_if_reached (NULL);
- }
- } else {
- if (!p11_dict_set (lookups, (void *)table[j].name, (void *)&table[j].value))
- return_val_if_reached (NULL);
- }
- }
- }
-
- return lookups;
-}
-
-CK_ULONG
-p11_constant_resolve (p11_dict *reversed,
- const char *string)
-{
- CK_ULONG *ptr;
-
- return_val_if_fail (reversed != NULL, CKA_INVALID);
- return_val_if_fail (string != NULL, CKA_INVALID);
-
- ptr = p11_dict_get (reversed, string);
- return ptr ? *ptr : CKA_INVALID;
-}
diff --git a/common/constants.h b/common/constants.h
deleted file mode 100644
index 1526373..0000000
--- a/common/constants.h
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright (C) 2012, Redhat Inc.
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef P11_CONSTANTS_H_
-#define P11_CONSTANTS_H_
-
-#include "compat.h"
-#include "dict.h"
-#include "pkcs11.h"
-
-typedef struct {
- CK_ULONG value;
- const char *name;
- const char *nicks[4];
-} p11_constant;
-
-const char * p11_constant_name (const p11_constant *constants,
- CK_ULONG value);
-
-const char * p11_constant_nick (const p11_constant *constants,
- CK_ULONG type);
-
-p11_dict * p11_constant_reverse (bool nick);
-
-CK_ULONG p11_constant_resolve (p11_dict *table,
- const char *string);
-
-extern const p11_constant p11_constant_types[];
-
-extern const p11_constant p11_constant_classes[];
-
-extern const p11_constant p11_constant_trusts[];
-
-extern const p11_constant p11_constant_certs[];
-
-extern const p11_constant p11_constant_keys[];
-
-extern const p11_constant p11_constant_asserts[];
-
-extern const p11_constant p11_constant_categories[];
-
-extern const p11_constant p11_constant_mechanisms[];
-
-extern const p11_constant p11_constant_states[];
-
-extern const p11_constant p11_constant_users[];
-
-extern const p11_constant p11_constant_returns[];
-
-#endif /* P11_CONSTANTS_H_ */
diff --git a/common/debug.c b/common/debug.c
deleted file mode 100644
index 47933fa..0000000
--- a/common/debug.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stef@memberwebs.com>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#include "debug.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-struct DebugKey {
- const char *name;
- int value;
-};
-
-static struct DebugKey debug_keys[] = {
- { "lib", P11_DEBUG_LIB },
- { "conf", P11_DEBUG_CONF },
- { "uri", P11_DEBUG_URI },
- { "proxy", P11_DEBUG_PROXY },
- { "trust", P11_DEBUG_TRUST },
- { "tool", P11_DEBUG_TOOL },
- { "rpc", P11_DEBUG_RPC },
- { 0, }
-};
-
-static bool debug_inited = false;
-static bool debug_strict = false;
-
-/* global variable exported in debug.h */
-int p11_debug_current_flags = ~0;
-
-static int
-parse_environ_flags (void)
-{
- const char *env;
- int result = 0;
- const char *p;
- const char *q;
- int i;
-
- env = secure_getenv ("P11_KIT_STRICT");
- if (env && env[0] != '\0')
- debug_strict = true;
-
- env = getenv ("P11_KIT_DEBUG");
- if (!env)
- return 0;
-
- if (strcmp (env, "all") == 0) {
- for (i = 0; debug_keys[i].name; i++)
- result |= debug_keys[i].value;
-
- } else if (strcmp (env, "help") == 0) {
- fprintf (stderr, "Supported debug values:");
- for (i = 0; debug_keys[i].name; i++)
- fprintf (stderr, " %s", debug_keys[i].name);
- fprintf (stderr, "\n");
-
- } else {
- p = env;
- while (*p) {
- q = strpbrk (p, ":;, \t");
- if (!q)
- q = p + strlen (p);
-
- for (i = 0; debug_keys[i].name; i++) {
- if (q - p == strlen (debug_keys[i].name) &&
- strncmp (debug_keys[i].name, p, q - p) == 0)
- result |= debug_keys[i].value;
- }
-
- p = q;
- if (*p)
- p++;
- }
- }
-
- return result;
-}
-
-void
-p11_debug_init (void)
-{
- p11_debug_current_flags = parse_environ_flags ();
- debug_inited = true;
-}
-
-void
-p11_debug_message (int flag,
- const char *format, ...)
-{
- va_list args;
-
- if (flag & p11_debug_current_flags) {
- fprintf (stderr, "(p11-kit:%d) ", getpid());
- va_start (args, format);
- vfprintf (stderr, format, args);
- va_end (args);
- fprintf (stderr, "\n");
- }
-}
-
-void
-p11_debug_precond (const char *format,
- ...)
-{
- va_list va;
-
- va_start (va, format);
- vfprintf (stderr, format, va);
- va_end (va);
-
-#ifdef __COVERITY__
- fprintf (stderr, "ignoring P11_KIT_STRICT under coverity: %d", (int)debug_strict);
-#else
- if (debug_strict)
-#endif
- abort ();
-}
diff --git a/common/debug.h b/common/debug.h
deleted file mode 100644
index 6106f19..0000000
--- a/common/debug.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef P11_DEBUG_H
-#define P11_DEBUG_H
-
-#include "compat.h"
-
-/* Please keep this enum in sync with keys in debug.c */
-enum {
- P11_DEBUG_LIB = 1 << 1,
- P11_DEBUG_CONF = 1 << 2,
- P11_DEBUG_URI = 1 << 3,
- P11_DEBUG_PROXY = 1 << 4,
- P11_DEBUG_TRUST = 1 << 5,
- P11_DEBUG_TOOL = 1 << 6,
- P11_DEBUG_RPC = 1 << 7,
-};
-
-extern int p11_debug_current_flags;
-
-void p11_debug_init (void);
-
-void p11_debug_message (int flag,
- const char *format,
- ...) GNUC_PRINTF (2, 3);
-
-void p11_debug_precond (const char *format,
- ...) GNUC_PRINTF (1, 2)
- CLANG_ANALYZER_NORETURN;
-
-#ifndef assert_not_reached
-#define assert_not_reached() \
- (assert (false && "this code should not be reached"))
-#endif
-
-#define return_val_if_fail(x, v) \
- do { if (!(x)) { \
- p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
- return v; \
- } } while (false)
-
-#define return_if_fail(x) \
- do { if (!(x)) { \
- p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
- return; \
- } } while (false)
-
-#define return_if_reached() \
- do { \
- p11_debug_precond ("p11-kit: shouldn't be reached at %s\n", __func__); \
- return; \
- } while (false)
-
-#define return_val_if_reached(v) \
- do { \
- p11_debug_precond ("p11-kit: shouldn't be reached at %s\n", __func__); \
- return v; \
- } while (false)
-
-#define warn_if_reached(v) \
- do { \
- p11_debug_precond ("p11-kit: shouldn't be reached at %s\n", __func__); \
- } while (false)
-
-#define warn_if_fail(x) \
- do { if (!(x)) { \
- p11_debug_precond ("p11-kit: '%s' not true at %s\n", #x, __func__); \
- } } while (false)
-
-#endif /* DEBUG_H */
-
-/* -----------------------------------------------------------------------------
- * Below this point is outside the DEBUG_H guard - so it can take effect
- * more than once. So you can do:
- *
- * #define P11_DEBUG_FLAG P11_DEBUG_ONE_THING
- * #include "debug.h"
- * ...
- * p11_debug ("if we're debugging one thing");
- * ...
- * #undef P11_DEBUG_FLAG
- * #define P11_DEBUG_FLAG DEBUG_OTHER_THING
- * #include "debug.h"
- * ...
- * p11_debug ("if we're debugging the other thing");
- * ...
- */
-
-#ifdef P11_DEBUG_FLAG
-#ifdef WITH_DEBUG
-
-#undef p11_debug
-#define p11_debug(format, ...) do { \
- if (P11_DEBUG_FLAG & p11_debug_current_flags) \
- p11_debug_message (P11_DEBUG_FLAG, "%s: " format, __PRETTY_FUNCTION__, ##__VA_ARGS__); \
- } while (0)
-
-#undef p11_debugging
-#define p11_debugging \
- (P11_DEBUG_FLAG & p11_debug_current_flags)
-
-#else /* !defined (WITH_DEBUG) */
-
-#undef p11_debug
-#define p11_debug(format, ...) \
- do {} while (false)
-
-#undef p11_debugging
-#define p11_debugging (0)
-
-#endif /* !defined (WITH_DEBUG) */
-
-#endif /* defined (P11_DEBUG_FLAG) */
diff --git a/common/dict.c b/common/dict.c
deleted file mode 100644
index b7ab00d..0000000
--- a/common/dict.c
+++ /dev/null
@@ -1,389 +0,0 @@
-/*
- * Copyright (c) 2004 Stefan Walter
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- */
-
-#include "config.h"
-
-#include "debug.h"
-#include "dict.h"
-#include "hash.h"
-
-#include <sys/types.h>
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-struct _p11_dict {
- p11_dict_hasher hash_func;
- p11_dict_equals equal_func;
- p11_destroyer key_destroy_func;
- p11_destroyer value_destroy_func;
-
- struct _p11_dictbucket **buckets;
- unsigned int num_items;
- unsigned int num_buckets;
-};
-
-typedef struct _p11_dictbucket {
- void *key;
- unsigned int hashed;
- void *value;
- struct _p11_dictbucket *next;
-} dictbucket;
-
-static dictbucket *
-next_entry (p11_dictiter *iter)
-{
- dictbucket *bucket = iter->next;
- while (!bucket) {
- if (iter->index >= iter->dict->num_buckets)
- return NULL;
- bucket = iter->dict->buckets[iter->index++];
- }
- iter->next = bucket->next;
- return bucket;
-}
-
-
-bool
-p11_dict_next (p11_dictiter *iter,
- void **key,
- void **value)
-{
- dictbucket *bucket = next_entry (iter);
- if (bucket == NULL)
- return false;
- if (key)
- *key = bucket->key;
- if (value)
- *value = bucket->value;
- return true;
-}
-
-void
-p11_dict_iterate (p11_dict *dict,
- p11_dictiter *iter)
-{
- iter->dict = dict;
- iter->index = 0;
- iter->next = NULL;
-}
-
-static dictbucket **
-lookup_or_create_bucket (p11_dict *dict,
- const void *key,
- bool create)
-{
- dictbucket **bucketp;
- unsigned int hash;
-
- /* Perform the hashing */
- hash = dict->hash_func (key);
-
- /* scan linked list */
- for (bucketp = &dict->buckets[hash % dict->num_buckets];
- *bucketp != NULL; bucketp = &(*bucketp)->next) {
- if((*bucketp)->hashed == hash && dict->equal_func ((*bucketp)->key, key))
- break;
- }
-
- if ((*bucketp) != NULL || !create)
- return bucketp;
-
- /* add a new entry for non-NULL val */
- (*bucketp) = calloc (sizeof (dictbucket), 1);
-
- if (*bucketp != NULL) {
- (*bucketp)->key = (void*)key;
- (*bucketp)->hashed = hash;
- dict->num_items++;
- }
-
- return bucketp;
-}
-
-void *
-p11_dict_get (p11_dict *dict,
- const void *key)
-{
- dictbucket **bucketp;
-
- bucketp = lookup_or_create_bucket (dict, key, false);
- if (bucketp && *bucketp)
- return (void*)((*bucketp)->value);
- else
- return NULL;
-}
-
-bool
-p11_dict_set (p11_dict *dict,
- void *key,
- void *val)
-{
- dictbucket **bucketp;
- p11_dictiter iter;
- dictbucket *bucket;
- dictbucket **new_buckets;
- unsigned int num_buckets;
-
- bucketp = lookup_or_create_bucket (dict, key, true);
- if(bucketp && *bucketp) {
-
- /* Destroy the previous key */
- if ((*bucketp)->key && (*bucketp)->key != key && dict->key_destroy_func)
- dict->key_destroy_func ((*bucketp)->key);
-
- /* Destroy the previous value */
- if ((*bucketp)->value && (*bucketp)->value != val && dict->value_destroy_func)
- dict->value_destroy_func ((*bucketp)->value);
-
- /* replace entry */
- (*bucketp)->key = key;
- (*bucketp)->value = val;
-
- /* check that the collision rate isn't too high */
- if (dict->num_items > dict->num_buckets) {
- num_buckets = dict->num_buckets * 2 + 1;
- new_buckets = (dictbucket **)calloc (sizeof (dictbucket *), num_buckets);
-
- /* Ignore failures, maybe we can expand later */
- if(new_buckets) {
- p11_dict_iterate (dict, &iter);
- while ((bucket = next_entry (&iter)) != NULL) {
- unsigned int i = bucket->hashed % num_buckets;
- bucket->next = new_buckets[i];
- new_buckets[i] = bucket;
- }
-
- free (dict->buckets);
- dict->buckets = new_buckets;
- dict->num_buckets = num_buckets;
- }
- }
-
- return true;
- }
-
- return_val_if_reached (false);
-}
-
-bool
-p11_dict_steal (p11_dict *dict,
- const void *key,
- void **stolen_key,
- void **stolen_value)
-{
- dictbucket **bucketp;
-
- bucketp = lookup_or_create_bucket (dict, key, false);
- if (bucketp && *bucketp) {
- dictbucket *old = *bucketp;
- *bucketp = (*bucketp)->next;
- --dict->num_items;
- if (stolen_key)
- *stolen_key = old->key;
- if (stolen_value)
- *stolen_value = old->value;
- free (old);
- return true;
- }
-
- return false;
-
-}
-
-bool
-p11_dict_remove (p11_dict *dict,
- const void *key)
-{
- void *old_key;
- void *old_value;
-
- if (!p11_dict_steal (dict, key, &old_key, &old_value))
- return false;
-
- if (dict->key_destroy_func)
- dict->key_destroy_func (old_key);
- if (dict->value_destroy_func)
- dict->value_destroy_func (old_value);
- return true;
-}
-
-void
-p11_dict_clear (p11_dict *dict)
-{
- dictbucket *bucket, *next;
- unsigned int i;
-
- /* Free all entries in the array */
- for (i = 0; i < dict->num_buckets; ++i) {
- bucket = dict->buckets[i];
- while (bucket != NULL) {
- next = bucket->next;
- if (dict->key_destroy_func)
- dict->key_destroy_func (bucket->key);
- if (dict->value_destroy_func)
- dict->value_destroy_func (bucket->value);
- free (bucket);
- bucket = next;
- }
- }
-
- memset (dict->buckets, 0, dict->num_buckets * sizeof (dictbucket *));
- dict->num_items = 0;
-}
-
-p11_dict *
-p11_dict_new (p11_dict_hasher hash_func,
- p11_dict_equals equal_func,
- p11_destroyer key_destroy_func,
- p11_destroyer value_destroy_func)
-{
- p11_dict *dict;
-
- assert (hash_func);
- assert (equal_func);
-
- dict = malloc (sizeof (p11_dict));
- if (dict) {
- dict->hash_func = hash_func;
- dict->equal_func = equal_func;
- dict->key_destroy_func = key_destroy_func;
- dict->value_destroy_func = value_destroy_func;
-
- dict->num_buckets = 9;
- dict->buckets = (dictbucket **)calloc (sizeof (dictbucket *), dict->num_buckets);
- if (!dict->buckets) {
- free (dict);
- return NULL;
- }
-
- dict->num_items = 0;
- }
-
- return dict;
-}
-
-void
-p11_dict_free (p11_dict *dict)
-{
- dictbucket *bucket;
- p11_dictiter iter;
-
- if (!dict)
- return;
-
- p11_dict_iterate (dict, &iter);
- while ((bucket = next_entry (&iter)) != NULL) {
- if (dict->key_destroy_func)
- dict->key_destroy_func (bucket->key);
- if (dict->value_destroy_func)
- dict->value_destroy_func (bucket->value);
- free (bucket);
- }
-
- if (dict->buckets)
- free (dict->buckets);
-
- free (dict);
-}
-
-unsigned int
-p11_dict_size (p11_dict *dict)
-{
- return dict->num_items;
-}
-
-unsigned int
-p11_dict_str_hash (const void *string)
-{
- uint32_t hash;
- p11_hash_murmur3 (&hash, string, strlen (string), NULL);
- return hash;
-}
-
-bool
-p11_dict_str_equal (const void *string_one,
- const void *string_two)
-{
- assert (string_one);
- assert (string_two);
-
- return strcmp (string_one, string_two) == 0;
-}
-
-unsigned int
-p11_dict_ulongptr_hash (const void *to_ulong)
-{
- assert (to_ulong);
- return (unsigned int)*((unsigned long*)to_ulong);
-}
-
-bool
-p11_dict_ulongptr_equal (const void *ulong_one,
- const void *ulong_two)
-{
- assert (ulong_one);
- assert (ulong_two);
- return *((unsigned long*)ulong_one) == *((unsigned long*)ulong_two);
-}
-
-unsigned int
-p11_dict_intptr_hash (const void *to_int)
-{
- assert (to_int);
- return (unsigned int)*((int*)to_int);
-}
-
-bool
-p11_dict_intptr_equal (const void *int_one,
- const void *int_two)
-{
- assert (int_one);
- assert (int_two);
- return *((int*)int_one) == *((int*)int_two);
-}
-
-unsigned int
-p11_dict_direct_hash (const void *ptr)
-{
- return (unsigned int)(size_t)ptr;
-}
-
-bool
-p11_dict_direct_equal (const void *ptr_one,
- const void *ptr_two)
-{
- return ptr_one == ptr_two;
-}
diff --git a/common/dict.h b/common/dict.h
deleted file mode 100644
index 080f6b8..0000000
--- a/common/dict.h
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Copyright (c) 2004 Stefan Walter
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Waler <stefw@collabora.co.uk>
- */
-
-#ifndef P11_DICT_H_
-#define P11_DICT_H_
-
-#include "compat.h"
-
-/*
- * ARGUMENT DOCUMENTATION
- *
- * dict: The dict
- * key: Pointer to the key value
- * val: Pointer to the value
- * iter: A dict iterator
- */
-
-
-/* ----------------------------------------------------------------------------------
- * TYPES
- */
-
-/* Abstract type for dicts. */
-typedef struct _p11_dict p11_dict;
-
-/* Type for scanning hash tables. */
-typedef struct _p11_dictiter {
- p11_dict *dict;
- struct _p11_dictbucket *next;
- unsigned int index;
-} p11_dictiter;
-
-typedef unsigned int (*p11_dict_hasher) (const void *data);
-
-typedef bool (*p11_dict_equals) (const void *one,
- const void *two);
-
-#ifndef P11_DESTROYER_DEFINED
-#define P11_DESTROYER_DEFINED
-
-typedef void (*p11_destroyer) (void *data);
-
-#endif
-
-/* -----------------------------------------------------------------------------
- * MAIN
- */
-
-/*
- * p11_dict_create : Create a hash table
- * - returns an allocated hashtable
- */
-p11_dict * p11_dict_new (p11_dict_hasher hasher,
- p11_dict_equals equals,
- p11_destroyer key_destroyer,
- p11_destroyer value_destroyer);
-
-/*
- * p11_dict_free : Free a hash table
- */
-void p11_dict_free (p11_dict *dict);
-
-/*
- * p11_dict_size: Number of values in hash table
- * - returns the number of entries in hash table
- */
-unsigned int p11_dict_size (p11_dict *dict);
-
-/*
- * p11_dict_get: Retrieves a value from the hash table
- * - returns the value of the entry
- */
-void* p11_dict_get (p11_dict *dict,
- const void *key);
-
-/*
- * p11_dict_set: Set a value in the hash table
- * - returns true if the entry was added properly
- */
-bool p11_dict_set (p11_dict *dict,
- void *key,
- void *value);
-
-/*
- * p11_dict_remove: Remove a value from the hash table
- * - returns true if the entry was found
- */
-bool p11_dict_remove (p11_dict *dict,
- const void *key);
-
-/*
- * p11_dict_steal: Remove a value from the hash table without calling
- * destroy funcs
- * - returns true if the entry was found
- */
-bool p11_dict_steal (p11_dict *dict,
- const void *key,
- void **stolen_key,
- void **stolen_value);
-
-/*
- * p11_dict_iterate: Start enumerating through the hash table
- * - returns a hash iterator
- */
-void p11_dict_iterate (p11_dict *dict,
- p11_dictiter *iter);
-
-/*
- * p11_dict_next: Enumerate through hash table
- * - sets key and value to key and/or value
- * - returns whether there was another entry
- * - p11_dict_remove or p11_dict_steal is safe to use on
- * the current key.
- */
-bool p11_dict_next (p11_dictiter *iter,
- void **key,
- void **value);
-
-/*
- * p11_dict_clear: Clear all values from has htable.
- */
-void p11_dict_clear (p11_dict *dict);
-
-/* -----------------------------------------------------------------------------
- * KEY FUNCTIONS
- */
-
-unsigned int p11_dict_str_hash (const void *string);
-
-bool p11_dict_str_equal (const void *string_one,
- const void *string_two);
-
-unsigned int p11_dict_ulongptr_hash (const void *to_ulong);
-
-bool p11_dict_ulongptr_equal (const void *ulong_one,
- const void *ulong_two);
-
-unsigned int p11_dict_intptr_hash (const void *to_int);
-
-bool p11_dict_intptr_equal (const void *int_one,
- const void *int_two);
-
-unsigned int p11_dict_direct_hash (const void *ptr);
-
-bool p11_dict_direct_equal (const void *ptr_one,
- const void *ptr_two);
-
-#endif /* __P11_DICT_H__ */
diff --git a/common/frob-getauxval.c b/common/frob-getauxval.c
deleted file mode 100644
index 02745be..0000000
--- a/common/frob-getauxval.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-int
-main (int argc,
- char *argv[])
-{
- unsigned long type = 0;
- unsigned long ret;
-
- if (argc == 2)
- type = atoi (argv[1]);
-
- if (type == 0) {
- fprintf (stderr, "usage: frob-getauxval 23");
- abort ();
- }
-
- ret = getauxval (type);
- printf ("getauxval(%lu) == %lu\n", type, ret);
- return (int)ret;
-}
diff --git a/common/frob-getenv.c b/common/frob-getenv.c
deleted file mode 100644
index a36594a..0000000
--- a/common/frob-getenv.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2014 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-int
-main (int argc,
- char *argv[])
-{
- int ret;
- const char *val;
-
-fprintf (stderr, "calling secure_getenv(%s) getenv(%s) = %s\n", argv[1], argv[1], getenv(argv[1]));
- val = secure_getenv (argv[1]);
- if (val == NULL) {
- printf ("%s=NULL\n", argv[1]);
- return 0;
- }
-
- ret = atoi (val);
- if (ret == 0) {
- fprintf (stderr, "usage: frob-getenv VAR");
- abort ();
- }
-
- printf ("%s=%d\n", argv[1], ret);
- return ret;
-}
diff --git a/common/hash.c b/common/hash.c
deleted file mode 100644
index 5572085..0000000
--- a/common/hash.c
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*! \file
- * SHA-1 in C
- * \author By Steve Reid <steve@edmweb.com>
- * 100% Public Domain
- * \verbatim
- * Test Vectors
- * "abc"
- * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
- * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
- * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
- * A million repetitions of "a"
- * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
- * \endverbatim
- */
-
-#include "config.h"
-
-#include "hash.h"
-
-#include <assert.h>
-#include <stdarg.h>
-#include <stdint.h>
-#include <string.h>
-
-/* This code is based on the public domain MurmurHash3 from Austin Appleby:
- * http://code.google.com/p/smhasher/source/browse/trunk/MurmurHash3.cpp
- *
- * We use only the 32 bit variant, and slow it down a bit to support unaligned
- * reads.
- */
-
-#if !defined(__cplusplus) && (__GNUC__ > 2)
-#define GNUC_INLINE __attribute__((always_inline))
-#else
-#define GNUC_INLINE
-#endif
-
-GNUC_INLINE static inline uint32_t
-rotl (uint32_t x,
- int8_t r)
-{
- return (x << r) | (x >> (32 - r));
-}
-
-/*
- * Finalization mix - force all bits of a hash block to avalanche
- */
-
-GNUC_INLINE static inline uint32_t
-fmix (uint32_t h)
-{
- h ^= h >> 16;
- h *= 0x85ebca6b;
- h ^= h >> 13;
- h *= 0xc2b2ae35;
- h ^= h >> 16;
-
- return h;
-}
-
-
-void
-p11_hash_murmur3 (void *hash,
- const void *input,
- size_t len,
- ...)
-{
- uint8_t overflow[4];
- const uint8_t *data;
- va_list va;
- uint32_t h1;
- uint32_t k1;
- uint32_t c1;
- uint32_t c2;
-
- h1 = 42; /* arbitrary choice of seed */
- c1 = 0xcc9e2d51;
- c2 = 0x1b873593;
- data = input;
-
- /* body */
-
- /* Mix 4 bytes at a time into the hash */
- va_start (va, len);
- for (;;) {
- if (len >= 4) {
- memcpy (&k1, data, 4);
- data += 4;
- len -= 4;
-
- } else {
- size_t num = len;
- memcpy (overflow, data, len);
-
- while (num < 4) {
- size_t part;
-
- data = va_arg (va, const void *);
- if (!data)
- break;
-
- /* Combine uint32 from old and new */
- len = va_arg (va, size_t);
- part = 4 - num;
- if (part > len)
- part = len;
- memcpy (overflow + num, data, part);
- data += part;
- len -= part;
- num += part;
- }
-
- if (num < 4) {
- len = num;
- break;
- }
-
- memcpy (&k1, overflow, 4);
- }
-
- k1 *= c1;
- k1 = rotl (k1, 15);
- k1 *= c2;
-
- h1 ^= k1;
- h1 = rotl (h1, 13);
- h1 = h1 * 5 + 0xe6546b64;
- }
- va_end (va);
-
- /* tail */
-
- k1 = 0;
-
- switch (len) {
- case 3:
- k1 ^= overflow[2] << 16;
- case 2:
- k1 ^= overflow[1] << 8;
- case 1:
- k1 ^= overflow[0];
- k1 *= c1;
- k1 = rotl (k1, 15);
- k1 *= c2;
- h1 ^= k1;
- default:
- break;
- }
-
- /* finalization */
-
- h1 ^= len;
- h1 = fmix(h1);
-
- assert (sizeof (h1) == P11_HASH_MURMUR3_LEN);
- memcpy (hash, &h1, sizeof (h1));
-}
diff --git a/common/hash.h b/common/hash.h
deleted file mode 100644
index 41371c6..0000000
--- a/common/hash.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_HASH_H_
-#define P11_HASH_H_
-
-#include "compat.h"
-
-#define P11_HASH_MURMUR3_LEN 4
-
-void p11_hash_murmur3 (void *hash,
- const void *input,
- size_t length,
- ...) GNUC_NULL_TERMINATED;
-
-#endif /* P11_HASH_H_ */
diff --git a/common/lexer.c b/common/lexer.c
deleted file mode 100644
index 6253492..0000000
--- a/common/lexer.c
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
- * Copyright (c) 2005 Stefan Walter
- * Copyright (c) 2011 Collabora Ltd.
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_CONF
-#include "debug.h"
-#include "lexer.h"
-#include "message.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-void
-p11_lexer_init (p11_lexer *lexer,
- const char *filename,
- const char *data,
- size_t length)
-{
- return_if_fail (lexer != NULL);
-
- memset (lexer, 0, sizeof (p11_lexer));
- lexer->at = data;
- lexer->remaining = length;
-
- return_if_fail (filename != NULL);
- lexer->filename = strdup (filename);
- return_if_fail (lexer->filename != NULL);
-}
-
-static void
-clear_state (p11_lexer *lexer)
-{
- switch (lexer->tok_type) {
- case TOK_FIELD:
- free (lexer->tok.field.name);
- free (lexer->tok.field.value);
- break;
- case TOK_SECTION:
- free (lexer->tok.section.name);
- break;
- case TOK_PEM:
- case TOK_EOF:
- break;
- }
-
- memset (&lexer->tok, 0, sizeof (lexer->tok));
- lexer->tok_type = TOK_EOF;
- lexer->complained = false;
-}
-
-bool
-p11_lexer_next (p11_lexer *lexer,
- bool *failed)
-{
- const char *colon;
- const char *value;
- const char *line;
- const char *end;
- const char *pos;
- char *part;
-
- return_val_if_fail (lexer != NULL, false);
-
- clear_state (lexer);
- if (failed)
- *failed = false;
-
- /* Go through lines and process them */
- while (lexer->remaining != 0) {
- assert (lexer->remaining > 0);
-
- /* Is this line the start of a PEM block? */
- if (strncmp (lexer->at, "-----BEGIN ", 11) == 0) {
- pos = strnstr (lexer->at, "\n-----END ", lexer->remaining);
- if (pos != NULL) {
- end = memchr (pos + 1, '\n', lexer->remaining - (pos - lexer->at) - 1);
- if (end)
- end += 1;
- else
- end = lexer->at + lexer->remaining;
- lexer->tok_type = TOK_PEM;
- lexer->tok.pem.begin = lexer->at;
- lexer->tok.pem.length = end - lexer->at;
- assert (end - lexer->at <= lexer->remaining);
- lexer->remaining -= (end - lexer->at);
- lexer->at = end;
- return true;
- }
-
- p11_lexer_msg (lexer, "invalid pem block: no ending line");
- if (failed)
- *failed = true;
- return false;
- }
-
- line = lexer->at;
- end = memchr (lexer->at, '\n', lexer->remaining);
- if (end == NULL) {
- end = lexer->at + lexer->remaining;
- lexer->remaining = 0;
- lexer->at = end;
- } else {
- assert ((end - lexer->at) + 1 <= lexer->remaining);
- lexer->remaining -= (end - lexer->at) + 1;
- lexer->at = end + 1;
- }
-
- /* Strip whitespace from line */
- while (line != end && isspace (line[0]))
- ++line;
- while (line != end && isspace (*(end - 1)))
- --end;
-
- /* Empty lines / comments at start */
- if (line == end || line[0] == '#')
- continue;
-
- /* Is the the a section ? */
- if (line[0] == '[') {
- if (*(end - 1) != ']') {
- part = strndup (line, end - line);
- p11_lexer_msg (lexer, "invalid section header: missing braces");
- free (part);
- if (failed)
- *failed = true;
- return false;
- }
-
- lexer->tok_type = TOK_SECTION;
- lexer->tok.section.name = strndup (line + 1, (end - line) - 2);
- return_val_if_fail (lexer->tok.section.name != NULL, false);
- return true;
- }
-
- /* Look for the break between name: value on the same line */
- colon = memchr (line, ':', end - line);
- if (!colon) {
- part = strndup (line, end - line);
- p11_lexer_msg (lexer, "invalid field line: no colon");
- free (part);
- if (failed)
- *failed = true;
- return false;
- }
-
- /* Strip whitespace from name and value */
- value = colon + 1;
- while (value != end && isspace (value[0]))
- ++value;
- while (line != colon && isspace (*(colon - 1)))
- --colon;
-
- lexer->tok_type = TOK_FIELD;
- lexer->tok.field.name = strndup (line, colon - line);
- lexer->tok.field.value = strndup (value, end - value);
- return_val_if_fail (lexer->tok.field.name && lexer->tok.field.value, false);
- return true;
- }
-
- return false;
-}
-
-void
-p11_lexer_done (p11_lexer *lexer)
-{
- return_if_fail (lexer != NULL);
- clear_state (lexer);
- free (lexer->filename);
- memset (lexer, 0, sizeof (p11_lexer));
-}
-
-void
-p11_lexer_msg (p11_lexer *lexer,
- const char *msg)
-{
- return_if_fail (lexer != NULL);
-
- if (lexer->complained)
- return;
-
- switch (lexer->tok_type) {
- case TOK_FIELD:
- p11_message ("%s: %s: %s", lexer->filename,
- lexer->tok.field.name, msg);
- break;
- case TOK_SECTION:
- p11_message ("%s: [%s]: %s", lexer->filename,
- lexer->tok.section.name, msg);
- break;
- case TOK_PEM:
- p11_message ("%s: BEGIN ...: %s", lexer->filename, msg);
- break;
- default:
- p11_message ("%s: %s", lexer->filename, msg);
- break;
- }
-
- lexer->complained = true;
-}
diff --git a/common/lexer.h b/common/lexer.h
deleted file mode 100644
index 9daf296..0000000
--- a/common/lexer.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Copyright (c) 2005 Stefan Walter
- * Copyright (c) 2011 Collabora Ltd.
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_LEXER_H__
-#define P11_LEXER_H__
-
-#include "compat.h"
-
-enum {
- TOK_EOF = 0,
- TOK_SECTION = 1,
- TOK_FIELD,
- TOK_PEM,
-};
-
-typedef struct {
- char *filename;
- const char *at;
- int remaining;
- int complained;
-
- int tok_type;
- union {
- struct {
- char *name;
- } section;
- struct {
- char *name;
- char *value;
- } field;
- struct {
- const char *begin;
- size_t length;
- } pem;
- } tok;
-} p11_lexer;
-
-void p11_lexer_init (p11_lexer *lexer,
- const char *filename,
- const char *data,
- size_t length);
-
-bool p11_lexer_next (p11_lexer *lexer,
- bool *failed);
-
-void p11_lexer_done (p11_lexer *lexer);
-
-void p11_lexer_msg (p11_lexer *lexer,
- const char *msg);
-
-#endif /* P11_LEXER_H__ */
diff --git a/common/library.c b/common/library.c
deleted file mode 100644
index 502ea98..0000000
--- a/common/library.c
+++ /dev/null
@@ -1,212 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd
- * Copyright (c) 2012 Stef Walter
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#define P11_DEBUG_FLAG P11_DEBUG_LIB
-#include "debug.h"
-#include "library.h"
-#include "message.h"
-
-#include <assert.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#define P11_MESSAGE_MAX 512
-
-typedef struct {
- char message[P11_MESSAGE_MAX];
-} p11_local;
-
-static p11_local * _p11_library_get_thread_local (void);
-
-p11_mutex_t p11_library_mutex;
-
-#ifdef OS_UNIX
-pthread_once_t p11_library_once = PTHREAD_ONCE_INIT;
-#endif
-
-unsigned int p11_forkid = 1;
-
-static char *
-thread_local_message (void)
-{
- p11_local *local;
- local = _p11_library_get_thread_local ();
- return local ? local->message : NULL;
-}
-
-static char *
-dont_store_message (void)
-{
- return NULL;
-}
-
-static void
-uninit_common (void)
-{
- p11_debug ("uninitializing library");
-}
-
-#ifdef OS_UNIX
-
-static pthread_key_t thread_local = 0;
-
-static p11_local *
-_p11_library_get_thread_local (void)
-{
- p11_local *local;
-
- p11_library_init_once ();
-
- local = pthread_getspecific (thread_local);
- if (local == NULL) {
- local = calloc (1, sizeof (p11_local));
- pthread_setspecific (thread_local, local);
- }
-
- return local;
-}
-
-static void
-count_forks (void)
-{
- /* Thread safe, executed in child, one thread exists */
- p11_forkid++;
-}
-
-void
-p11_library_init_impl (void)
-{
- p11_debug_init ();
- p11_debug ("initializing library");
- p11_mutex_init (&p11_library_mutex);
- pthread_key_create (&thread_local, free);
- p11_message_storage = thread_local_message;
-
- pthread_atfork (NULL, NULL, count_forks);
-}
-
-void
-p11_library_init (void)
-{
- p11_library_init_once ();
-}
-
-void
-p11_library_uninit (void)
-{
- uninit_common ();
-
- /* Some cleanup to pacify valgrind */
- free (pthread_getspecific (thread_local));
- pthread_setspecific (thread_local, NULL);
-
- p11_message_storage = dont_store_message;
- pthread_key_delete (thread_local);
- p11_mutex_uninit (&p11_library_mutex);
-}
-
-#endif /* OS_UNIX */
-
-#ifdef OS_WIN32
-
-static DWORD thread_local = TLS_OUT_OF_INDEXES;
-
-BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID);
-
-static p11_local *
-_p11_library_get_thread_local (void)
-{
- LPVOID data;
-
- if (thread_local == TLS_OUT_OF_INDEXES)
- return NULL;
-
- data = TlsGetValue (thread_local);
- if (data == NULL) {
- data = LocalAlloc (LPTR, sizeof (p11_local));
- TlsSetValue (thread_local, data);
- }
-
- return (p11_local *)data;
-}
-
-void
-p11_library_init (void)
-{
- p11_debug_init ();
- p11_debug ("initializing library");
- p11_mutex_init (&p11_library_mutex);
- thread_local = TlsAlloc ();
- if (thread_local == TLS_OUT_OF_INDEXES)
- p11_debug ("couldn't setup tls");
- else
- p11_message_storage = thread_local_message;
-}
-
-void
-p11_library_thread_cleanup (void)
-{
- p11_local *local;
- if (thread_local != TLS_OUT_OF_INDEXES) {
- p11_debug ("thread stopped, freeing tls");
- local = TlsGetValue (thread_local);
- LocalFree (local);
- }
-}
-
-void
-p11_library_uninit (void)
-{
- LPVOID data;
-
- uninit_common ();
-
- if (thread_local != TLS_OUT_OF_INDEXES) {
- p11_message_storage = dont_store_message;
- data = TlsGetValue (thread_local);
- LocalFree (data);
- TlsFree (thread_local);
- }
- p11_mutex_uninit (&p11_library_mutex);
-}
-
-#endif /* OS_WIN32 */
diff --git a/common/library.h b/common/library.h
deleted file mode 100644
index f87494d..0000000
--- a/common/library.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stef@memberwebs.com>
- */
-
-#ifndef P11_LIBRARY_H_
-#define P11_LIBRARY_H_
-
-#include "config.h"
-#include "compat.h"
-
-#include <sys/types.h>
-
-extern p11_mutex_t p11_library_mutex;
-
-extern unsigned int p11_forkid;
-
-#define p11_lock() p11_mutex_lock (&p11_library_mutex);
-
-#define p11_unlock() p11_mutex_unlock (&p11_library_mutex);
-
-#ifdef OS_WIN32
-
-/* No implementation, because done by DllMain */
-#define p11_library_init_once()
-
-#else /* !OS_WIN32 */
-extern pthread_once_t p11_library_once;
-
-#define p11_library_init_once() \
- pthread_once (&p11_library_once, p11_library_init_impl);
-
-void p11_library_init_impl (void);
-
-#endif /* !OS_WIN32 */
-
-void p11_library_init (void);
-
-void p11_library_thread_cleanup (void);
-
-void p11_library_uninit (void);
-
-#endif /* P11_LIBRARY_H_ */
diff --git a/common/message.c b/common/message.c
deleted file mode 100644
index 35f2764..0000000
--- a/common/message.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd
- * Copyright (c) 2012 Stef Walter
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-
-/*
- * Oh god. glibc is nasty. Changes behavior and definitions of POSIX
- * functions to completely different signatures depending on defines
- */
-#define _POSIX_C_SOURCE 200112L
-
-#include "compat.h"
-#define P11_DEBUG_FLAG P11_DEBUG_LIB
-#include "debug.h"
-#include "message.h"
-
-#include <assert.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-static bool print_messages = true;
-
-static char *
-default_message_storage (void)
-{
- static char message[P11_MESSAGE_MAX] = { 0, };
- return message;
-}
-
-/* Function pointer declared in message.h as extern */
-char * (* p11_message_storage) (void) = default_message_storage;
-
-void
-p11_message_store (const char* msg,
- size_t length)
-{
- char *buffer;
-
- /*
- * p11_message_storage() is called to get a storage location for
- * the last message. It defaults to a globally allocated buffer
- * but is overridden in library.c with a function that returns
- * per thread buffers.
- *
- * The returned value is P11_MESSAGE_MAX bytes long
- */
- buffer = p11_message_storage ();
-
- if (length > P11_MESSAGE_MAX - 1)
- length = P11_MESSAGE_MAX - 1;
-
- if (buffer != NULL) {
- memcpy (buffer, msg, length);
- buffer[length] = 0;
- }
-}
-
-void
-p11_message_err (int errnum,
- const char* msg,
- ...)
-{
- char buffer[P11_MESSAGE_MAX];
- char strerr[P11_MESSAGE_MAX];
- va_list va;
- size_t length;
-
- va_start (va, msg);
- length = vsnprintf (buffer, P11_MESSAGE_MAX - 1, msg, va);
- va_end (va);
-
- /* Was it truncated? */
- if (length > P11_MESSAGE_MAX - 1)
- length = P11_MESSAGE_MAX - 1;
- buffer[length] = 0;
-
- strncpy (strerr, "Unknown error", sizeof (strerr));
- strerror_r (errnum, strerr, sizeof (strerr));
- strerr[P11_MESSAGE_MAX - 1] = 0;
-
- p11_message ("%s: %s", buffer, strerr);
-}
-
-void
-p11_message (const char* msg,
- ...)
-{
- char buffer[P11_MESSAGE_MAX];
- va_list va;
- size_t length;
-
- va_start (va, msg);
- length = vsnprintf (buffer, P11_MESSAGE_MAX - 1, msg, va);
- va_end (va);
-
- /* Was it truncated? */
- if (length > P11_MESSAGE_MAX - 1)
- length = P11_MESSAGE_MAX - 1;
- buffer[length] = 0;
-
- /* If printing is not disabled, just print out */
- if (print_messages)
- fprintf (stderr, "p11-kit: %s\n", buffer);
- else
- p11_debug_message (P11_DEBUG_LIB, "message: %s", buffer);
- p11_message_store (buffer, length);
-}
-
-void
-p11_message_quiet (void)
-{
- print_messages = false;
-}
-
-void
-p11_message_loud (void)
-{
- print_messages = true;
-}
-
-const char *
-p11_message_last (void)
-{
- char *buffer;
- buffer = p11_message_storage ();
- return buffer && buffer[0] ? buffer : NULL;
-}
-
-void
-p11_message_clear (void)
-{
- char *buffer;
- buffer = p11_message_storage ();
- if (buffer != NULL)
- buffer[0] = 0;
-}
diff --git a/common/message.h b/common/message.h
deleted file mode 100644
index 3fe86df..0000000
--- a/common/message.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stef@memberwebs.com>
- */
-
-#ifndef P11_MESSAGE_H_
-#define P11_MESSAGE_H_
-
-#include "compat.h"
-
-#include <sys/types.h>
-
-#define P11_MESSAGE_MAX 512
-
-extern char * (* p11_message_storage) (void);
-
-void p11_message (const char* msg,
- ...) GNUC_PRINTF (1, 2);
-
-void p11_message_err (int errnum,
- const char* msg,
- ...) GNUC_PRINTF (2, 3);
-
-void p11_message_store (const char* msg,
- size_t length);
-
-const char * p11_message_last (void);
-
-void p11_message_clear (void);
-
-void p11_message_quiet (void);
-
-void p11_message_loud (void);
-
-#endif /* P11_MESSAGE_H_ */
diff --git a/common/mock.c b/common/mock.c
deleted file mode 100644
index c3f2503..0000000
--- a/common/mock.c
+++ /dev/null
@@ -1,3975 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "debug.h"
-#define CRYPTOKI_EXPORTS
-#include "pkcs11.h"
-#include "message.h"
-
-#include "mock.h"
-
-#include "attrs.h"
-#define P11_DEBUG_FLAG P11_DEBUG_LIB
-#include "debug.h"
-#include "dict.h"
-#include "array.h"
-#include "library.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-/* -------------------------------------------------------------------
- * GLOBALS and SUPPORT STUFF
- */
-
-/* Various mutexes */
-static p11_mutex_t init_mutex;
-
-/* Whether we've been initialized, and on what process id it happened */
-static bool pkcs11_initialized = false;
-static pid_t pkcs11_initialized_pid = 0;
-
-static CK_UTF8CHAR *the_pin = NULL;
-static CK_ULONG n_the_pin = 0;
-
-static bool logged_in = false;
-static CK_USER_TYPE the_user_type = 0;
-
-typedef struct _Session {
- CK_SESSION_HANDLE handle;
- p11_dict *objects;
- CK_SESSION_INFO info;
-
- /* For find operations */
- bool finding;
- p11_array *matches;
-
- bool want_context_login;
-
- /* For encrypt, decrypt operations */
- CK_OBJECT_HANDLE crypto_key;
- CK_ATTRIBUTE_TYPE crypto_method;
- CK_MECHANISM_TYPE crypto_mechanism;
-
- /* For sign, verify, digest, CKM_MOCK_COUNT */
- CK_MECHANISM_TYPE hash_mechanism;
- CK_ATTRIBUTE_TYPE hash_method;
- CK_OBJECT_HANDLE hash_key;
- CK_ULONG hash_count;
-
- /* For 'signing' with CKM_MOCK_PREFIX */
- CK_BYTE sign_prefix[128];
- CK_ULONG n_sign_prefix;
-
- /* The random seed */
- CK_BYTE random_seed[128];
- CK_ULONG random_seed_len;
-} Session;
-
-static unsigned int unique_identifier = 100;
-static p11_dict *the_sessions = NULL;
-static p11_dict *the_objects = NULL;
-
-#define SIGNED_PREFIX "signed-prefix:"
-
-#define handle_to_pointer(handle) \
- ((void *)(size_t)(handle))
-
-#define pointer_to_handle(pointer) \
- ((CK_ULONG)(size_t)(pointer))
-
-static void
-free_session (void *data)
-{
- Session *sess = (Session *)data;
- if (sess) {
- p11_dict_free (sess->objects);
- p11_array_free (sess->matches);
- }
- free (sess);
-}
-
-static CK_RV
-lookup_object (Session *sess,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE **attrs,
- p11_dict **table)
-{
- CK_BBOOL priv;
-
- *attrs = p11_dict_get (the_objects, handle_to_pointer (object));
- if (*attrs) {
- if (table)
- *table = the_objects;
- } else {
- *attrs = p11_dict_get (sess->objects, handle_to_pointer (object));
- if (*attrs) {
- if (table)
- *table = sess->objects;
- }
- }
-
- if (!*attrs)
- return CKR_OBJECT_HANDLE_INVALID;
- else if (!logged_in && p11_attrs_find_bool (*attrs, CKA_PRIVATE, &priv) && priv)
- return CKR_USER_NOT_LOGGED_IN;
-
- return CKR_OK;
-}
-
-void
-mock_module_add_object (CK_SLOT_ID slot_id,
- const CK_ATTRIBUTE *attrs)
-{
- CK_ATTRIBUTE *copy;
-
- return_if_fail (slot_id == MOCK_SLOT_ONE_ID);
- return_if_fail (attrs != NULL);
-
- copy = p11_attrs_dup (attrs);
- return_if_fail (copy != NULL);
-
- mock_module_take_object (slot_id, copy);
-}
-
-void
-mock_module_take_object (CK_SLOT_ID slot_id,
- CK_ATTRIBUTE *attrs)
-{
- CK_OBJECT_HANDLE object;
-
- return_if_fail (slot_id == MOCK_SLOT_ONE_ID);
- return_if_fail (attrs != NULL);
-
- object = ++unique_identifier;
- if (!p11_dict_set (the_objects, handle_to_pointer (object), attrs))
- return_if_reached ();
-}
-
-static void
-module_reset_objects (CK_SLOT_ID slot_id)
-{
- return_if_fail (slot_id == MOCK_SLOT_ONE_ID);
-
- if (!the_objects) {
- the_objects = p11_dict_new (p11_dict_direct_hash,
- p11_dict_direct_equal,
- NULL, p11_attrs_free);
- return_if_fail (the_objects != NULL);
- }
-
- p11_dict_clear (the_objects);
-
- /* Our token object */
- {
- CK_OBJECT_CLASS klass = CKO_DATA;
- char *label = "TEST LABEL";
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_LABEL, label, strlen (label) },
- { CKA_INVALID, NULL, 0 },
- };
- p11_dict_set (the_objects, handle_to_pointer (MOCK_DATA_OBJECT), p11_attrs_dup (attrs));
- }
-
- /* Private capitalize key */
- {
- CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY;
- char *label = "Private Capitalize Key";
- char *value = "value";
- CK_MECHANISM_TYPE type = CKM_MOCK_CAPITALIZE;
- CK_BBOOL btrue = CK_TRUE;
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_LABEL, label, strlen (label) },
- { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) },
- { CKA_DECRYPT, &btrue, sizeof (btrue) },
- { CKA_PRIVATE, &btrue, sizeof (btrue) },
- { CKA_WRAP, &btrue, sizeof (btrue) },
- { CKA_UNWRAP, &btrue, sizeof (btrue) },
- { CKA_DERIVE, &btrue, sizeof (btrue) },
- { CKA_VALUE, value, strlen (value) },
- { CKA_INVALID, NULL, 0 },
- };
- p11_dict_set (the_objects, handle_to_pointer (MOCK_PRIVATE_KEY_CAPITALIZE), p11_attrs_dup (attrs));
-
- }
-
- {
- CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY;
- char *label = "Public Capitalize Key";
- char *value = "value";
- CK_MECHANISM_TYPE type = CKM_MOCK_CAPITALIZE;
- CK_BBOOL btrue = CK_TRUE;
- CK_BBOOL bfalse = CK_FALSE;
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_LABEL, label, strlen (label) },
- { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) },
- { CKA_ENCRYPT, &btrue, sizeof (btrue) },
- { CKA_PRIVATE, &bfalse, sizeof (bfalse) },
- { CKA_VALUE, value, strlen (value) },
- { CKA_INVALID, NULL, 0 },
- };
- p11_dict_set (the_objects, handle_to_pointer (MOCK_PUBLIC_KEY_CAPITALIZE), p11_attrs_dup (attrs));
-
- }
-
- {
- CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY;
- char *label = "Private prefix key";
- char *value = "value";
- CK_MECHANISM_TYPE type = CKM_MOCK_PREFIX;
- CK_BBOOL btrue = CK_TRUE;
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_LABEL, label, strlen (label) },
- { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) },
- { CKA_SIGN, &btrue, sizeof (btrue) },
- { CKA_PRIVATE, &btrue, sizeof (btrue) },
- { CKA_ALWAYS_AUTHENTICATE, &btrue, sizeof (btrue) },
- { CKA_VALUE, value, strlen (value) },
- { CKA_INVALID, NULL, 0 },
- };
- p11_dict_set (the_objects, handle_to_pointer (MOCK_PRIVATE_KEY_PREFIX), p11_attrs_dup (attrs));
-
- }
-
- {
- CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY;
- char *label = "Public prefix key";
- char *value = "value";
- CK_MECHANISM_TYPE type = CKM_MOCK_PREFIX;
- CK_BBOOL btrue = CK_TRUE;
- CK_BBOOL bfalse = CK_FALSE;
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_LABEL, label, strlen (label) },
- { CKA_ALLOWED_MECHANISMS, &type, sizeof (type) },
- { CKA_VERIFY, &btrue, sizeof (btrue) },
- { CKA_PRIVATE, &bfalse, sizeof (bfalse) },
- { CKA_ALWAYS_AUTHENTICATE, &btrue, sizeof (btrue) },
- { CKA_VALUE, value, strlen (value) },
- { CKA_INVALID, NULL, 0 },
- };
- p11_dict_set (the_objects, handle_to_pointer (MOCK_PUBLIC_KEY_PREFIX), p11_attrs_dup (attrs));
-
- }
-}
-
-static void
-module_finalize (void)
-{
- p11_mutex_lock (&init_mutex);
-
- /* This should stop all other calls in */
- pkcs11_initialized = false;
- pkcs11_initialized_pid = 0;
-
- if (the_objects)
- p11_dict_free (the_objects);
- the_objects = NULL;
-
- if (the_sessions)
- p11_dict_free (the_sessions);
- the_sessions = NULL;
- logged_in = false;
- the_user_type = 0;
-
- free (the_pin);
- the_pin = NULL;
- n_the_pin = 0;
-
- p11_mutex_unlock (&init_mutex);
-}
-
-bool
-mock_module_initialized (void)
-{
- return pkcs11_initialized;
-}
-void
-mock_module_reset (void)
-{
- module_finalize ();
- module_reset_objects (MOCK_SLOT_ONE_ID);
-
-}
-
-void
-mock_module_enumerate_objects (CK_SESSION_HANDLE handle,
- mock_enumerator func,
- void *user_data)
-{
- p11_dictiter iter;
- void *key;
- void *value;
- Session *sess;
-
- assert (the_objects != NULL);
- assert (func != NULL);
-
- /* Token objects */
- p11_dict_iterate (the_objects, &iter);
- while (p11_dict_next (&iter, &key, &value)) {
- if (!(func) (pointer_to_handle (key), value, user_data))
- return;
- }
-
- /* session objects */
- if (handle) {
- sess = p11_dict_get (the_sessions, handle_to_pointer (handle));
- if (sess) {
- p11_dict_iterate (sess->objects, &iter);
- while (p11_dict_next (&iter, &key, &value)) {
- if (!(func) (pointer_to_handle (key), value, user_data))
- return;
- }
- }
- }
-}
-
-/* -------------------------------------------------------------------
- * INITIALIZATION and 'GLOBAL' CALLS
- */
-
-CK_RV
-mock_C_Initialize (CK_VOID_PTR init_args)
-{
- CK_C_INITIALIZE_ARGS_PTR args = NULL;
- CK_RV ret = CKR_OK;
- pid_t pid;
-
- p11_mutex_lock (&init_mutex);
-
- if (init_args != NULL) {
- int supplied_ok;
-
- /* pReserved must be NULL */
- args = init_args;
-
- /* ALL supplied function pointers need to have the value either NULL or non-NULL. */
- supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL &&
- args->LockMutex == NULL && args->UnlockMutex == NULL) ||
- (args->CreateMutex != NULL && args->DestroyMutex != NULL &&
- args->LockMutex != NULL && args->UnlockMutex != NULL);
- if (!supplied_ok) {
- p11_debug_precond ("invalid set of mutex calls supplied\n");
- ret = CKR_ARGUMENTS_BAD;
- goto done;
- }
-
- /*
- * When the CKF_OS_LOCKING_OK flag isn't set return an error.
- * We must be able to use our pthread functionality.
- */
- if (!(args->flags & CKF_OS_LOCKING_OK)) {
- p11_debug_precond ("can't do without os locking\n");
- ret = CKR_CANT_LOCK;
- goto done;
- }
- }
-
- pid = getpid ();
- if (pkcs11_initialized) {
-
- /* This process has called C_Initialize already */
- if (pid == pkcs11_initialized_pid) {
- p11_debug_precond ("p11-kit: C_Initialize called twice for same process\n");
- ret = CKR_CRYPTOKI_ALREADY_INITIALIZED;
- goto done;
- }
- }
-
- /* We store CK_ULONG as pointers here, so verify that they fit */
- assert (sizeof (CK_ULONG) <= sizeof (void *));
-
- free (the_pin);
- the_pin = (CK_UTF8CHAR_PTR)strdup ("booo");
- n_the_pin = 4;
-
- if (the_sessions)
- p11_dict_free (the_sessions);
- the_sessions = p11_dict_new (p11_dict_direct_hash,
- p11_dict_direct_equal,
- NULL, free_session);
-
- module_reset_objects (MOCK_SLOT_ONE_ID);
-
-done:
- /* Mark us as officially initialized */
- if (ret == CKR_OK) {
- pkcs11_initialized = true;
- pkcs11_initialized_pid = pid;
- } else if (ret != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
- pkcs11_initialized = false;
- pkcs11_initialized_pid = 0;
- }
-
- p11_mutex_unlock (&init_mutex);
-
- return ret;
-}
-
-CK_RV
-mock_X_Initialize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR init_args)
-{
- return mock_C_Initialize (init_args);
-}
-
-CK_RV
-mock_C_Initialize__fails (CK_VOID_PTR init_args)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-CK_RV
-mock_X_Initialize__fails (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR init_args)
-{
- return mock_C_Initialize__fails (init_args);
-}
-
-CK_RV
-mock_C_Finalize (CK_VOID_PTR reserved)
-{
- return_val_if_fail (pkcs11_initialized, CKR_CRYPTOKI_NOT_INITIALIZED);
- return_val_if_fail (reserved == NULL, CKR_ARGUMENTS_BAD);
-
- module_finalize ();
- return CKR_OK;
-}
-
-CK_RV
-mock_X_Finalize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR reserved)
-{
- return mock_C_Finalize (reserved);
-}
-
-CK_RV
-mock_C_GetInfo (CK_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- memcpy (info, &MOCK_INFO, sizeof (*info));
- return CKR_OK;
-}
-
-CK_RV
-mock_X_GetInfo (CK_X_FUNCTION_LIST *self,
- CK_INFO_PTR info)
-{
- return mock_C_GetInfo (info);
-}
-
-CK_RV
-mock_C_GetFunctionList_not_supported (CK_FUNCTION_LIST_PTR_PTR list)
-{
- /* This would be a strange call to receive, should be overridden */
- return_val_if_reached (CKR_FUNCTION_NOT_SUPPORTED);
-}
-
-CK_RV
-mock_C_GetSlotList (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- CK_ULONG num;
-
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- num = token_present ? 1 : 2;
-
- /* Application only wants to know the number of slots. */
- if (slot_list == NULL) {
- *count = num;
- return CKR_OK;
- }
-
- if (*count < num)
- return_val_if_reached (CKR_BUFFER_TOO_SMALL);
-
- *count = num;
- slot_list[0] = MOCK_SLOT_ONE_ID;
- if (!token_present)
- slot_list[1] = MOCK_SLOT_TWO_ID;
-
- return CKR_OK;
-
-}
-
-CK_RV
-mock_C_GetSlotList__no_tokens (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- /* No tokens */
- *count = 0;
- return CKR_OK;
-}
-
-CK_RV
-mock_X_GetSlotList__no_tokens (CK_X_FUNCTION_LIST *self,
- CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- return mock_C_GetSlotList__no_tokens (token_present,
- slot_list,
- count);
-;
-}
-
-/* Update mock-module.h URIs when updating this */
-
-static const CK_SLOT_INFO MOCK_INFO_ONE = {
- "TEST SLOT ",
- "TEST MANUFACTURER ",
- CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE,
- { 55, 155 },
- { 65, 165 },
-};
-
-/* Update mock-module.h URIs when updating this */
-
-static const CK_SLOT_INFO MOCK_INFO_TWO = {
- "TEST SLOT ",
- "TEST MANUFACTURER ",
- CKF_REMOVABLE_DEVICE,
- { 55, 155 },
- { 65, 165 },
-};
-
-CK_RV
-mock_C_GetSlotInfo (CK_SLOT_ID slot_id,
- CK_SLOT_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- if (slot_id == MOCK_SLOT_ONE_ID) {
- memcpy (info, &MOCK_INFO_ONE, sizeof (*info));
- return CKR_OK;
- } else if (slot_id == MOCK_SLOT_TWO_ID) {
- memcpy (info, &MOCK_INFO_TWO, sizeof (*info));
- return CKR_OK;
- } else {
- return CKR_SLOT_ID_INVALID;
- }
-}
-
-CK_RV
-mock_C_GetSlotList__fail_first (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- return CKR_VENDOR_DEFINED;
-}
-
-CK_RV
-mock_C_GetSlotList__fail_late (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- if (!slot_list)
- return mock_C_GetSlotList (token_present, slot_list, count);
- return CKR_VENDOR_DEFINED;
-}
-
-CK_RV
-mock_C_GetSlotInfo__invalid_slotid (CK_SLOT_ID id,
- CK_SLOT_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_X_GetSlotInfo__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID id,
- CK_SLOT_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-/* Update gck-mock.h URIs when updating this */
-
-static const CK_TOKEN_INFO MOCK_TOKEN_ONE = {
- "TEST LABEL ",
- "TEST MANUFACTURER ",
- "TEST MODEL ",
- "TEST SERIAL ",
- CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED,
- 1,
- 2,
- 3,
- 4,
- 5,
- 6,
- 7,
- 8,
- 9,
- 10,
- { 75, 175 },
- { 85, 185 },
- { '1', '9', '9', '9', '0', '5', '2', '5', '0', '9', '1', '9', '5', '9', '0', '0' }
-};
-
-CK_RV
-mock_C_GetTokenInfo (CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info)
-{
- return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
-
- if (slot_id == MOCK_SLOT_ONE_ID) {
- memcpy (info, &MOCK_TOKEN_ONE, sizeof (*info));
- return CKR_OK;
- } else if (slot_id == MOCK_SLOT_TWO_ID) {
- return CKR_TOKEN_NOT_PRESENT;
- } else {
- return CKR_SLOT_ID_INVALID;
- }
-}
-
-CK_RV
-mock_C_GetTokenInfo__invalid_slotid (CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_X_GetTokenInfo__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-/*
- * TWO mechanisms:
- * CKM_MOCK_CAPITALIZE
- * CKM_MOCK_PREFIX
- */
-
-CK_RV
-mock_C_GetMechanismList (CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count)
-{
- return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD);
-
- if (slot_id == MOCK_SLOT_TWO_ID)
- return CKR_TOKEN_NOT_PRESENT;
- else if (slot_id != MOCK_SLOT_ONE_ID)
- return CKR_SLOT_ID_INVALID;
-
- /* Application only wants to know the number of slots. */
- if (mechanism_list == NULL) {
- *count = 2;
- return CKR_OK;
- }
-
- if (*count < 2)
- return_val_if_reached (CKR_BUFFER_TOO_SMALL);
-
- mechanism_list[0] = CKM_MOCK_CAPITALIZE;
- mechanism_list[1] = CKM_MOCK_PREFIX;
- *count = 2;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_GetTokenInfo__not_initialized (CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info)
-{
- CK_RV rv;
-
- rv = mock_C_GetTokenInfo (slot_id, info);
- if (rv == CKR_OK)
- info->flags &= ~ CKF_TOKEN_INITIALIZED;
-
- return rv;
-}
-
-/*
- * TWO mechanisms:
- * CKM_MOCK_CAPITALIZE
- * CKM_MOCK_PREFIX
- */
-
-CK_RV
-mock_C_GetMechanismList__invalid_slotid (CK_SLOT_ID id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count)
-{
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_X_GetMechanismList__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count)
-{
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-static const CK_MECHANISM_INFO MOCK_MECH_CAPITALIZE = {
- 512, 4096, CKF_ENCRYPT | CKF_DECRYPT
-};
-
-static const CK_MECHANISM_INFO MOCK_MECH_PREFIX = {
- 2048, 2048, CKF_SIGN | CKF_VERIFY
-};
-
-CK_RV
-mock_C_GetMechanismInfo (CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- if (slot_id == MOCK_SLOT_TWO_ID)
- return CKR_TOKEN_NOT_PRESENT;
- else if (slot_id != MOCK_SLOT_ONE_ID)
- return CKR_SLOT_ID_INVALID;
-
- if (type == CKM_MOCK_CAPITALIZE) {
- memcpy (info, &MOCK_MECH_CAPITALIZE, sizeof (*info));
- return CKR_OK;
- } else if (type == CKM_MOCK_PREFIX) {
- memcpy (info, &MOCK_MECH_PREFIX, sizeof (*info));
- return CKR_OK;
- } else {
- return CKR_MECHANISM_INVALID;
- }
-}
-
-CK_RV
-mock_C_GetMechanismInfo__invalid_slotid (CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_X_GetMechanismInfo__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_C_InitToken__specific_args (CK_SLOT_ID slot_id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label)
-{
- return_val_if_fail (pin != NULL, CKR_ARGUMENTS_BAD);
- return_val_if_fail (label != NULL, CKR_ARGUMENTS_BAD);
-
- if (slot_id == MOCK_SLOT_TWO_ID)
- return CKR_TOKEN_NOT_PRESENT;
- else if (slot_id != MOCK_SLOT_ONE_ID)
- return CKR_SLOT_ID_INVALID;
-
- if (strlen ("TEST PIN") != pin_len ||
- strncmp ((char *)pin, "TEST PIN", pin_len) != 0)
- return CKR_PIN_INVALID;
- if (strcmp ((char *)label, "TEST LABEL") != 0)
- return CKR_ARGUMENTS_BAD;
-
- free (the_pin);
- the_pin = memdup (pin, pin_len);
- return_val_if_fail (the_pin != NULL, CKR_HOST_MEMORY);
- n_the_pin = pin_len;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_InitToken__invalid_slotid (CK_SLOT_ID slot_id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label)
-{
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_X_InitToken__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label)
-{
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_C_WaitForSlotEvent (CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved)
-{
- return_val_if_fail (slot, CKR_ARGUMENTS_BAD);
-
- if (flags & CKF_DONT_BLOCK)
- return CKR_NO_EVENT;
-
- *slot = MOCK_SLOT_TWO_ID;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_WaitForSlotEvent__no_event (CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved)
-{
- return_val_if_fail (slot, CKR_ARGUMENTS_BAD);
-
- return CKR_NO_EVENT;
-}
-
-CK_RV
-mock_X_WaitForSlotEvent__no_event (CK_X_FUNCTION_LIST *self,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved)
-{
- return_val_if_fail (slot, CKR_ARGUMENTS_BAD);
-
- return CKR_NO_EVENT;
-}
-
-CK_RV
-mock_C_OpenSession (CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR session)
-{
- Session *sess;
-
- return_val_if_fail (session, CKR_ARGUMENTS_BAD);
-
- if (slot_id == MOCK_SLOT_TWO_ID)
- return CKR_TOKEN_NOT_PRESENT;
- else if (slot_id != MOCK_SLOT_ONE_ID)
- return CKR_SLOT_ID_INVALID;
- if ((flags & CKF_SERIAL_SESSION) != CKF_SERIAL_SESSION)
- return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
-
- sess = calloc (1, sizeof (Session));
- sess->handle = ++unique_identifier;
- sess->info.flags = flags;
- sess->info.slotID = slot_id;
- sess->info.state = 0;
- sess->info.ulDeviceError = 1414;
- sess->objects = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal,
- NULL, p11_attrs_free);
- *session = sess->handle;
-
- memcpy (sess->random_seed, "random", 6);
- sess->random_seed_len = 6;
-
- p11_dict_set (the_sessions, handle_to_pointer (sess->handle), sess);
- return CKR_OK;
-}
-
-CK_RV
-mock_C_OpenSession__invalid_slotid (CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR session)
-{
- return_val_if_fail (session, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_X_OpenSession__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR session)
-{
- return_val_if_fail (session, CKR_ARGUMENTS_BAD);
-
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_C_OpenSession__fails (CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR session)
-{
- return_val_if_fail (session, CKR_ARGUMENTS_BAD);
-
- return CKR_DEVICE_ERROR;
-}
-
-CK_RV
-mock_C_CloseSession (CK_SESSION_HANDLE session)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- p11_dict_remove (the_sessions, handle_to_pointer (session));
- return CKR_OK;
-}
-
-CK_RV
-mock_C_CloseSession__invalid_handle (CK_SESSION_HANDLE session)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_CloseSession__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_CloseAllSessions (CK_SLOT_ID slot_id)
-{
- if (slot_id == MOCK_SLOT_TWO_ID)
- return CKR_TOKEN_NOT_PRESENT;
- else if (slot_id != MOCK_SLOT_ONE_ID)
- return CKR_SLOT_ID_INVALID;
-
- p11_dict_clear (the_sessions);
- return CKR_OK;
-}
-
-CK_RV
-mock_C_CloseAllSessions__invalid_slotid (CK_SLOT_ID slot_id)
-{
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_X_CloseAllSessions__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id)
-{
- return CKR_SLOT_ID_INVALID;
-}
-
-CK_RV
-mock_C_GetFunctionStatus (CK_SESSION_HANDLE session)
-{
- if (!p11_dict_get (the_sessions, handle_to_pointer (session)))
- return CKR_SESSION_HANDLE_INVALID;
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-CK_RV
-mock_C_GetFunctionStatus__not_parallel (CK_SESSION_HANDLE session)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-CK_RV
-mock_C_CancelFunction (CK_SESSION_HANDLE session)
-{
- if (!p11_dict_get (the_sessions, handle_to_pointer (session)))
- return CKR_SESSION_HANDLE_INVALID;
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-CK_RV
-mock_C_CancelFunction__not_parallel (CK_SESSION_HANDLE session)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-CK_RV
-mock_C_GetSessionInfo (CK_SESSION_HANDLE session,
- CK_SESSION_INFO_PTR info)
-{
- Session *sess;
-
- return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (logged_in) {
- if (sess->info.flags & CKF_RW_SESSION)
- sess->info.state = CKS_RW_USER_FUNCTIONS;
- else
- sess->info.state = CKS_RO_USER_FUNCTIONS;
- } else {
- if (sess->info.flags & CKF_RW_SESSION)
- sess->info.state = CKS_RW_PUBLIC_SESSION;
- else
- sess->info.state = CKS_RO_PUBLIC_SESSION;
- }
-
- memcpy (info, &sess->info, sizeof (*info));
- return CKR_OK;
-}
-
-CK_RV
-mock_C_GetSessionInfo__invalid_handle (CK_SESSION_HANDLE session,
- CK_SESSION_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_GetSessionInfo__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_SESSION_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_InitPIN__specific_args (CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (sess == NULL)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (strlen ("TEST PIN") != pin_len ||
- strncmp ((char *)pin, "TEST PIN", pin_len) != 0)
- return CKR_PIN_INVALID;
-
- free (the_pin);
- the_pin = memdup (pin, pin_len);
- return_val_if_fail (the_pin != NULL, CKR_HOST_MEMORY);
- n_the_pin = pin_len;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_InitPIN__invalid_handle (CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_InitPIN__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_SetPIN__specific_args (CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (sess == NULL)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (old_pin_len != n_the_pin)
- return CKR_PIN_INCORRECT;
- if (memcmp (old_pin, the_pin, n_the_pin) != 0)
- return CKR_PIN_INCORRECT;
-
- if (strlen ("TEST PIN") != new_pin_len ||
- strncmp ((char *)new_pin, "TEST PIN", new_pin_len) != 0)
- return CKR_PIN_INVALID;
-
- free (the_pin);
- the_pin = memdup (new_pin, new_pin_len);
- return_val_if_fail (the_pin != NULL, CKR_HOST_MEMORY);
- n_the_pin = new_pin_len;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_SetPIN__invalid_handle (CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SetPIN__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_GetOperationState (CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len)
-{
- Session *sess;
-
- return_val_if_fail (operation_state_len, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (sess == NULL)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!operation_state) {
- *operation_state_len = sizeof (sess);
- return CKR_OK;
- }
-
- if (*operation_state_len < sizeof (sess))
- return CKR_BUFFER_TOO_SMALL;
-
- memcpy (operation_state, &sess, sizeof (sess));
- *operation_state_len = sizeof (sess);
- return CKR_OK;
-}
-
-CK_RV
-mock_C_GetOperationState__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len)
-{
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_X_GetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len)
-{
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-CK_RV
-mock_C_SetOperationState (CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (sess == NULL)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!operation_state || operation_state_len != sizeof (sess))
- return CKR_ARGUMENTS_BAD;
-
- /* Yes, just arbitrary numbers, to make sure they got through */
- if (encryption_key != 355 || authentication_key != 455)
- return CKR_KEY_HANDLE_INVALID;
- if (memcmp (operation_state, &sess, sizeof (sess)) != 0)
- return CKR_SAVED_STATE_INVALID;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_SetOperationState__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_Login (CK_SESSION_HANDLE session,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- Session *sess;
-
- return_val_if_fail (user_type == CKU_SO ||
- user_type == CKU_USER ||
- user_type == CKU_CONTEXT_SPECIFIC,
- CKR_USER_TYPE_INVALID);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (sess == NULL)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (logged_in && user_type != CKU_CONTEXT_SPECIFIC)
- return CKR_USER_ALREADY_LOGGED_IN;
-
- if (!pin)
- return CKR_PIN_INCORRECT;
-
- if (pin_len != n_the_pin)
- return CKR_PIN_INCORRECT;
- if (strncmp ((char *)pin, (char *)the_pin, pin_len) != 0)
- return CKR_PIN_INCORRECT;
-
- if (user_type == CKU_CONTEXT_SPECIFIC) {
- return_val_if_fail (sess->want_context_login, CKR_OPERATION_NOT_INITIALIZED);
- sess->want_context_login = false;
- } else {
- logged_in = true;
- the_user_type = user_type;
- }
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_Login__invalid_handle (CK_SESSION_HANDLE session,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_Login__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_Logout (CK_SESSION_HANDLE session)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!logged_in)
- return CKR_USER_NOT_LOGGED_IN;
-
- logged_in = false;
- the_user_type = 0;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_Logout__invalid_handle (CK_SESSION_HANDLE session)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_Logout__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_CreateObject (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR object)
-{
- CK_ATTRIBUTE *attrs;
- Session *sess;
- CK_BBOOL token, priv;
-
- return_val_if_fail (object, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- attrs = p11_attrs_buildn (NULL, template, count);
-
- if (p11_attrs_find_bool (attrs, CKA_PRIVATE, &priv) && priv) {
- if (!logged_in) {
- p11_attrs_free (attrs);
- return CKR_USER_NOT_LOGGED_IN;
- }
- }
-
- *object = ++unique_identifier;
- if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token)
- p11_dict_set (the_objects, handle_to_pointer (*object), attrs);
- else
- p11_dict_set (sess->objects, handle_to_pointer (*object), attrs);
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_CreateObject__invalid_handle (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- return_val_if_fail (new_object, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_CreateObject__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- return_val_if_fail (new_object, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_CopyObject (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- CK_ATTRIBUTE *attrs;
- Session *sess;
- CK_BBOOL token, priv;
- CK_RV rv;
-
- return_val_if_fail (object, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- rv = lookup_object (sess, object, &attrs, NULL);
- if (rv != CKR_OK)
- return rv;
-
- if (p11_attrs_find_bool (attrs, CKA_PRIVATE, &priv) && priv) {
- if (!logged_in)
- return CKR_USER_NOT_LOGGED_IN;
- }
-
- attrs = p11_attrs_buildn (p11_attrs_dup (attrs), template, count);
-
- *new_object = ++unique_identifier;
- if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token)
- p11_dict_set (the_objects, handle_to_pointer (*new_object), attrs);
- else
- p11_dict_set (sess->objects, handle_to_pointer (*new_object), attrs);
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_CopyObject__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- return_val_if_fail (new_object, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-
-CK_RV
-mock_X_CopyObject__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- return_val_if_fail (new_object, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DestroyObject (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object)
-{
- CK_ATTRIBUTE *attrs;
- Session *sess;
- p11_dict *table;
- CK_RV rv;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- rv = lookup_object (sess, object, &attrs, &table);
- if (rv != CKR_OK)
- return rv;
-
- p11_dict_remove (table, handle_to_pointer (object));
- return CKR_OK;
-}
-
-CK_RV
-mock_C_DestroyObject__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DestroyObject__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_GetObjectSize (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size)
-{
- CK_ATTRIBUTE *attrs;
- Session *sess;
- CK_RV rv;
- CK_ULONG i;
-
- return_val_if_fail (size != NULL, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- rv = lookup_object (sess, object, &attrs, NULL);
- if (rv != CKR_OK)
- return rv;
-
- *size = 0;
- for (i = 0; !p11_attrs_terminator (attrs + i); i++) {
- if (attrs[i].ulValueLen != (CK_ULONG)-1)
- *size += attrs[i].ulValueLen;
- }
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_GetObjectSize__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size)
-{
- return_val_if_fail (size, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size)
-{
- return_val_if_fail (size, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_GetAttributeValue (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- CK_ATTRIBUTE *result;
- CK_RV ret = CKR_OK;
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *attr;
- Session *sess;
- CK_ULONG i;
- CK_RV rv;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (sess == NULL)
- return CKR_SESSION_HANDLE_INVALID;
-
- rv = lookup_object (sess, object, &attrs, NULL);
- if (rv != CKR_OK)
- return rv;
-
- for (i = 0; i < count; ++i) {
- result = template + i;
- attr = p11_attrs_find (attrs, result->type);
- if (!attr) {
- result->ulValueLen = (CK_ULONG)-1;
- ret = CKR_ATTRIBUTE_TYPE_INVALID;
- continue;
- }
-
- if (!result->pValue) {
- result->ulValueLen = attr->ulValueLen;
- continue;
- }
-
- if (result->ulValueLen >= attr->ulValueLen) {
- memcpy (result->pValue, attr->pValue, attr->ulValueLen);
- result->ulValueLen = attr->ulValueLen;
- continue;
- }
-
- result->ulValueLen = (CK_ULONG)-1;
- ret = CKR_BUFFER_TOO_SMALL;
- }
-
- return ret;
-}
-
-CK_RV
-mock_C_GetAttributeValue__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_GetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_GetAttributeValue__fail_first (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return CKR_FUNCTION_REJECTED;
-}
-
-CK_RV
-mock_C_GetAttributeValue__fail_late (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- CK_ULONG i;
-
- for (i = 0; i < count; i++) {
- if (template[i].pValue)
- return CKR_FUNCTION_FAILED;
- }
- return mock_C_GetAttributeValue (session, object, template, count);
-}
-
-CK_RV
-mock_C_SetAttributeValue (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- Session *sess;
- CK_ATTRIBUTE *attrs;
- p11_dict *table;
- CK_RV rv;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- rv = lookup_object (sess, object, &attrs, &table);
- if (rv != CKR_OK)
- return rv;
-
- p11_dict_steal (table, handle_to_pointer (object), NULL, (void **)&attrs);
- attrs = p11_attrs_buildn (attrs, template, count);
- p11_dict_set (table, handle_to_pointer (object), attrs);
- return CKR_OK;
-}
-
-CK_RV
-mock_C_SetAttributeValue__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-typedef struct _FindObjects {
- CK_ATTRIBUTE *template;
- CK_ULONG count;
- Session *sess;
-} FindObjects;
-
-static bool
-enumerate_and_find_objects (CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE *attrs,
- void *user_data)
-{
- FindObjects *ctx = user_data;
- CK_ATTRIBUTE *match;
- CK_ATTRIBUTE *attr;
- CK_BBOOL private;
- CK_ULONG i;
-
- if (!logged_in) {
- if (p11_attrs_find_bool (attrs, CKA_PRIVATE, &private) && private)
- return 1; /* Continue */
- }
-
- for (i = 0; i < ctx->count; ++i) {
- match = ctx->template + i;
- attr = p11_attrs_find (attrs, match->type);
- if (!attr)
- return true; /* Continue */
-
- if (attr->ulValueLen != match->ulValueLen ||
- memcmp (attr->pValue, match->pValue, attr->ulValueLen) != 0)
- return true; /* Continue */
- }
-
- p11_array_push (ctx->sess->matches, handle_to_pointer (object));
- return true; /* Continue */
-}
-
-static int
-compar_handles (const void *one,
- const void *two)
-{
- void **p1 = (void **)one;
- void **p2 = (void **)two;
- return pointer_to_handle (*p2) - pointer_to_handle (*p1);
-}
-
-CK_RV
-mock_C_FindObjectsInit (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- Session *sess;
- FindObjects ctx;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- /* Starting an operation, cancels any previous one */
- sess->crypto_mechanism = 0;
- sess->hash_mechanism = 0;
-
- sess->finding = true;
- p11_array_free (sess->matches);
- sess->matches = p11_array_new (NULL);
-
- ctx.template = template;
- ctx.count = count;
- ctx.sess = sess;
-
- mock_module_enumerate_objects (session, enumerate_and_find_objects, &ctx);
- qsort (sess->matches->elem, sess->matches->num, sizeof (void *), compar_handles);
- return CKR_OK;
-}
-
-CK_RV
-mock_C_FindObjectsInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_FindObjectsInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_FindObjectsInit__fails (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return CKR_DEVICE_MEMORY;
-}
-
-CK_RV
-mock_C_FindObjects (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_object_count,
- CK_ULONG_PTR object_count)
-{
- Session *sess;
-
- return_val_if_fail (objects, CKR_ARGUMENTS_BAD);
- return_val_if_fail (object_count, CKR_ARGUMENTS_BAD);
- return_val_if_fail (max_object_count != 0, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (sess == NULL)
- return CKR_SESSION_HANDLE_INVALID;
- if (!sess->finding)
- return CKR_OPERATION_NOT_INITIALIZED;
-
- *object_count = 0;
- while (max_object_count > 0) {
- if (sess->matches->num == 0)
- break;
- *objects = pointer_to_handle (sess->matches->elem[sess->matches->num - 1]);
- ++objects;
- --max_object_count;
- ++(*object_count);
- p11_array_remove (sess->matches, sess->matches->num - 1);
- }
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_FindObjects__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count)
-{
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_FindObjects__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count)
-{
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_FindObjects__fails (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count)
-{
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- return CKR_DEVICE_REMOVED;
-}
-
-CK_RV
-mock_C_FindObjectsFinal (CK_SESSION_HANDLE session)
-{
-
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (sess == NULL)
- return CKR_SESSION_HANDLE_INVALID;
- if (!sess->finding)
- return CKR_OPERATION_NOT_INITIALIZED;
-
- sess->finding = false;
- p11_array_free (sess->matches);
- sess->matches = NULL;
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_FindObjectsFinal__invalid_handle (CK_SESSION_HANDLE session)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_FindObjectsFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_EncryptInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- Session *sess;
-
- return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- /* Starting an operation, cancels any previous one */
- sess->finding = CK_FALSE;
-
- if (mechanism->mechanism != CKM_MOCK_CAPITALIZE)
- return CKR_MECHANISM_INVALID;
- if (key != MOCK_PUBLIC_KEY_CAPITALIZE)
- return CKR_KEY_HANDLE_INVALID;
-
- sess->crypto_method = CKA_ENCRYPT;
- sess->crypto_mechanism = CKM_MOCK_CAPITALIZE;
- sess->crypto_key = key;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_EncryptInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_EncryptInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_Encrypt (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len)
-{
- CK_ULONG last = 0;
- CK_RV rv;
- rv = mock_C_EncryptUpdate (session, data, data_len, encrypted_data, encrypted_data_len);
- if (rv == CKR_OK)
- rv = mock_C_EncryptFinal (session, encrypted_data, &last);
- return rv;
-}
-
-CK_RV
-mock_C_Encrypt__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len)
-{
- return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_Encrypt__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len)
-{
- return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_EncryptUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- Session *sess;
- CK_ULONG i;
-
- return_val_if_fail (part != NULL, CKR_DATA_INVALID);
- return_val_if_fail (encrypted_part_len != NULL, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!sess->crypto_mechanism)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->crypto_method != CKA_ENCRYPT)
- return CKR_OPERATION_NOT_INITIALIZED;
- assert (sess->crypto_mechanism == CKM_MOCK_CAPITALIZE);
- assert (sess->crypto_key == MOCK_PUBLIC_KEY_CAPITALIZE);
-
- if (!encrypted_part) {
- *encrypted_part_len = part_len;
- return CKR_OK;
- }
-
- if (*encrypted_part_len < part_len) {
- *encrypted_part_len = part_len;
- return CKR_BUFFER_TOO_SMALL;
- }
-
- for (i = 0; i < part_len; ++i)
- encrypted_part[i] = toupper (part[i]);
- *encrypted_part_len = part_len;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_EncryptUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_EncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_EncryptFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_encrypted_part,
- CK_ULONG_PTR last_encrypted_part_len)
-{
- Session *sess;
-
- return_val_if_fail (last_encrypted_part_len != NULL, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!sess->crypto_mechanism)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->crypto_method != CKA_ENCRYPT)
- return CKR_OPERATION_NOT_INITIALIZED;
-
- *last_encrypted_part_len = 0;
-
- sess->crypto_method = 0;
- sess->crypto_mechanism = 0;
- sess->crypto_key = 0;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_EncryptFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_EncryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DecryptInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- Session *sess;
-
- return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- /* Starting an operation, cancels any previous one */
- sess->finding = false;
-
- if (mechanism->mechanism != CKM_MOCK_CAPITALIZE)
- return CKR_MECHANISM_INVALID;
- if (key != MOCK_PRIVATE_KEY_CAPITALIZE)
- return CKR_KEY_HANDLE_INVALID;
-
- sess->crypto_method = CKA_DECRYPT;
- sess->crypto_mechanism = CKM_MOCK_CAPITALIZE;
- sess->crypto_key = key;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_DecryptInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DecryptInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_Decrypt (CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG encrypted_data_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- CK_ULONG last = 0;
- CK_RV rv;
- rv = mock_C_DecryptUpdate (session, encrypted_data, encrypted_data_len, data, data_len);
- if (rv == CKR_OK)
- rv = mock_C_DecryptFinal (session, data, &last);
- return rv;
-}
-
-CK_RV
-mock_C_Decrypt__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_data,
- CK_ULONG enc_data_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return_val_if_fail (data_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_Decrypt__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_data,
- CK_ULONG enc_data_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return_val_if_fail (data_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DecryptUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- Session *sess;
- CK_ULONG i;
-
- return_val_if_fail (encrypted_part, CKR_ENCRYPTED_DATA_INVALID);
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!sess->crypto_mechanism)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->crypto_method != CKA_DECRYPT)
- return CKR_OPERATION_NOT_INITIALIZED;
- assert (sess->crypto_mechanism == CKM_MOCK_CAPITALIZE);
- assert (sess->crypto_key == MOCK_PRIVATE_KEY_CAPITALIZE);
-
- if (!part) {
- *part_len = encrypted_part_len;
- return CKR_OK;
- }
-
- if (*part_len < encrypted_part_len) {
- *part_len = encrypted_part_len;
- return CKR_BUFFER_TOO_SMALL;
- }
-
- for (i = 0; i < encrypted_part_len; ++i)
- part[i] = tolower (encrypted_part[i]);
- *part_len = encrypted_part_len;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_DecryptUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DecryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DecryptFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- Session *sess;
-
- return_val_if_fail (last_part_len != NULL, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!sess->crypto_mechanism)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->crypto_method != CKA_DECRYPT)
- return CKR_OPERATION_NOT_INITIALIZED;
-
- *last_part_len = 0;
-
- sess->crypto_method = 0;
- sess->crypto_mechanism = 0;
- sess->crypto_key = 0;
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_DecryptFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DecryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DigestInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism)
-{
- Session *sess;
-
- return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- /* Starting an operation, cancels any previous one */
- sess->finding = false;
-
- if (mechanism->mechanism != CKM_MOCK_COUNT)
- return CKR_MECHANISM_INVALID;
-
- sess->hash_mechanism = CKM_MOCK_COUNT;
- sess->hash_method = (CK_ULONG)-1;
- sess->hash_count = 0;
- sess->hash_key = 0;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_DigestInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DigestInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_Digest (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- CK_RV rv;
-
- return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD);
-
- rv = mock_C_DigestUpdate (session, data, data_len);
- if (rv == CKR_OK)
- rv = mock_C_DigestFinal (session, digest, digest_len);
- return rv;
-}
-
-CK_RV
-mock_C_Digest__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_Digest__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DigestUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!sess->hash_mechanism)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->hash_method != (CK_ULONG)-1)
- return CKR_OPERATION_NOT_INITIALIZED;
- assert (sess->hash_mechanism == CKM_MOCK_COUNT);
-
- sess->hash_count += part_len;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_DigestUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DigestKey (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE key)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!sess->hash_mechanism)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->hash_method != (CK_ULONG)-1)
- return CKR_OPERATION_NOT_INITIALIZED;
- assert (sess->hash_mechanism == CKM_MOCK_COUNT);
-
- sess->hash_count += key;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_DigestKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DigestKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DigestFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- char buffer[32];
- Session *sess;
- int len;
-
- return_val_if_fail (digest_len != NULL, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (!sess->hash_mechanism)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->hash_method != (CK_ULONG)-1)
- return CKR_OPERATION_NOT_INITIALIZED;
- assert (sess->hash_mechanism == CKM_MOCK_COUNT);
-
- len = snprintf (buffer, sizeof (buffer), "%lu", sess->hash_count);
-
- if (!digest) {
- *digest_len = len;
- return CKR_OK;
- } else if (*digest_len < len) {
- *digest_len = len;
- return CKR_BUFFER_TOO_SMALL;
- }
-
- memcpy (digest, &buffer, len);
- *digest_len = len;
-
- sess->hash_count = 0;
- sess->hash_mechanism = 0;
- sess->hash_key = 0;
- sess->hash_method = 0;
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_DigestFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DigestFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-static CK_RV
-prefix_mechanism_init (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_TYPE method,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- Session *sess;
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *value;
- CK_BYTE_PTR param;
- CK_ULONG n_param;
- CK_ULONG length;
- CK_RV rv;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (mechanism->mechanism != CKM_MOCK_PREFIX)
- return CKR_MECHANISM_INVALID;
- if (method == CKA_SIGN || method == CKA_SIGN_RECOVER) {
- if (key != MOCK_PRIVATE_KEY_PREFIX)
- return CKR_KEY_HANDLE_INVALID;
- } else if (method == CKA_VERIFY || method == CKA_VERIFY_RECOVER) {
- if (key != MOCK_PUBLIC_KEY_PREFIX)
- return CKR_KEY_HANDLE_INVALID;
- } else {
- assert_not_reached ();
- }
-
- rv = lookup_object (sess, key, &attrs, NULL);
- if (rv != CKR_OK)
- return rv;
-
- value = p11_attrs_find_valid (attrs, CKA_VALUE);
- if (value == NULL)
- return CKR_KEY_TYPE_INCONSISTENT;
-
- if (mechanism->pParameter) {
- param = mechanism->pParameter;
- n_param = mechanism->ulParameterLen;
- } else {
- param = (CK_BYTE_PTR)SIGNED_PREFIX;
- n_param = strlen (SIGNED_PREFIX) + 1;
- }
-
- length = value->ulValueLen + n_param;
- if (length > sizeof (sess->sign_prefix))
- return CKR_KEY_SIZE_RANGE;
-
- /* Starting an operation, cancels any finding */
- sess->finding = false;
-
- sess->hash_mechanism = CKM_MOCK_PREFIX;
- sess->hash_method = method;
- sess->hash_key = key;
- sess->hash_count = 0;
-
- memcpy (sess->sign_prefix, param, n_param);
- memcpy (sess->sign_prefix + n_param, value->pValue, value->ulValueLen);
- sess->n_sign_prefix = length;
-
- /* The private key has CKA_ALWAYS_AUTHENTICATE above */
- if (method == CKA_SIGN || method == CKA_SIGN_RECOVER)
- sess->want_context_login = true;
-
- return CKR_OK;
-
-}
-
-CK_RV
-mock_C_SignInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD);
- return prefix_mechanism_init (session, CKA_SIGN, mechanism, key);
-}
-
-CK_RV
-mock_C_SignInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SignInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_Sign (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- CK_RV rv;
-
- rv = mock_C_SignUpdate (session, data, data_len);
- if (rv == CKR_OK)
- rv = mock_C_SignFinal (session, signature, signature_len);
-
- return rv;
-}
-
-CK_RV
-mock_C_Sign__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_Sign__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_SignUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
- if (sess->hash_mechanism != CKM_MOCK_PREFIX ||
- sess->hash_method != CKA_SIGN)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->want_context_login)
- return CKR_USER_NOT_LOGGED_IN;
-
- sess->hash_count += part_len;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_SignUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SignUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_SignFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- char buffer[32];
- Session *sess;
- CK_ULONG length;
- int len;
-
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
- if (sess->hash_mechanism != CKM_MOCK_PREFIX ||
- sess->hash_method != CKA_SIGN)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->want_context_login)
- return CKR_USER_NOT_LOGGED_IN;
-
- len = snprintf (buffer, sizeof (buffer), "%lu", sess->hash_count);
- length = sess->n_sign_prefix + len;
-
- if (!signature) {
- *signature_len = length;
- return CKR_OK;
- }
-
- if (*signature_len < length) {
- *signature_len = length;
- return CKR_BUFFER_TOO_SMALL;
- }
-
- memcpy (signature, sess->sign_prefix, sess->n_sign_prefix);
- memcpy (signature + sess->n_sign_prefix, buffer, len);
- *signature_len = length;
-
- sess->hash_mechanism = 0;
- sess->hash_method = 0;
- sess->hash_count = 0;
- sess->hash_key = 0;
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_SignFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SignFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_SignRecoverInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD);
- return prefix_mechanism_init (session, CKA_SIGN_RECOVER, mechanism, key);
-}
-
-CK_RV
-mock_C_SignRecoverInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SignRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_SignRecover (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- Session *sess;
- CK_ULONG length;
-
- return_val_if_fail (data, CKR_DATA_INVALID);
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
- if (sess->hash_method != CKA_SIGN_RECOVER ||
- sess->hash_mechanism != CKM_MOCK_PREFIX)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->want_context_login)
- return CKR_USER_NOT_LOGGED_IN;
-
- length = sess->n_sign_prefix + data_len;
-
- if (!signature) {
- *signature_len = length;
- return CKR_OK;
- }
-
- if (*signature_len < length) {
- *signature_len = length;
- return CKR_BUFFER_TOO_SMALL;
- }
-
- memcpy (signature, sess->sign_prefix, sess->n_sign_prefix);
- memcpy (signature + sess->n_sign_prefix, data, data_len);
- *signature_len = length;
-
- sess->hash_method = 0;
- sess->hash_mechanism = 0;
- sess->hash_key = 0;
- sess->hash_count = 0;
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_SignRecover__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SignRecover__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_VerifyInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD);
- return prefix_mechanism_init (session, CKA_VERIFY, mechanism, key);
-}
-
-CK_RV
-mock_C_VerifyInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_VerifyInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_Verify (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- CK_RV rv;
-
- rv = mock_C_VerifyUpdate (session, data, data_len);
- if (rv == CKR_OK)
- rv = mock_C_VerifyFinal (session, signature, signature_len);
-
- return rv;
-}
-
-CK_RV
-mock_C_Verify__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_Verify__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_VerifyUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
- if (sess->hash_mechanism != CKM_MOCK_PREFIX ||
- sess->hash_method != CKA_VERIFY)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->want_context_login)
- return CKR_USER_NOT_LOGGED_IN;
-
- sess->hash_count += part_len;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_VerifyUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_VerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_VerifyFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- char buffer[32];
- Session *sess;
- CK_ULONG length;
- int len;
-
- return_val_if_fail (signature, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
- if (sess->hash_mechanism != CKM_MOCK_PREFIX ||
- sess->hash_method != CKA_VERIFY)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->want_context_login)
- return CKR_USER_NOT_LOGGED_IN;
-
- len = snprintf (buffer, sizeof (buffer), "%lu", sess->hash_count);
- length = sess->n_sign_prefix + len;
-
- if (signature_len != length)
- return CKR_SIGNATURE_LEN_RANGE;
-
- if (memcmp (signature, sess->sign_prefix, sess->n_sign_prefix) != 0 ||
- memcmp (signature + sess->n_sign_prefix, buffer, len) != 0)
- return CKR_SIGNATURE_INVALID;
-
- sess->hash_mechanism = 0;
- sess->hash_method = 0;
- sess->hash_count = 0;
- sess->hash_key = 0;
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_VerifyFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_VerifyFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_VerifyRecoverInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_fail (mechanism != NULL, CKR_ARGUMENTS_BAD);
- return prefix_mechanism_init (session, CKA_VERIFY_RECOVER, mechanism, key);
-}
-
-CK_RV
-mock_C_VerifyRecoverInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_VerifyRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_VerifyRecover (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- Session *sess;
- CK_ULONG length;
-
- return_val_if_fail (signature, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
- if (sess->hash_mechanism != CKM_MOCK_PREFIX ||
- sess->hash_method != CKA_VERIFY_RECOVER)
- return CKR_OPERATION_NOT_INITIALIZED;
- if (sess->want_context_login)
- return CKR_USER_NOT_LOGGED_IN;
-
- if (signature_len < sess->n_sign_prefix)
- return CKR_SIGNATURE_LEN_RANGE;
- if (memcmp (signature, sess->sign_prefix, sess->n_sign_prefix) != 0)
- return CKR_SIGNATURE_INVALID;
-
- length = signature_len - sess->n_sign_prefix;
- if (!data) {
- *data_len = length;
- return CKR_OK;
- }
-
- if (*data_len < length) {
- *data_len = length;
- return CKR_BUFFER_TOO_SMALL;
- }
-
- *data_len = length;
- memcpy (data, signature + sess->n_sign_prefix, length);
- return CKR_OK;
-}
-
-CK_RV
-mock_C_VerifyRecover__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return_val_if_fail (data_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_VerifyRecover__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return_val_if_fail (data_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DigestEncryptUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- CK_RV rv;
-
- rv = mock_C_EncryptUpdate (session, part, part_len, encrypted_part, encrypted_part_len);
- if (rv == CKR_OK)
- rv = mock_C_DigestUpdate (session, part, part_len);
-
- return rv;
-}
-
-CK_RV
-mock_C_DigestEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DigestEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DecryptDigestUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- CK_RV rv;
-
- rv = mock_C_DecryptUpdate (session, encrypted_part, encrypted_part_len, part, part_len);
- if (rv == CKR_OK)
- rv = mock_C_DigestUpdate (session, part, *part_len);
-
- return rv;
-}
-
-CK_RV
-mock_C_DecryptDigestUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DecryptDigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_SignEncryptUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- CK_RV rv;
-
- rv = mock_C_EncryptUpdate (session, part, part_len, encrypted_part, encrypted_part_len);
- if (rv == CKR_OK)
- rv = mock_C_SignUpdate (session, part, part_len);
-
- return rv;
-}
-
-CK_RV
-mock_C_SignEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SignEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DecryptVerifyUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- CK_RV rv;
-
- rv = mock_C_DecryptUpdate (session, encrypted_part, encrypted_part_len, part, part_len);
- if (rv == CKR_OK)
- rv = mock_C_VerifyUpdate (session, part, *part_len);
-
- return rv;
-}
-
-CK_RV
-mock_C_DecryptVerifyUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DecryptVerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_GenerateKey (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE value;
- Session *sess;
- CK_BBOOL token;
-
- return_val_if_fail (mechanism, CKR_MECHANISM_INVALID);
- return_val_if_fail (template, CKR_TEMPLATE_INCOMPLETE);
- return_val_if_fail (count, CKR_TEMPLATE_INCOMPLETE);
- return_val_if_fail (key, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (mechanism->mechanism != CKM_MOCK_GENERATE)
- return CKR_MECHANISM_INVALID;
-
- if (!mechanism->pParameter || mechanism->ulParameterLen != 9 ||
- memcmp (mechanism->pParameter, "generate", 9) != 0)
- return CKR_MECHANISM_PARAM_INVALID;
-
- value.type = CKA_VALUE;
- value.pValue = "generated";
- value.ulValueLen = strlen (value.pValue);
-
- attrs = p11_attrs_buildn (NULL, template, count);
- attrs = p11_attrs_buildn (attrs, &value, 1);
-
- *key = ++unique_identifier;
- if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token)
- p11_dict_set (the_objects, handle_to_pointer (*key), attrs);
- else
- p11_dict_set (sess->objects, handle_to_pointer (*key), attrs);
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_GenerateKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_GenerateKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_GenerateKeyPair (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR public_key_template,
- CK_ULONG public_key_count,
- CK_ATTRIBUTE_PTR private_key_template,
- CK_ULONG private_key_count,
- CK_OBJECT_HANDLE_PTR public_key,
- CK_OBJECT_HANDLE_PTR private_key)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE value;
- Session *sess;
- CK_BBOOL token;
-
- return_val_if_fail (mechanism, CKR_MECHANISM_INVALID);
- return_val_if_fail (public_key_template, CKR_TEMPLATE_INCOMPLETE);
- return_val_if_fail (public_key_count, CKR_TEMPLATE_INCOMPLETE);
- return_val_if_fail (private_key_template, CKR_TEMPLATE_INCOMPLETE);
- return_val_if_fail (private_key_count, CKR_TEMPLATE_INCOMPLETE);
- return_val_if_fail (public_key, CKR_ARGUMENTS_BAD);
- return_val_if_fail (private_key, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (mechanism->mechanism != CKM_MOCK_GENERATE)
- return CKR_MECHANISM_INVALID;
-
- if (!mechanism->pParameter || mechanism->ulParameterLen != 9 ||
- memcmp (mechanism->pParameter, "generate", 9) != 0)
- return CKR_MECHANISM_PARAM_INVALID;
-
- value.type = CKA_VALUE;
- value.pValue = "generated";
- value.ulValueLen = strlen (value.pValue);
-
- attrs = p11_attrs_buildn (NULL, public_key_template, public_key_count);
- attrs = p11_attrs_buildn (attrs, &value, 1);
-
- *public_key = ++unique_identifier;
- if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token)
- p11_dict_set (the_objects, handle_to_pointer (*public_key), attrs);
- else
- p11_dict_set (sess->objects, handle_to_pointer (*public_key), attrs);
-
- attrs = p11_attrs_buildn (NULL, private_key_template, private_key_count);
- attrs = p11_attrs_buildn (attrs, &value, 1);
-
- *private_key = ++unique_identifier;
- if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token)
- p11_dict_set (the_objects, handle_to_pointer (*private_key), attrs);
- else
- p11_dict_set (sess->objects, handle_to_pointer (*private_key), attrs);
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_GenerateKeyPair__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR pub_template,
- CK_ULONG pub_count,
- CK_ATTRIBUTE_PTR priv_template,
- CK_ULONG priv_count,
- CK_OBJECT_HANDLE_PTR pub_key,
- CK_OBJECT_HANDLE_PTR priv_key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_GenerateKeyPair__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR pub_template,
- CK_ULONG pub_count,
- CK_ATTRIBUTE_PTR priv_template,
- CK_ULONG priv_count,
- CK_OBJECT_HANDLE_PTR pub_key,
- CK_OBJECT_HANDLE_PTR priv_key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_WrapKey (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *attr;
- Session *sess;
- CK_RV rv;
-
- return_val_if_fail (mechanism, CKR_MECHANISM_INVALID);
- return_val_if_fail (wrapping_key, CKR_OBJECT_HANDLE_INVALID);
- return_val_if_fail (key, CKR_OBJECT_HANDLE_INVALID);
- return_val_if_fail (wrapped_key_len, CKR_WRAPPED_KEY_LEN_RANGE);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- rv = lookup_object (sess, wrapping_key, &attrs, NULL);
- if (rv == CKR_OBJECT_HANDLE_INVALID)
- return CKR_WRAPPING_KEY_HANDLE_INVALID;
- else if (rv != CKR_OK)
- return rv;
-
- rv = lookup_object (sess, key, &attrs, NULL);
- if (rv == CKR_OBJECT_HANDLE_INVALID)
- return CKR_WRAPPING_KEY_HANDLE_INVALID;
- else if (rv != CKR_OK)
- return rv;
-
- if (mechanism->mechanism != CKM_MOCK_WRAP)
- return CKR_MECHANISM_INVALID;
-
- if (mechanism->pParameter == NULL ||
- mechanism->ulParameterLen != 4 ||
- memcmp (mechanism->pParameter, "wrap", 4) != 0) {
- return CKR_MECHANISM_PARAM_INVALID;
- }
-
- attr = p11_attrs_find_valid (attrs, CKA_VALUE);
- if (attr == NULL)
- return CKR_WRAPPED_KEY_INVALID;
-
- if (!wrapped_key) {
- *wrapped_key_len = attr->ulValueLen;
- return CKR_OK;
- }
-
- if (*wrapped_key_len < attr->ulValueLen) {
- *wrapped_key_len = attr->ulValueLen;
- return CKR_BUFFER_TOO_SMALL;
- }
-
- memcpy (wrapped_key, attr->pValue, attr->ulValueLen);
- *wrapped_key_len = attr->ulValueLen;
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_WrapKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len)
-{
- return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_WrapKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len)
-{
- return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD);
-
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_UnwrapKey (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE value;
- Session *sess;
- CK_BBOOL token;
- CK_RV rv;
-
- return_val_if_fail (mechanism, CKR_MECHANISM_INVALID);
- return_val_if_fail (unwrapping_key, CKR_WRAPPING_KEY_HANDLE_INVALID);
- return_val_if_fail (wrapped_key, CKR_WRAPPED_KEY_INVALID);
- return_val_if_fail (wrapped_key_len, CKR_WRAPPED_KEY_LEN_RANGE);
- return_val_if_fail (key, CKR_ARGUMENTS_BAD);
- return_val_if_fail (template, CKR_TEMPLATE_INCOMPLETE);
- return_val_if_fail (count, CKR_TEMPLATE_INCONSISTENT);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- rv = lookup_object (sess, unwrapping_key, &attrs, NULL);
- if (rv == CKR_OBJECT_HANDLE_INVALID)
- return CKR_WRAPPING_KEY_HANDLE_INVALID;
- else if (rv != CKR_OK)
- return rv;
-
- if (mechanism->mechanism != CKM_MOCK_WRAP)
- return CKR_MECHANISM_INVALID;
-
- if (mechanism->pParameter == NULL ||
- mechanism->ulParameterLen != 4 ||
- memcmp (mechanism->pParameter, "wrap", 4) != 0) {
- return CKR_MECHANISM_PARAM_INVALID;
- }
-
- value.type = CKA_VALUE;
- value.pValue = wrapped_key;
- value.ulValueLen = wrapped_key_len;
-
- attrs = p11_attrs_buildn (NULL, template, count);
- attrs = p11_attrs_buildn (attrs, &value, 1);
-
- *key = ++unique_identifier;
- if (p11_attrs_find_bool (attrs, CKA_TOKEN, &token) && token)
- p11_dict_set (the_objects, handle_to_pointer (*key), attrs);
- else
- p11_dict_set (sess->objects, handle_to_pointer (*key), attrs);
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_UnwrapKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_UnwrapKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_DeriveKey (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- CK_ATTRIBUTE *attrs, *copy;
- CK_ATTRIBUTE value;
- Session *sess;
- CK_BBOOL token;
- CK_RV rv;
-
- return_val_if_fail (mechanism, CKR_MECHANISM_INVALID);
- return_val_if_fail (count, CKR_TEMPLATE_INCOMPLETE);
- return_val_if_fail (template, CKR_TEMPLATE_INCOMPLETE);
- return_val_if_fail (key, CKR_ARGUMENTS_BAD);
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- rv = lookup_object (sess, base_key, &attrs, NULL);
- if (rv == CKR_OBJECT_HANDLE_INVALID)
- return CKR_KEY_HANDLE_INVALID;
- else if (rv != CKR_OK)
- return rv;
-
- if (mechanism->mechanism != CKM_MOCK_DERIVE)
- return CKR_MECHANISM_INVALID;
-
- if (mechanism->pParameter == NULL ||
- mechanism->ulParameterLen != 6 ||
- memcmp (mechanism->pParameter, "derive", 6) != 0) {
- return CKR_MECHANISM_PARAM_INVALID;
- }
-
- value.type = CKA_VALUE;
- value.pValue = "derived";
- value.ulValueLen = strlen (value.pValue);
-
- copy = p11_attrs_buildn (NULL, template, count);
- copy = p11_attrs_buildn (copy, &value, 1);
-
- *key = ++unique_identifier;
- if (p11_attrs_find_bool (copy, CKA_TOKEN, &token) && token)
- p11_dict_set (the_objects, handle_to_pointer (*key), copy);
- else
- p11_dict_set (sess->objects, handle_to_pointer (*key), copy);
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_DeriveKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_DeriveKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_SeedRandom (CK_SESSION_HANDLE session,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len)
-{
- Session *sess;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (seed_len > sizeof (sess->random_seed))
- return CKR_RANDOM_SEED_NOT_SUPPORTED;
-
- memcpy (sess->random_seed, seed, seed_len);
- sess->random_seed_len = seed_len;
- return CKR_OK;
-}
-
-CK_RV
-mock_C_SeedRandom__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_SeedRandom__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_C_GenerateRandom (CK_SESSION_HANDLE session,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len)
-{
- Session *sess;
- CK_ULONG block;
-
- sess = p11_dict_get (the_sessions, handle_to_pointer (session));
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- while (random_len > 0) {
- block = sess->random_seed_len;
- if (block > random_len)
- block = random_len;
- memcpy (random_data, sess->random_seed, block);
- random_data += block;
- random_len -= block;
- }
-
- return CKR_OK;
-}
-
-CK_RV
-mock_C_GenerateRandom__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_RV
-mock_X_GenerateRandom__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len)
-{
- return CKR_SESSION_HANDLE_INVALID;
-}
-
-CK_FUNCTION_LIST mock_module_no_slots = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
- mock_C_Initialize,
- mock_C_Finalize,
- mock_C_GetInfo,
- mock_C_GetFunctionList_not_supported,
- mock_C_GetSlotList__no_tokens,
- mock_C_GetSlotInfo__invalid_slotid,
- mock_C_GetTokenInfo__invalid_slotid,
- mock_C_GetMechanismList__invalid_slotid,
- mock_C_GetMechanismInfo__invalid_slotid,
- mock_C_InitToken__invalid_slotid,
- mock_C_InitPIN__invalid_handle,
- mock_C_SetPIN__invalid_handle,
- mock_C_OpenSession__invalid_slotid,
- mock_C_CloseSession__invalid_handle,
- mock_C_CloseAllSessions__invalid_slotid,
- mock_C_GetSessionInfo__invalid_handle,
- mock_C_GetOperationState__invalid_handle,
- mock_C_SetOperationState__invalid_handle,
- mock_C_Login__invalid_handle,
- mock_C_Logout__invalid_handle,
- mock_C_CreateObject__invalid_handle,
- mock_C_CopyObject__invalid_handle,
- mock_C_DestroyObject__invalid_handle,
- mock_C_GetObjectSize__invalid_handle,
- mock_C_GetAttributeValue__invalid_handle,
- mock_C_SetAttributeValue__invalid_handle,
- mock_C_FindObjectsInit__invalid_handle,
- mock_C_FindObjects__invalid_handle,
- mock_C_FindObjectsFinal__invalid_handle,
- mock_C_EncryptInit__invalid_handle,
- mock_C_Encrypt__invalid_handle,
- mock_C_EncryptUpdate__invalid_handle,
- mock_C_EncryptFinal__invalid_handle,
- mock_C_DecryptInit__invalid_handle,
- mock_C_Decrypt__invalid_handle,
- mock_C_DecryptUpdate__invalid_handle,
- mock_C_DecryptFinal__invalid_handle,
- mock_C_DigestInit__invalid_handle,
- mock_C_Digest__invalid_handle,
- mock_C_DigestUpdate__invalid_handle,
- mock_C_DigestKey__invalid_handle,
- mock_C_DigestFinal__invalid_handle,
- mock_C_SignInit__invalid_handle,
- mock_C_Sign__invalid_handle,
- mock_C_SignUpdate__invalid_handle,
- mock_C_SignFinal__invalid_handle,
- mock_C_SignRecoverInit__invalid_handle,
- mock_C_SignRecover__invalid_handle,
- mock_C_VerifyInit__invalid_handle,
- mock_C_Verify__invalid_handle,
- mock_C_VerifyUpdate__invalid_handle,
- mock_C_VerifyFinal__invalid_handle,
- mock_C_VerifyRecoverInit__invalid_handle,
- mock_C_VerifyRecover__invalid_handle,
- mock_C_DigestEncryptUpdate__invalid_handle,
- mock_C_DecryptDigestUpdate__invalid_handle,
- mock_C_SignEncryptUpdate__invalid_handle,
- mock_C_DecryptVerifyUpdate__invalid_handle,
- mock_C_GenerateKey__invalid_handle,
- mock_C_GenerateKeyPair__invalid_handle,
- mock_C_WrapKey__invalid_handle,
- mock_C_UnwrapKey__invalid_handle,
- mock_C_DeriveKey__invalid_handle,
- mock_C_SeedRandom__invalid_handle,
- mock_C_GenerateRandom__invalid_handle,
- mock_C_GetFunctionStatus__not_parallel,
- mock_C_CancelFunction__not_parallel,
- mock_C_WaitForSlotEvent__no_event,
-};
-
-CK_X_FUNCTION_LIST mock_x_module_no_slots = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
- mock_X_Initialize,
- mock_X_Finalize,
- mock_X_GetInfo,
- mock_X_GetSlotList__no_tokens,
- mock_X_GetSlotInfo__invalid_slotid,
- mock_X_GetTokenInfo__invalid_slotid,
- mock_X_GetMechanismList__invalid_slotid,
- mock_X_GetMechanismInfo__invalid_slotid,
- mock_X_InitToken__invalid_slotid,
- mock_X_InitPIN__invalid_handle,
- mock_X_SetPIN__invalid_handle,
- mock_X_OpenSession__invalid_slotid,
- mock_X_CloseSession__invalid_handle,
- mock_X_CloseAllSessions__invalid_slotid,
- mock_X_GetSessionInfo__invalid_handle,
- mock_X_GetOperationState__invalid_handle,
- mock_X_SetOperationState__invalid_handle,
- mock_X_Login__invalid_handle,
- mock_X_Logout__invalid_handle,
- mock_X_CreateObject__invalid_handle,
- mock_X_CopyObject__invalid_handle,
- mock_X_DestroyObject__invalid_handle,
- mock_X_GetObjectSize__invalid_handle,
- mock_X_GetAttributeValue__invalid_handle,
- mock_X_SetAttributeValue__invalid_handle,
- mock_X_FindObjectsInit__invalid_handle,
- mock_X_FindObjects__invalid_handle,
- mock_X_FindObjectsFinal__invalid_handle,
- mock_X_EncryptInit__invalid_handle,
- mock_X_Encrypt__invalid_handle,
- mock_X_EncryptUpdate__invalid_handle,
- mock_X_EncryptFinal__invalid_handle,
- mock_X_DecryptInit__invalid_handle,
- mock_X_Decrypt__invalid_handle,
- mock_X_DecryptUpdate__invalid_handle,
- mock_X_DecryptFinal__invalid_handle,
- mock_X_DigestInit__invalid_handle,
- mock_X_Digest__invalid_handle,
- mock_X_DigestUpdate__invalid_handle,
- mock_X_DigestKey__invalid_handle,
- mock_X_DigestFinal__invalid_handle,
- mock_X_SignInit__invalid_handle,
- mock_X_Sign__invalid_handle,
- mock_X_SignUpdate__invalid_handle,
- mock_X_SignFinal__invalid_handle,
- mock_X_SignRecoverInit__invalid_handle,
- mock_X_SignRecover__invalid_handle,
- mock_X_VerifyInit__invalid_handle,
- mock_X_Verify__invalid_handle,
- mock_X_VerifyUpdate__invalid_handle,
- mock_X_VerifyFinal__invalid_handle,
- mock_X_VerifyRecoverInit__invalid_handle,
- mock_X_VerifyRecover__invalid_handle,
- mock_X_DigestEncryptUpdate__invalid_handle,
- mock_X_DecryptDigestUpdate__invalid_handle,
- mock_X_SignEncryptUpdate__invalid_handle,
- mock_X_DecryptVerifyUpdate__invalid_handle,
- mock_X_GenerateKey__invalid_handle,
- mock_X_GenerateKeyPair__invalid_handle,
- mock_X_WrapKey__invalid_handle,
- mock_X_UnwrapKey__invalid_handle,
- mock_X_DeriveKey__invalid_handle,
- mock_X_SeedRandom__invalid_handle,
- mock_X_GenerateRandom__invalid_handle,
- mock_X_WaitForSlotEvent__no_event,
-};
-
-CK_FUNCTION_LIST mock_module = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
- mock_C_Initialize,
- mock_C_Finalize,
- mock_C_GetInfo,
- mock_C_GetFunctionList_not_supported,
- mock_C_GetSlotList,
- mock_C_GetSlotInfo,
- mock_C_GetTokenInfo,
- mock_C_GetMechanismList,
- mock_C_GetMechanismInfo,
- mock_C_InitToken__specific_args,
- mock_C_InitPIN__specific_args,
- mock_C_SetPIN__specific_args,
- mock_C_OpenSession,
- mock_C_CloseSession,
- mock_C_CloseAllSessions,
- mock_C_GetSessionInfo,
- mock_C_GetOperationState,
- mock_C_SetOperationState,
- mock_C_Login,
- mock_C_Logout,
- mock_C_CreateObject,
- mock_C_CopyObject,
- mock_C_DestroyObject,
- mock_C_GetObjectSize,
- mock_C_GetAttributeValue,
- mock_C_SetAttributeValue,
- mock_C_FindObjectsInit,
- mock_C_FindObjects,
- mock_C_FindObjectsFinal,
- mock_C_EncryptInit,
- mock_C_Encrypt,
- mock_C_EncryptUpdate,
- mock_C_EncryptFinal,
- mock_C_DecryptInit,
- mock_C_Decrypt,
- mock_C_DecryptUpdate,
- mock_C_DecryptFinal,
- mock_C_DigestInit,
- mock_C_Digest,
- mock_C_DigestUpdate,
- mock_C_DigestKey,
- mock_C_DigestFinal,
- mock_C_SignInit,
- mock_C_Sign,
- mock_C_SignUpdate,
- mock_C_SignFinal,
- mock_C_SignRecoverInit,
- mock_C_SignRecover,
- mock_C_VerifyInit,
- mock_C_Verify,
- mock_C_VerifyUpdate,
- mock_C_VerifyFinal,
- mock_C_VerifyRecoverInit,
- mock_C_VerifyRecover,
- mock_C_DigestEncryptUpdate,
- mock_C_DecryptDigestUpdate,
- mock_C_SignEncryptUpdate,
- mock_C_DecryptVerifyUpdate,
- mock_C_GenerateKey,
- mock_C_GenerateKeyPair,
- mock_C_WrapKey,
- mock_C_UnwrapKey,
- mock_C_DeriveKey,
- mock_C_SeedRandom,
- mock_C_GenerateRandom,
- mock_C_GetFunctionStatus,
- mock_C_CancelFunction,
- mock_C_WaitForSlotEvent,
-};
-
-void
-mock_module_init (void)
-{
- static bool initialized = false;
- if (!initialized) {
- p11_mutex_init (&init_mutex);
- initialized = true;
- }
-}
diff --git a/common/mock.h b/common/mock.h
deleted file mode 100644
index 16beb66..0000000
--- a/common/mock.h
+++ /dev/null
@@ -1,1134 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef __MOCK_H__
-#define __MOCK_H__
-
-#include "compat.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-
-enum {
- MOCK_DATA_OBJECT = 2,
- MOCK_PRIVATE_KEY_CAPITALIZE = 3,
- MOCK_PUBLIC_KEY_CAPITALIZE = 4,
- MOCK_PRIVATE_KEY_PREFIX = 5,
- MOCK_PUBLIC_KEY_PREFIX = 6,
-
- /*
- * CKM_MOCK_CAPITALIZE (encrypt/decrypt)
- * - Capitalizes to encrypt
- * - Lowercase to decrypt
- */
- CKM_MOCK_CAPITALIZE = (CKM_VENDOR_DEFINED | 1),
-
- /*
- * CKM_MOCK_PREFIX (sign/verify)
- * - Sign prefixes the data with a key label
- * - Verify unprefixes data using key label
- */
- CKM_MOCK_PREFIX = (CKM_VENDOR_DEFINED | 2),
-
- /*
- * CKM_MOCK_GENERATE (generate-pair)
- * - Generates a pair of keys, mechanism parameter should be 'generate'
- */
- CKM_MOCK_GENERATE = (CKM_VENDOR_DEFINED | 3),
-
- /*
- * CKM_MOCK_WRAP (wrap key)
- * - Wraps key by returning value, mechanism parameter should be 'wrap'
- */
- CKM_MOCK_WRAP = (CKM_VENDOR_DEFINED | 4),
-
- /*
- * CKM_MOCK_DERIVE (derive-key)
- * - Derives key by setting value to 'derived'
- * - Mechanism param should be 'derive'
- */
- CKM_MOCK_DERIVE = (CKM_VENDOR_DEFINED | 5),
-
- /*
- * CKM_MOCK_COUNT (digest)
- * - Counts the number of bytes, and returns a CK_ULONG 'hash' value
- */
- CKM_MOCK_COUNT = (CKM_VENDOR_DEFINED | 6),
-
- MOCK_SLOT_ONE_ID = 52,
- MOCK_SLOT_TWO_ID = 134,
-
- MOCK_SLOTS_PRESENT = 1,
- MOCK_SLOTS_ALL = 2,
-};
-
-static const CK_INFO MOCK_INFO = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
- "MOCK MANUFACTURER ",
- 0,
- "MOCK LIBRARY ",
- { 45, 145 }
-};
-
-extern CK_FUNCTION_LIST mock_module;
-
-extern CK_FUNCTION_LIST mock_module_no_slots;
-
-extern CK_X_FUNCTION_LIST mock_x_module_no_slots;
-
-void mock_module_init (void);
-
-typedef bool (* mock_enumerator) (CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs,
- void *user_data);
-
-void mock_module_enumerate_objects (CK_SESSION_HANDLE session,
- mock_enumerator func,
- void *user_data);
-
-void mock_module_add_object (CK_SLOT_ID slot_id,
- const CK_ATTRIBUTE *attrs);
-
-void mock_module_reset (void);
-
-bool mock_module_initialized (void);
-
-void mock_module_take_object (CK_SLOT_ID slot_id,
- CK_ATTRIBUTE *attrs);
-
-CK_RV mock_C_Initialize (CK_VOID_PTR init_args);
-
-CK_RV mock_C_Initialize__fails (CK_VOID_PTR init_args);
-
-CK_RV mock_X_Initialize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR init_args);
-
-CK_RV mock_X_Initialize__fails (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR init_args);
-
-CK_RV mock_C_Finalize (CK_VOID_PTR reserved);
-
-CK_RV mock_X_Finalize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR reserved);
-
-CK_RV mock_C_GetInfo (CK_INFO_PTR info);
-
-CK_RV mock_X_GetInfo (CK_X_FUNCTION_LIST *self,
- CK_INFO_PTR info);
-
-CK_RV mock_C_GetFunctionList_not_supported (CK_FUNCTION_LIST_PTR_PTR list);
-
-CK_RV mock_C_GetSlotList (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count);
-
-CK_RV mock_C_GetSlotList__no_tokens (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count);
-
-CK_RV mock_C_GetSlotList__fail_first (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count);
-
-CK_RV mock_C_GetSlotList__fail_late (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count);
-
-CK_RV mock_C_GetSlotInfo (CK_SLOT_ID slot_id,
- CK_SLOT_INFO_PTR info);
-
-CK_RV mock_X_GetSlotList__no_tokens (CK_X_FUNCTION_LIST *self,
- CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count);
-
-CK_RV mock_C_GetSlotInfo__invalid_slotid (CK_SLOT_ID slot_id,
- CK_SLOT_INFO_PTR info);
-
-CK_RV mock_X_GetSlotInfo__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_SLOT_INFO_PTR info);
-
-CK_RV mock_C_GetTokenInfo (CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info);
-
-CK_RV mock_C_GetTokenInfo__invalid_slotid (CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info);
-
-CK_RV mock_X_GetTokenInfo__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info);
-
-CK_RV mock_C_GetTokenInfo__not_initialized (CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info);
-
-CK_RV mock_C_GetMechanismList (CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count);
-
-CK_RV mock_C_GetMechanismList__invalid_slotid (CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count);
-
-CK_RV mock_X_GetMechanismList__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count);
-
-CK_RV mock_C_GetMechanismInfo (CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info);
-
-CK_RV mock_C_GetMechanismInfo__invalid_slotid (CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info);
-
-CK_RV mock_X_GetMechanismInfo__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info);
-
-CK_RV mock_C_InitToken__specific_args (CK_SLOT_ID slot_id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label);
-
-CK_RV mock_C_InitToken__invalid_slotid (CK_SLOT_ID slot_id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label);
-
-CK_RV mock_X_InitToken__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label);
-
-
-CK_RV mock_C_WaitForSlotEvent (CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved);
-
-CK_RV mock_C_WaitForSlotEvent__no_event (CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved);
-
-CK_RV mock_X_WaitForSlotEvent__no_event (CK_X_FUNCTION_LIST *self,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved);
-
-CK_RV mock_C_OpenSession__invalid_slotid (CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR session);
-
-CK_RV mock_X_OpenSession__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR session);
-
-CK_RV mock_C_OpenSession__fails (CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR session);
-
-CK_RV mock_C_OpenSession (CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR session);
-
-CK_RV mock_C_CloseSession (CK_SESSION_HANDLE session);
-
-CK_RV mock_C_CloseSession__invalid_handle (CK_SESSION_HANDLE session);
-
-CK_RV mock_X_CloseSession__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session);
-
-CK_RV mock_C_CloseAllSessions (CK_SLOT_ID slot_id);
-
-CK_RV mock_C_CloseAllSessions__invalid_slotid (CK_SLOT_ID slot_id);
-
-CK_RV mock_X_CloseAllSessions__invalid_slotid (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id);
-
-CK_RV mock_C_GetFunctionStatus (CK_SESSION_HANDLE session);
-
-CK_RV mock_C_GetFunctionStatus__not_parallel (CK_SESSION_HANDLE session);
-
-CK_RV mock_C_CancelFunction (CK_SESSION_HANDLE session);
-
-CK_RV mock_C_CancelFunction__not_parallel (CK_SESSION_HANDLE session);
-
-CK_RV mock_C_GetSessionInfo (CK_SESSION_HANDLE session,
- CK_SESSION_INFO_PTR info);
-
-CK_RV mock_C_GetSessionInfo__invalid_handle (CK_SESSION_HANDLE session,
- CK_SESSION_INFO_PTR info);
-
-CK_RV mock_X_GetSessionInfo__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_SESSION_INFO_PTR info);
-
-CK_RV mock_C_InitPIN__specific_args (CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len);
-
-CK_RV mock_C_InitPIN__invalid_handle (CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len);
-
-CK_RV mock_X_InitPIN__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len);
-
-CK_RV mock_C_SetPIN__specific_args (CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len);
-
-CK_RV mock_C_SetPIN__invalid_handle (CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len);
-
-CK_RV mock_X_SetPIN__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len);
-
-CK_RV mock_C_GetOperationState (CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len);
-
-CK_RV mock_C_GetOperationState__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len);
-
-CK_RV mock_X_GetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len);
-
-CK_RV mock_C_SetOperationState (CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key);
-
-CK_RV mock_C_SetOperationState__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key);
-
-CK_RV mock_X_SetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key);
-
-CK_RV mock_C_Login (CK_SESSION_HANDLE session,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len);
-
-CK_RV mock_C_Login__invalid_handle (CK_SESSION_HANDLE session,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len);
-
-CK_RV mock_X_Login__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len);
-
-CK_RV mock_C_Logout (CK_SESSION_HANDLE session);
-
-CK_RV mock_C_Logout__invalid_handle (CK_SESSION_HANDLE session);
-
-CK_RV mock_X_Logout__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session);
-
-CK_RV mock_C_CreateObject (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR object);
-
-CK_RV mock_C_CreateObject__invalid_handle (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object);
-
-CK_RV mock_X_CreateObject__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object);
-
-CK_RV mock_C_CopyObject (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object);
-
-CK_RV mock_C_CopyObject__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object);
-
-CK_RV mock_X_CopyObject__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object);
-
-CK_RV mock_C_DestroyObject (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object);
-
-CK_RV mock_C_DestroyObject__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object);
-
-CK_RV mock_X_DestroyObject__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object);
-
-CK_RV mock_C_GetObjectSize (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size);
-
-CK_RV mock_C_GetObjectSize__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size);
-
-CK_RV mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size);
-
-CK_RV mock_C_GetAttributeValue (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_C_GetAttributeValue__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_X_GetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_C_GetAttributeValue__fail_first (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_C_GetAttributeValue__fail_late (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_C_SetAttributeValue (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_C_SetAttributeValue__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_X_SetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_C_FindObjectsInit (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_C_FindObjectsInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_X_FindObjectsInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_C_FindObjectsInit__fails (CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count);
-
-CK_RV mock_C_FindObjects (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_object_count,
- CK_ULONG_PTR object_count);
-
-CK_RV mock_C_FindObjects__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count);
-
-CK_RV mock_X_FindObjects__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count);
-
-CK_RV mock_C_FindObjects__fails (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count);
-
-CK_RV mock_C_FindObjectsFinal (CK_SESSION_HANDLE session);
-
-CK_RV mock_C_FindObjectsFinal__invalid_handle (CK_SESSION_HANDLE session);
-
-CK_RV mock_X_FindObjectsFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session);
-
-CK_RV mock_C_EncryptInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_EncryptInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_X_EncryptInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_Encrypt (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len);
-
-CK_RV mock_C_Encrypt__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len);
-
-CK_RV mock_X_Encrypt__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len);
-
-CK_RV mock_C_EncryptUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len);
-
-CK_RV mock_C_EncryptUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len);
-
-CK_RV mock_X_EncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len);
-
-CK_RV mock_C_EncryptFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_encrypted_part,
- CK_ULONG_PTR last_encrypted_part_len);
-
-CK_RV mock_C_EncryptFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len);
-
-CK_RV mock_X_EncryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len);
-
-CK_RV mock_C_DecryptInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_DecryptInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_X_DecryptInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_Decrypt (CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG encrypted_data_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len);
-
-CK_RV mock_C_Decrypt__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_data,
- CK_ULONG enc_data_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len);
-
-CK_RV mock_X_Decrypt__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_data,
- CK_ULONG enc_data_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len);
-
-CK_RV mock_C_DecryptUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len);
-
-CK_RV mock_C_DecryptUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len);
-
-CK_RV mock_X_DecryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len);
-
-CK_RV mock_C_DecryptFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len);
-
-CK_RV mock_C_DecryptFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len);
-
-CK_RV mock_X_DecryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len);
-
-CK_RV mock_C_DigestInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism);
-
-CK_RV mock_C_DigestInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism);
-
-CK_RV mock_X_DigestInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism);
-
-CK_RV mock_C_Digest (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len);
-
-CK_RV mock_C_Digest__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len);
-
-CK_RV mock_X_Digest__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len);
-
-CK_RV mock_C_DigestUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len);
-
-CK_RV mock_C_DigestUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len);
-
-CK_RV mock_X_DigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len);
-
-CK_RV mock_C_DigestKey (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_DigestKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_X_DigestKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_DigestFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len);
-
-CK_RV mock_C_DigestFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len);
-
-CK_RV mock_X_DigestFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len);
-
-CK_RV mock_C_SignInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_SignInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_X_SignInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_Sign (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len);
-
-CK_RV mock_C_Sign__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len);
-
-CK_RV mock_X_Sign__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len);
-
-CK_RV mock_C_SignUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len);
-
-CK_RV mock_C_SignUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len);
-
-CK_RV mock_X_SignUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len);
-
-CK_RV mock_C_SignFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len);
-
-CK_RV mock_C_SignFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len);
-
-CK_RV mock_X_SignFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len);
-
-CK_RV mock_C_SignRecoverInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_SignRecoverInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_X_SignRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_SignRecover (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len);
-
-CK_RV mock_C_SignRecover__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len);
-
-CK_RV mock_X_SignRecover__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len);
-
-CK_RV mock_C_VerifyInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_VerifyInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_X_VerifyInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_Verify (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len);
-
-CK_RV mock_C_Verify__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len);
-
-CK_RV mock_X_Verify__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len);
-
-CK_RV mock_C_VerifyUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len);
-
-CK_RV mock_C_VerifyUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len);
-
-CK_RV mock_X_VerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len);
-
-CK_RV mock_C_VerifyFinal (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len);
-
-CK_RV mock_C_VerifyFinal__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len);
-
-CK_RV mock_X_VerifyFinal__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len);
-
-CK_RV mock_C_VerifyRecoverInit (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_VerifyRecoverInit__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_X_VerifyRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key);
-
-CK_RV mock_C_VerifyRecover (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len);
-
-CK_RV mock_C_VerifyRecover__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len);
-
-CK_RV mock_X_VerifyRecover__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len);
-
-CK_RV mock_C_DigestEncryptUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len);
-
-CK_RV mock_C_DigestEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len);
-
-CK_RV mock_X_DigestEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len);
-
-CK_RV mock_C_DecryptDigestUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len);
-
-CK_RV mock_C_DecryptDigestUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len);
-
-CK_RV mock_X_DecryptDigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len);
-
-CK_RV mock_C_SignEncryptUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len);
-
-CK_RV mock_C_SignEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len);
-
-CK_RV mock_X_SignEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len);
-
-CK_RV mock_C_DecryptVerifyUpdate (CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len);
-
-CK_RV mock_C_DecryptVerifyUpdate__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len);
-
-CK_RV mock_X_DecryptVerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len);
-
-CK_RV mock_C_GenerateKey (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key);
-
-CK_RV mock_C_GenerateKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key);
-
-CK_RV mock_X_GenerateKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key);
-
-CK_RV mock_C_GenerateKeyPair (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR public_key_template,
- CK_ULONG public_key_count,
- CK_ATTRIBUTE_PTR private_key_template,
- CK_ULONG private_key_count,
- CK_OBJECT_HANDLE_PTR public_key,
- CK_OBJECT_HANDLE_PTR private_key);
-
-CK_RV mock_C_GenerateKeyPair__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR pub_template,
- CK_ULONG pub_count,
- CK_ATTRIBUTE_PTR priv_template,
- CK_ULONG priv_count,
- CK_OBJECT_HANDLE_PTR pub_key,
- CK_OBJECT_HANDLE_PTR priv_key);
-
-CK_RV mock_X_GenerateKeyPair__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR pub_template,
- CK_ULONG pub_count,
- CK_ATTRIBUTE_PTR priv_template,
- CK_ULONG priv_count,
- CK_OBJECT_HANDLE_PTR pub_key,
- CK_OBJECT_HANDLE_PTR priv_key);
-
-CK_RV mock_C_WrapKey (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len);
-
-CK_RV mock_C_WrapKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len);
-
-CK_RV mock_X_WrapKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len);
-
-CK_RV mock_C_UnwrapKey (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key);
-
-CK_RV mock_C_UnwrapKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key);
-
-CK_RV mock_X_UnwrapKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key);
-
-CK_RV mock_C_DeriveKey (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key);
-
-CK_RV mock_C_DeriveKey__invalid_handle (CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key);
-
-CK_RV mock_X_DeriveKey__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key);
-
-CK_RV mock_C_SeedRandom (CK_SESSION_HANDLE session,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len);
-
-CK_RV mock_C_SeedRandom__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len);
-
-CK_RV mock_X_SeedRandom__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len);
-
-CK_RV mock_C_GenerateRandom (CK_SESSION_HANDLE session,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len);
-
-CK_RV mock_C_GenerateRandom__invalid_handle (CK_SESSION_HANDLE session,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len);
-
-CK_RV mock_X_GenerateRandom__invalid_handle (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len);
-
-#endif /* __MOCK_H__ */
diff --git a/common/path.c b/common/path.c
deleted file mode 100644
index 34c00cb..0000000
--- a/common/path.c
+++ /dev/null
@@ -1,325 +0,0 @@
-/*
- * Copyright (c) 2005 Stefan Walter
- * Copyright (c) 2011 Collabora Ltd.
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "debug.h"
-#include "message.h"
-#include "path.h"
-
-#include <assert.h>
-#include <errno.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef OS_UNIX
-#include <pwd.h>
-#include <unistd.h>
-#endif
-
-#ifdef OS_WIN32
-#include <shlobj.h>
-#endif
-
-
-char *
-p11_path_base (const char *path)
-{
-#ifdef OS_WIN32
- const char *delims = "/\\";
-#else
- const char *delims = "/";
-#endif
-
- const char *end;
- const char *beg;
-
- return_val_if_fail (path != NULL, NULL);
-
- /* Any trailing slashes */
- end = path + strlen (path);
- while (end != path) {
- if (!strchr (delims, *(end - 1)))
- break;
- end--;
- }
-
- /* Find the last slash after those */
- beg = end;
- while (beg != path) {
- if (strchr (delims, *(beg - 1)))
- break;
- beg--;
- }
-
- return strndup (beg, end - beg);
-}
-
-static inline bool
-is_path_component_or_null (char ch)
-{
- return (ch == '\0' || ch == '/'
-#ifdef OS_WIN32
- || ch == '\\'
-#endif
- );
-}
-
-static char *
-expand_homedir (const char *remainder)
-{
- const char *env;
-
- if (getauxval (AT_SECURE)) {
- errno = EPERM;
- return NULL;
- }
-
- while (remainder[0] && is_path_component_or_null (remainder[0]))
- remainder++;
- if (remainder[0] == '\0')
- remainder = NULL;
-
- /* Expand $XDG_CONFIG_HOME */
- if (remainder != NULL &&
- strncmp (remainder, ".config", 7) == 0 &&
- is_path_component_or_null (remainder[7])) {
- env = getenv ("XDG_CONFIG_HOME");
- if (env && env[0])
- return p11_path_build (env, remainder + 8, NULL);
- }
-
- env = getenv ("HOME");
- if (env && env[0]) {
- return p11_path_build (env, remainder, NULL);
-
- } else {
-#ifdef OS_UNIX
- char buf[1024];
- struct passwd pws;
- struct passwd *pwd = NULL;
- int error;
- int ret;
-
- errno = 0;
- ret = getpwuid_r (getuid (), &pws, buf, sizeof (buf), &pwd);
- if (pwd == NULL) {
- if (ret == 0)
- error = ESRCH;
- else
- error = errno;
- p11_message_err (error, "couldn't lookup home directory for user %d", getuid ());
- errno = error;
- return NULL;
- }
-
- return p11_path_build (pwd->pw_dir, remainder, NULL);
-
-#else /* OS_WIN32 */
- char directory[MAX_PATH + 1];
-
- if (!SHGetSpecialFolderPathA (NULL, directory, CSIDL_PROFILE, TRUE)) {
- p11_message ("couldn't lookup home directory for user");
- errno = ENOTDIR;
- return NULL;
- }
-
- return p11_path_build (directory, remainder, NULL);
-
-#endif /* OS_WIN32 */
- }
-}
-
-char *
-p11_path_expand (const char *path)
-{
- return_val_if_fail (path != NULL, NULL);
-
- if (strncmp (path, "~", 1) == 0 &&
- is_path_component_or_null (path[1])) {
- return expand_homedir (path + 1);
-
- } else {
- return strdup (path);
- }
-}
-
-bool
-p11_path_absolute (const char *path)
-{
- return_val_if_fail (path != NULL, false);
-
- return (path[0] == '/')
-#ifdef OS_WIN32
- || (path[0] != '\0' && path[1] == ':' && path[2] == '\\')
-#endif
- ;
-}
-
-char *
-p11_path_build (const char *path,
- ...)
-{
-#ifdef OS_WIN32
- const char delim = '\\';
-#else
- const char delim = '/';
-#endif
- const char *first = path;
- char *built;
- size_t len;
- size_t at;
- size_t num;
- size_t until;
- va_list va;
-
- return_val_if_fail (path != NULL, NULL);
-
- len = 1;
- va_start (va, path);
- while (path != NULL) {
- len += strlen (path) + 1;
- path = va_arg (va, const char *);
- }
- va_end (va);
-
- built = malloc (len + 1);
- return_val_if_fail (built != NULL, NULL);
-
- at = 0;
- path = first;
- va_start (va, path);
- while (path != NULL) {
- num = strlen (path);
-
- /* Trim end of the path */
- until = (at > 0) ? 0 : 1;
- while (num > until && is_path_component_or_null (path[num - 1]))
- num--;
-
- if (at != 0) {
- if (num == 0)
- continue;
- built[at++] = delim;
- }
-
- assert (at + num < len);
- memcpy (built + at, path, num);
- at += num;
-
- path = va_arg (va, const char *);
-
- /* Trim beginning of path */
- while (path && path[0] && is_path_component_or_null (path[0]))
- path++;
- }
- va_end (va);
-
- assert (at < len);
- built[at] = '\0';
- return built;
-}
-
-char *
-p11_path_parent (const char *path)
-{
- const char *e;
- char *parent;
- bool had = false;
-
- return_val_if_fail (path != NULL, NULL);
-
- /* Find the end of the last component */
- e = path + strlen (path);
- while (e != path && is_path_component_or_null (*e))
- e--;
-
- /* Find the beginning of the last component */
- while (e != path && !is_path_component_or_null (*e)) {
- had = true;
- e--;
- }
-
- /* Find the end of the last component */
- while (e != path && is_path_component_or_null (*e))
- e--;
-
- if (e == path) {
- if (!had)
- return NULL;
- parent = strdup ("/");
- } else {
- parent = strndup (path, (e - path) + 1);
- }
-
- return_val_if_fail (parent != NULL, NULL);
- return parent;
-}
-
-bool
-p11_path_prefix (const char *string,
- const char *prefix)
-{
- int a, b;
-
- return_val_if_fail (string != NULL, false);
- return_val_if_fail (prefix != NULL, false);
-
- a = strlen (string);
- b = strlen (prefix);
-
- return a > b &&
- strncmp (string, prefix, b) == 0 &&
- is_path_component_or_null (string[b]);
-}
-
-void
-p11_path_canon (char *name)
-{
- static const char *VALID =
- "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_";
- int i;
-
- return_if_fail (name != NULL);
-
- for (i = 0; name[i] != '\0'; i++) {
- if (strchr (VALID, name[i]) == NULL)
- name[i] = '_';
- }
-}
diff --git a/common/path.h b/common/path.h
deleted file mode 100644
index 0b19a5d..0000000
--- a/common/path.h
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_PATH_H__
-#define P11_PATH_H__
-
-#include "compat.h"
-
-#ifdef OS_WIN32
-#define P11_PATH_SEP ";"
-#define P11_PATH_SEP_C ';'
-#else
-#define P11_PATH_SEP ":"
-#define P11_PATH_SEP_C ':'
-#endif
-
-/*
- * The semantics of both POSIX basename() and GNU asename() are so crappy that
- * we just don't even bother. And what's worse is how it completely changes
- * behavior if _GNU_SOURCE is defined. Nasty stuff.
- */
-char * p11_path_base (const char *name);
-
-char * p11_path_expand (const char *path);
-
-char * p11_path_build (const char *path,
- ...) GNUC_NULL_TERMINATED;
-
-bool p11_path_absolute (const char *path);
-
-char * p11_path_parent (const char *path);
-
-bool p11_path_prefix (const char *string,
- const char *prefix);
-
-void p11_path_canon (char *name);
-
-#endif /* P11_PATH_H__ */
diff --git a/common/pkcs11.h b/common/pkcs11.h
deleted file mode 100644
index f8dc78e..0000000
--- a/common/pkcs11.h
+++ /dev/null
@@ -1,1398 +0,0 @@
-/* pkcs11.h
- Copyright 2006, 2007 g10 Code GmbH
- Copyright 2006 Andreas Jellinghaus
-
- This file is free software; as a special exception the author gives
- unlimited permission to copy and/or distribute it, with or without
- modifications, as long as this notice is preserved.
-
- This file is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY, to the extent permitted by law; without even
- the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
- PURPOSE. */
-
-/* Please submit changes back to the Scute project at
- http://www.scute.org/ (or send them to marcus@g10code.com), so that
- they can be picked up by other projects from there as well. */
-
-/* This file is a modified implementation of the PKCS #11 standard by
- RSA Security Inc. It is mostly a drop-in replacement, with the
- following change:
-
- This header file does not require any macro definitions by the user
- (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros
- for you (if useful, some are missing, let me know if you need
- more).
-
- There is an additional API available that does comply better to the
- GNU coding standard. It can be switched on by defining
- CRYPTOKI_GNU before including this header file. For this, the
- following changes are made to the specification:
-
- All structure types are changed to a "struct ck_foo" where CK_FOO
- is the type name in PKCS #11.
-
- All non-structure types are changed to ck_foo_t where CK_FOO is the
- lowercase version of the type name in PKCS #11. The basic types
- (CK_ULONG et al.) are removed without substitute.
-
- All members of structures are modified in the following way: Type
- indication prefixes are removed, and underscore characters are
- inserted before words. Then the result is lowercased.
-
- Note that function names are still in the original case, as they
- need for ABI compatibility.
-
- CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use
- <stdbool.h>.
-
- If CRYPTOKI_COMPAT is defined before including this header file,
- then none of the API changes above take place, and the API is the
- one defined by the PKCS #11 standard. */
-
-#ifndef PKCS11_H
-#define PKCS11_H 1
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-
-/* The version of cryptoki we implement. The revision is changed with
- each modification of this file. If you do not use the "official"
- version of this file, please consider deleting the revision macro
- (you may use a macro with a different name to keep track of your
- versions). */
-#define CRYPTOKI_VERSION_MAJOR 2
-#define CRYPTOKI_VERSION_MINOR 20
-#define CRYPTOKI_VERSION_REVISION 6
-
-
-/* Compatibility interface is default, unless CRYPTOKI_GNU is
- given. */
-#ifndef CRYPTOKI_GNU
-#ifndef CRYPTOKI_COMPAT
-#define CRYPTOKI_COMPAT 1
-#endif
-#endif
-
-/* System dependencies. */
-
-#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
-
-/* There is a matching pop below. */
-#pragma pack(push, cryptoki, 1)
-
-#ifdef CRYPTOKI_EXPORTS
-#define CK_SPEC __declspec(dllexport)
-#else
-#define CK_SPEC __declspec(dllimport)
-#endif
-
-#else
-
-#define CK_SPEC
-
-#endif
-
-
-#ifdef CRYPTOKI_COMPAT
- /* If we are in compatibility mode, switch all exposed names to the
- PKCS #11 variant. There are corresponding #undefs below. */
-
-#define ck_flags_t CK_FLAGS
-#define ck_version _CK_VERSION
-
-#define ck_info _CK_INFO
-#define cryptoki_version cryptokiVersion
-#define manufacturer_id manufacturerID
-#define library_description libraryDescription
-#define library_version libraryVersion
-
-#define ck_notification_t CK_NOTIFICATION
-#define ck_slot_id_t CK_SLOT_ID
-
-#define ck_slot_info _CK_SLOT_INFO
-#define slot_description slotDescription
-#define hardware_version hardwareVersion
-#define firmware_version firmwareVersion
-
-#define ck_token_info _CK_TOKEN_INFO
-#define serial_number serialNumber
-#define max_session_count ulMaxSessionCount
-#define session_count ulSessionCount
-#define max_rw_session_count ulMaxRwSessionCount
-#define rw_session_count ulRwSessionCount
-#define max_pin_len ulMaxPinLen
-#define min_pin_len ulMinPinLen
-#define total_public_memory ulTotalPublicMemory
-#define free_public_memory ulFreePublicMemory
-#define total_private_memory ulTotalPrivateMemory
-#define free_private_memory ulFreePrivateMemory
-#define utc_time utcTime
-
-#define ck_session_handle_t CK_SESSION_HANDLE
-#define ck_user_type_t CK_USER_TYPE
-#define ck_state_t CK_STATE
-
-#define ck_session_info _CK_SESSION_INFO
-#define slot_id slotID
-#define device_error ulDeviceError
-
-#define ck_object_handle_t CK_OBJECT_HANDLE
-#define ck_object_class_t CK_OBJECT_CLASS
-#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
-#define ck_key_type_t CK_KEY_TYPE
-#define ck_certificate_type_t CK_CERTIFICATE_TYPE
-#define ck_attribute_type_t CK_ATTRIBUTE_TYPE
-
-#define ck_attribute _CK_ATTRIBUTE
-#define value pValue
-#define value_len ulValueLen
-
-#define ck_date _CK_DATE
-
-#define ck_mechanism_type_t CK_MECHANISM_TYPE
-
-#define ck_mechanism _CK_MECHANISM
-#define parameter pParameter
-#define parameter_len ulParameterLen
-
-#define ck_mechanism_info _CK_MECHANISM_INFO
-#define min_key_size ulMinKeySize
-#define max_key_size ulMaxKeySize
-
-#define ck_rv_t CK_RV
-#define ck_notify_t CK_NOTIFY
-
-#define ck_function_list _CK_FUNCTION_LIST
-
-#define ck_createmutex_t CK_CREATEMUTEX
-#define ck_destroymutex_t CK_DESTROYMUTEX
-#define ck_lockmutex_t CK_LOCKMUTEX
-#define ck_unlockmutex_t CK_UNLOCKMUTEX
-
-#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
-#define create_mutex CreateMutex
-#define destroy_mutex DestroyMutex
-#define lock_mutex LockMutex
-#define unlock_mutex UnlockMutex
-#define reserved pReserved
-
-#endif /* CRYPTOKI_COMPAT */
-
-
-
-typedef unsigned long ck_flags_t;
-
-struct ck_version
-{
- unsigned char major;
- unsigned char minor;
-};
-
-
-struct ck_info
-{
- struct ck_version cryptoki_version;
- unsigned char manufacturer_id[32];
- ck_flags_t flags;
- unsigned char library_description[32];
- struct ck_version library_version;
-};
-
-
-typedef unsigned long ck_notification_t;
-
-#define CKN_SURRENDER (0UL)
-
-
-typedef unsigned long ck_slot_id_t;
-
-
-struct ck_slot_info
-{
- unsigned char slot_description[64];
- unsigned char manufacturer_id[32];
- ck_flags_t flags;
- struct ck_version hardware_version;
- struct ck_version firmware_version;
-};
-
-
-#define CKF_TOKEN_PRESENT (1UL << 0)
-#define CKF_REMOVABLE_DEVICE (1UL << 1)
-#define CKF_HW_SLOT (1UL << 2)
-#define CKF_ARRAY_ATTRIBUTE (1UL << 30)
-
-
-struct ck_token_info
-{
- unsigned char label[32];
- unsigned char manufacturer_id[32];
- unsigned char model[16];
- unsigned char serial_number[16];
- ck_flags_t flags;
- unsigned long max_session_count;
- unsigned long session_count;
- unsigned long max_rw_session_count;
- unsigned long rw_session_count;
- unsigned long max_pin_len;
- unsigned long min_pin_len;
- unsigned long total_public_memory;
- unsigned long free_public_memory;
- unsigned long total_private_memory;
- unsigned long free_private_memory;
- struct ck_version hardware_version;
- struct ck_version firmware_version;
- unsigned char utc_time[16];
-};
-
-
-#define CKF_RNG (1UL << 0)
-#define CKF_WRITE_PROTECTED (1UL << 1)
-#define CKF_LOGIN_REQUIRED (1UL << 2)
-#define CKF_USER_PIN_INITIALIZED (1UL << 3)
-#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5)
-#define CKF_CLOCK_ON_TOKEN (1UL << 6)
-#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8)
-#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9)
-#define CKF_TOKEN_INITIALIZED (1UL << 10)
-#define CKF_SECONDARY_AUTHENTICATION (1UL << 11)
-#define CKF_USER_PIN_COUNT_LOW (1UL << 16)
-#define CKF_USER_PIN_FINAL_TRY (1UL << 17)
-#define CKF_USER_PIN_LOCKED (1UL << 18)
-#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19)
-#define CKF_SO_PIN_COUNT_LOW (1UL << 20)
-#define CKF_SO_PIN_FINAL_TRY (1UL << 21)
-#define CKF_SO_PIN_LOCKED (1UL << 22)
-#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23)
-
-#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L)
-#define CK_EFFECTIVELY_INFINITE (0UL)
-
-
-typedef unsigned long ck_session_handle_t;
-
-#define CK_INVALID_HANDLE (0UL)
-
-
-typedef unsigned long ck_user_type_t;
-
-#define CKU_SO (0UL)
-#define CKU_USER (1UL)
-#define CKU_CONTEXT_SPECIFIC (2UL)
-
-
-typedef unsigned long ck_state_t;
-
-#define CKS_RO_PUBLIC_SESSION (0UL)
-#define CKS_RO_USER_FUNCTIONS (1UL)
-#define CKS_RW_PUBLIC_SESSION (2UL)
-#define CKS_RW_USER_FUNCTIONS (3UL)
-#define CKS_RW_SO_FUNCTIONS (4UL)
-
-
-struct ck_session_info
-{
- ck_slot_id_t slot_id;
- ck_state_t state;
- ck_flags_t flags;
- unsigned long device_error;
-};
-
-#define CKF_RW_SESSION (1UL << 1)
-#define CKF_SERIAL_SESSION (1UL << 2)
-
-
-typedef unsigned long ck_object_handle_t;
-
-
-typedef unsigned long ck_object_class_t;
-
-#define CKO_DATA (0UL)
-#define CKO_CERTIFICATE (1UL)
-#define CKO_PUBLIC_KEY (2UL)
-#define CKO_PRIVATE_KEY (3UL)
-#define CKO_SECRET_KEY (4UL)
-#define CKO_HW_FEATURE (5UL)
-#define CKO_DOMAIN_PARAMETERS (6UL)
-#define CKO_MECHANISM (7UL)
-#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31))
-
-
-typedef unsigned long ck_hw_feature_type_t;
-
-#define CKH_MONOTONIC_COUNTER (1UL)
-#define CKH_CLOCK (2UL)
-#define CKH_USER_INTERFACE (3UL)
-#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31))
-
-
-typedef unsigned long ck_key_type_t;
-
-#define CKK_RSA (0UL)
-#define CKK_DSA (1UL)
-#define CKK_DH (2UL)
-#define CKK_ECDSA (3UL)
-#define CKK_EC (3UL)
-#define CKK_X9_42_DH (4UL)
-#define CKK_KEA (5UL)
-#define CKK_GENERIC_SECRET (0x10UL)
-#define CKK_RC2 (0x11UL)
-#define CKK_RC4 (0x12UL)
-#define CKK_DES (0x13UL)
-#define CKK_DES2 (0x14UL)
-#define CKK_DES3 (0x15UL)
-#define CKK_CAST (0x16UL)
-#define CKK_CAST3 (0x17UL)
-#define CKK_CAST128 (0x18UL)
-#define CKK_RC5 (0x19UL)
-#define CKK_IDEA (0x1aUL)
-#define CKK_SKIPJACK (0x1bUL)
-#define CKK_BATON (0x1cUL)
-#define CKK_JUNIPER (0x1dUL)
-#define CKK_CDMF (0x1eUL)
-#define CKK_AES (0x1fUL)
-#define CKK_BLOWFISH (0x20UL)
-#define CKK_TWOFISH (0x21UL)
-#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31))
-
-
-typedef unsigned long ck_certificate_type_t;
-
-#define CKC_X_509 (0UL)
-#define CKC_X_509_ATTR_CERT (1UL)
-#define CKC_WTLS (2UL)
-#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31))
-
-
-typedef unsigned long ck_attribute_type_t;
-
-#define CKA_CLASS (0UL)
-#define CKA_TOKEN (1UL)
-#define CKA_PRIVATE (2UL)
-#define CKA_LABEL (3UL)
-#define CKA_APPLICATION (0x10UL)
-#define CKA_VALUE (0x11UL)
-#define CKA_OBJECT_ID (0x12UL)
-#define CKA_CERTIFICATE_TYPE (0x80UL)
-#define CKA_ISSUER (0x81UL)
-#define CKA_SERIAL_NUMBER (0x82UL)
-#define CKA_AC_ISSUER (0x83UL)
-#define CKA_OWNER (0x84UL)
-#define CKA_ATTR_TYPES (0x85UL)
-#define CKA_TRUSTED (0x86UL)
-#define CKA_CERTIFICATE_CATEGORY (0x87UL)
-#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL)
-#define CKA_URL (0x89UL)
-#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL)
-#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL)
-#define CKA_CHECK_VALUE (0x90UL)
-#define CKA_KEY_TYPE (0x100UL)
-#define CKA_SUBJECT (0x101UL)
-#define CKA_ID (0x102UL)
-#define CKA_SENSITIVE (0x103UL)
-#define CKA_ENCRYPT (0x104UL)
-#define CKA_DECRYPT (0x105UL)
-#define CKA_WRAP (0x106UL)
-#define CKA_UNWRAP (0x107UL)
-#define CKA_SIGN (0x108UL)
-#define CKA_SIGN_RECOVER (0x109UL)
-#define CKA_VERIFY (0x10aUL)
-#define CKA_VERIFY_RECOVER (0x10bUL)
-#define CKA_DERIVE (0x10cUL)
-#define CKA_START_DATE (0x110UL)
-#define CKA_END_DATE (0x111UL)
-#define CKA_MODULUS (0x120UL)
-#define CKA_MODULUS_BITS (0x121UL)
-#define CKA_PUBLIC_EXPONENT (0x122UL)
-#define CKA_PRIVATE_EXPONENT (0x123UL)
-#define CKA_PRIME_1 (0x124UL)
-#define CKA_PRIME_2 (0x125UL)
-#define CKA_EXPONENT_1 (0x126UL)
-#define CKA_EXPONENT_2 (0x127UL)
-#define CKA_COEFFICIENT (0x128UL)
-#define CKA_PRIME (0x130UL)
-#define CKA_SUBPRIME (0x131UL)
-#define CKA_BASE (0x132UL)
-#define CKA_PRIME_BITS (0x133UL)
-#define CKA_SUB_PRIME_BITS (0x134UL)
-#define CKA_VALUE_BITS (0x160UL)
-#define CKA_VALUE_LEN (0x161UL)
-#define CKA_EXTRACTABLE (0x162UL)
-#define CKA_LOCAL (0x163UL)
-#define CKA_NEVER_EXTRACTABLE (0x164UL)
-#define CKA_ALWAYS_SENSITIVE (0x165UL)
-#define CKA_KEY_GEN_MECHANISM (0x166UL)
-#define CKA_MODIFIABLE (0x170UL)
-#define CKA_ECDSA_PARAMS (0x180UL)
-#define CKA_EC_PARAMS (0x180UL)
-#define CKA_EC_POINT (0x181UL)
-#define CKA_SECONDARY_AUTH (0x200UL)
-#define CKA_AUTH_PIN_FLAGS (0x201UL)
-#define CKA_ALWAYS_AUTHENTICATE (0x202UL)
-#define CKA_WRAP_WITH_TRUSTED (0x210UL)
-#define CKA_HW_FEATURE_TYPE (0x300UL)
-#define CKA_RESET_ON_INIT (0x301UL)
-#define CKA_HAS_RESET (0x302UL)
-#define CKA_PIXEL_X (0x400UL)
-#define CKA_PIXEL_Y (0x401UL)
-#define CKA_RESOLUTION (0x402UL)
-#define CKA_CHAR_ROWS (0x403UL)
-#define CKA_CHAR_COLUMNS (0x404UL)
-#define CKA_COLOR (0x405UL)
-#define CKA_BITS_PER_PIXEL (0x406UL)
-#define CKA_CHAR_SETS (0x480UL)
-#define CKA_ENCODING_METHODS (0x481UL)
-#define CKA_MIME_TYPES (0x482UL)
-#define CKA_MECHANISM_TYPE (0x500UL)
-#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL)
-#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL)
-#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL)
-#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL)
-#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL)
-#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL)
-#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31))
-
-
-struct ck_attribute
-{
- ck_attribute_type_t type;
- void *value;
- unsigned long value_len;
-};
-
-
-struct ck_date
-{
- unsigned char year[4];
- unsigned char month[2];
- unsigned char day[2];
-};
-
-
-typedef unsigned long ck_mechanism_type_t;
-
-#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL)
-#define CKM_RSA_PKCS (1UL)
-#define CKM_RSA_9796 (2UL)
-#define CKM_RSA_X_509 (3UL)
-#define CKM_MD2_RSA_PKCS (4UL)
-#define CKM_MD5_RSA_PKCS (5UL)
-#define CKM_SHA1_RSA_PKCS (6UL)
-#define CKM_RIPEMD128_RSA_PKCS (7UL)
-#define CKM_RIPEMD160_RSA_PKCS (8UL)
-#define CKM_RSA_PKCS_OAEP (9UL)
-#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL)
-#define CKM_RSA_X9_31 (0xbUL)
-#define CKM_SHA1_RSA_X9_31 (0xcUL)
-#define CKM_RSA_PKCS_PSS (0xdUL)
-#define CKM_SHA1_RSA_PKCS_PSS (0xeUL)
-#define CKM_DSA_KEY_PAIR_GEN (0x10UL)
-#define CKM_DSA (0x11UL)
-#define CKM_DSA_SHA1 (0x12UL)
-#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL)
-#define CKM_DH_PKCS_DERIVE (0x21UL)
-#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL)
-#define CKM_X9_42_DH_DERIVE (0x31UL)
-#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL)
-#define CKM_X9_42_MQV_DERIVE (0x33UL)
-#define CKM_SHA256_RSA_PKCS (0x40UL)
-#define CKM_SHA384_RSA_PKCS (0x41UL)
-#define CKM_SHA512_RSA_PKCS (0x42UL)
-#define CKM_SHA256_RSA_PKCS_PSS (0x43UL)
-#define CKM_SHA384_RSA_PKCS_PSS (0x44UL)
-#define CKM_SHA512_RSA_PKCS_PSS (0x45UL)
-#define CKM_RC2_KEY_GEN (0x100UL)
-#define CKM_RC2_ECB (0x101UL)
-#define CKM_RC2_CBC (0x102UL)
-#define CKM_RC2_MAC (0x103UL)
-#define CKM_RC2_MAC_GENERAL (0x104UL)
-#define CKM_RC2_CBC_PAD (0x105UL)
-#define CKM_RC4_KEY_GEN (0x110UL)
-#define CKM_RC4 (0x111UL)
-#define CKM_DES_KEY_GEN (0x120UL)
-#define CKM_DES_ECB (0x121UL)
-#define CKM_DES_CBC (0x122UL)
-#define CKM_DES_MAC (0x123UL)
-#define CKM_DES_MAC_GENERAL (0x124UL)
-#define CKM_DES_CBC_PAD (0x125UL)
-#define CKM_DES2_KEY_GEN (0x130UL)
-#define CKM_DES3_KEY_GEN (0x131UL)
-#define CKM_DES3_ECB (0x132UL)
-#define CKM_DES3_CBC (0x133UL)
-#define CKM_DES3_MAC (0x134UL)
-#define CKM_DES3_MAC_GENERAL (0x135UL)
-#define CKM_DES3_CBC_PAD (0x136UL)
-#define CKM_CDMF_KEY_GEN (0x140UL)
-#define CKM_CDMF_ECB (0x141UL)
-#define CKM_CDMF_CBC (0x142UL)
-#define CKM_CDMF_MAC (0x143UL)
-#define CKM_CDMF_MAC_GENERAL (0x144UL)
-#define CKM_CDMF_CBC_PAD (0x145UL)
-#define CKM_DES_OFB64 (0x150UL)
-#define CKM_DES_OFB8 (0x151UL)
-#define CKM_DES_CFB64 (0x152UL)
-#define CKM_DES_CFB8 (0x153UL)
-#define CKM_MD2 (0x200UL)
-#define CKM_MD2_HMAC (0x201UL)
-#define CKM_MD2_HMAC_GENERAL (0x202UL)
-#define CKM_MD5 (0x210UL)
-#define CKM_MD5_HMAC (0x211UL)
-#define CKM_MD5_HMAC_GENERAL (0x212UL)
-#define CKM_SHA_1 (0x220UL)
-#define CKM_SHA_1_HMAC (0x221UL)
-#define CKM_SHA_1_HMAC_GENERAL (0x222UL)
-#define CKM_RIPEMD128 (0x230UL)
-#define CKM_RIPEMD128_HMAC (0x231UL)
-#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL)
-#define CKM_RIPEMD160 (0x240UL)
-#define CKM_RIPEMD160_HMAC (0x241UL)
-#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL)
-#define CKM_SHA256 (0x250UL)
-#define CKM_SHA256_HMAC (0x251UL)
-#define CKM_SHA256_HMAC_GENERAL (0x252UL)
-#define CKM_SHA384 (0x260UL)
-#define CKM_SHA384_HMAC (0x261UL)
-#define CKM_SHA384_HMAC_GENERAL (0x262UL)
-#define CKM_SHA512 (0x270UL)
-#define CKM_SHA512_HMAC (0x271UL)
-#define CKM_SHA512_HMAC_GENERAL (0x272UL)
-#define CKM_CAST_KEY_GEN (0x300UL)
-#define CKM_CAST_ECB (0x301UL)
-#define CKM_CAST_CBC (0x302UL)
-#define CKM_CAST_MAC (0x303UL)
-#define CKM_CAST_MAC_GENERAL (0x304UL)
-#define CKM_CAST_CBC_PAD (0x305UL)
-#define CKM_CAST3_KEY_GEN (0x310UL)
-#define CKM_CAST3_ECB (0x311UL)
-#define CKM_CAST3_CBC (0x312UL)
-#define CKM_CAST3_MAC (0x313UL)
-#define CKM_CAST3_MAC_GENERAL (0x314UL)
-#define CKM_CAST3_CBC_PAD (0x315UL)
-#define CKM_CAST5_KEY_GEN (0x320UL)
-#define CKM_CAST128_KEY_GEN (0x320UL)
-#define CKM_CAST5_ECB (0x321UL)
-#define CKM_CAST128_ECB (0x321UL)
-#define CKM_CAST5_CBC (0x322UL)
-#define CKM_CAST128_CBC (0x322UL)
-#define CKM_CAST5_MAC (0x323UL)
-#define CKM_CAST128_MAC (0x323UL)
-#define CKM_CAST5_MAC_GENERAL (0x324UL)
-#define CKM_CAST128_MAC_GENERAL (0x324UL)
-#define CKM_CAST5_CBC_PAD (0x325UL)
-#define CKM_CAST128_CBC_PAD (0x325UL)
-#define CKM_RC5_KEY_GEN (0x330UL)
-#define CKM_RC5_ECB (0x331UL)
-#define CKM_RC5_CBC (0x332UL)
-#define CKM_RC5_MAC (0x333UL)
-#define CKM_RC5_MAC_GENERAL (0x334UL)
-#define CKM_RC5_CBC_PAD (0x335UL)
-#define CKM_IDEA_KEY_GEN (0x340UL)
-#define CKM_IDEA_ECB (0x341UL)
-#define CKM_IDEA_CBC (0x342UL)
-#define CKM_IDEA_MAC (0x343UL)
-#define CKM_IDEA_MAC_GENERAL (0x344UL)
-#define CKM_IDEA_CBC_PAD (0x345UL)
-#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL)
-#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL)
-#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL)
-#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL)
-#define CKM_XOR_BASE_AND_DATA (0x364UL)
-#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL)
-#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL)
-#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL)
-#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL)
-#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL)
-#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL)
-#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL)
-#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL)
-#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL)
-#define CKM_TLS_PRF (0x378UL)
-#define CKM_SSL3_MD5_MAC (0x380UL)
-#define CKM_SSL3_SHA1_MAC (0x381UL)
-#define CKM_MD5_KEY_DERIVATION (0x390UL)
-#define CKM_MD2_KEY_DERIVATION (0x391UL)
-#define CKM_SHA1_KEY_DERIVATION (0x392UL)
-#define CKM_SHA256_KEY_DERIVATION (0x393UL)
-#define CKM_SHA384_KEY_DERIVATION (0x394UL)
-#define CKM_SHA512_KEY_DERIVATION (0x395UL)
-#define CKM_PBE_MD2_DES_CBC (0x3a0UL)
-#define CKM_PBE_MD5_DES_CBC (0x3a1UL)
-#define CKM_PBE_MD5_CAST_CBC (0x3a2UL)
-#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL)
-#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL)
-#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL)
-#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL)
-#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL)
-#define CKM_PBE_SHA1_RC4_128 (0x3a6UL)
-#define CKM_PBE_SHA1_RC4_40 (0x3a7UL)
-#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL)
-#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL)
-#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL)
-#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL)
-#define CKM_PKCS5_PBKD2 (0x3b0UL)
-#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL)
-#define CKM_WTLS_PRE_MASTER_KEY_GEN (0x3d0UL)
-#define CKM_WTLS_MASTER_KEY_DERIVE (0x3d1UL)
-#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC (0x3d2UL)
-#define CKM_WTLS_PRF (0x3d3UL)
-#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE (0x3d4UL)
-#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE (0x3d5UL)
-#define CKM_KEY_WRAP_LYNKS (0x400UL)
-#define CKM_KEY_WRAP_SET_OAEP (0x401UL)
-#define CKM_CMS_SIG (0x500UL)
-#define CKM_SKIPJACK_KEY_GEN (0x1000UL)
-#define CKM_SKIPJACK_ECB64 (0x1001UL)
-#define CKM_SKIPJACK_CBC64 (0x1002UL)
-#define CKM_SKIPJACK_OFB64 (0x1003UL)
-#define CKM_SKIPJACK_CFB64 (0x1004UL)
-#define CKM_SKIPJACK_CFB32 (0x1005UL)
-#define CKM_SKIPJACK_CFB16 (0x1006UL)
-#define CKM_SKIPJACK_CFB8 (0x1007UL)
-#define CKM_SKIPJACK_WRAP (0x1008UL)
-#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL)
-#define CKM_SKIPJACK_RELAYX (0x100aUL)
-#define CKM_KEA_KEY_PAIR_GEN (0x1010UL)
-#define CKM_KEA_KEY_DERIVE (0x1011UL)
-#define CKM_FORTEZZA_TIMESTAMP (0x1020UL)
-#define CKM_BATON_KEY_GEN (0x1030UL)
-#define CKM_BATON_ECB128 (0x1031UL)
-#define CKM_BATON_ECB96 (0x1032UL)
-#define CKM_BATON_CBC128 (0x1033UL)
-#define CKM_BATON_COUNTER (0x1034UL)
-#define CKM_BATON_SHUFFLE (0x1035UL)
-#define CKM_BATON_WRAP (0x1036UL)
-#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL)
-#define CKM_EC_KEY_PAIR_GEN (0x1040UL)
-#define CKM_ECDSA (0x1041UL)
-#define CKM_ECDSA_SHA1 (0x1042UL)
-#define CKM_ECDH1_DERIVE (0x1050UL)
-#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL)
-#define CKM_ECMQV_DERIVE (0x1052UL)
-#define CKM_JUNIPER_KEY_GEN (0x1060UL)
-#define CKM_JUNIPER_ECB128 (0x1061UL)
-#define CKM_JUNIPER_CBC128 (0x1062UL)
-#define CKM_JUNIPER_COUNTER (0x1063UL)
-#define CKM_JUNIPER_SHUFFLE (0x1064UL)
-#define CKM_JUNIPER_WRAP (0x1065UL)
-#define CKM_FASTHASH (0x1070UL)
-#define CKM_AES_KEY_GEN (0x1080UL)
-#define CKM_AES_ECB (0x1081UL)
-#define CKM_AES_CBC (0x1082UL)
-#define CKM_AES_MAC (0x1083UL)
-#define CKM_AES_MAC_GENERAL (0x1084UL)
-#define CKM_AES_CBC_PAD (0x1085UL)
-#define CKM_BLOWFISH_KEY_GEN (0x1090UL)
-#define CKM_BLOWFISH_CBC (0x1091UL)
-#define CKM_TWOFISH_KEY_GEN (0x1092UL)
-#define CKM_TWOFISH_CBC (0x1093UL)
-#define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL)
-#define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL)
-#define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL)
-#define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL)
-#define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL)
-#define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL)
-#define CKM_DSA_PARAMETER_GEN (0x2000UL)
-#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL)
-#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL)
-#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31))
-
-/* Ammendments */
-#define CKM_SHA224 (0x255UL)
-#define CKM_SHA224_HMAC (0x256UL)
-#define CKM_SHA224_HMAC_GENERAL (0x257UL)
-#define CKM_SHA224_RSA_PKCS (0x46UL)
-#define CKM_SHA224_RSA_PKCS_PSS (0x47UL)
-#define CKM_SHA224_KEY_DERIVATION (0x396UL)
-
-#define CKM_CAMELLIA_KEY_GEN (0x550UL)
-#define CKM_CAMELLIA_ECB (0x551UL)
-#define CKM_CAMELLIA_CBC (0x552UL)
-#define CKM_CAMELLIA_MAC (0x553UL)
-#define CKM_CAMELLIA_MAC_GENERAL (0x554UL)
-#define CKM_CAMELLIA_CBC_PAD (0x555UL)
-#define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556UL)
-#define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557UL)
-
-struct ck_mechanism
-{
- ck_mechanism_type_t mechanism;
- void *parameter;
- unsigned long parameter_len;
-};
-
-
-struct ck_mechanism_info
-{
- unsigned long min_key_size;
- unsigned long max_key_size;
- ck_flags_t flags;
-};
-
-#define CKF_HW (1UL << 0)
-#define CKF_ENCRYPT (1UL << 8)
-#define CKF_DECRYPT (1UL << 9)
-#define CKF_DIGEST (1UL << 10)
-#define CKF_SIGN (1UL << 11)
-#define CKF_SIGN_RECOVER (1UL << 12)
-#define CKF_VERIFY (1UL << 13)
-#define CKF_VERIFY_RECOVER (1UL << 14)
-#define CKF_GENERATE (1UL << 15)
-#define CKF_GENERATE_KEY_PAIR (1UL << 16)
-#define CKF_WRAP (1UL << 17)
-#define CKF_UNWRAP (1UL << 18)
-#define CKF_DERIVE (1UL << 19)
-#define CKF_EXTENSION ((unsigned long) (1UL << 31))
-
-
-/* Flags for C_WaitForSlotEvent. */
-#define CKF_DONT_BLOCK (1UL)
-
-
-typedef unsigned long ck_rv_t;
-
-
-typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
- ck_notification_t event, void *application);
-
-/* Forward reference. */
-struct ck_function_list;
-
-#define _CK_DECLARE_FUNCTION(name, args) \
-typedef ck_rv_t (*CK_ ## name) args; \
-ck_rv_t CK_SPEC name args
-
-_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
-_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
-_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
-_CK_DECLARE_FUNCTION (C_GetFunctionList,
- (struct ck_function_list **function_list));
-
-_CK_DECLARE_FUNCTION (C_GetSlotList,
- (unsigned char token_present, ck_slot_id_t *slot_list,
- unsigned long *count));
-_CK_DECLARE_FUNCTION (C_GetSlotInfo,
- (ck_slot_id_t slot_id, struct ck_slot_info *info));
-_CK_DECLARE_FUNCTION (C_GetTokenInfo,
- (ck_slot_id_t slot_id, struct ck_token_info *info));
-_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
- (ck_flags_t flags, ck_slot_id_t *slot, void *reserved));
-_CK_DECLARE_FUNCTION (C_GetMechanismList,
- (ck_slot_id_t slot_id,
- ck_mechanism_type_t *mechanism_list,
- unsigned long *count));
-_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
- (ck_slot_id_t slot_id, ck_mechanism_type_t type,
- struct ck_mechanism_info *info));
-_CK_DECLARE_FUNCTION (C_InitToken,
- (ck_slot_id_t slot_id, unsigned char *pin,
- unsigned long pin_len, unsigned char *label));
-_CK_DECLARE_FUNCTION (C_InitPIN,
- (ck_session_handle_t session, unsigned char *pin,
- unsigned long pin_len));
-_CK_DECLARE_FUNCTION (C_SetPIN,
- (ck_session_handle_t session, unsigned char *old_pin,
- unsigned long old_len, unsigned char *new_pin,
- unsigned long new_len));
-
-_CK_DECLARE_FUNCTION (C_OpenSession,
- (ck_slot_id_t slot_id, ck_flags_t flags,
- void *application, ck_notify_t notify,
- ck_session_handle_t *session));
-_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
-_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
-_CK_DECLARE_FUNCTION (C_GetSessionInfo,
- (ck_session_handle_t session,
- struct ck_session_info *info));
-_CK_DECLARE_FUNCTION (C_GetOperationState,
- (ck_session_handle_t session,
- unsigned char *operation_state,
- unsigned long *operation_state_len));
-_CK_DECLARE_FUNCTION (C_SetOperationState,
- (ck_session_handle_t session,
- unsigned char *operation_state,
- unsigned long operation_state_len,
- ck_object_handle_t encryption_key,
- ck_object_handle_t authentiation_key));
-_CK_DECLARE_FUNCTION (C_Login,
- (ck_session_handle_t session, ck_user_type_t user_type,
- unsigned char *pin, unsigned long pin_len));
-_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
-
-_CK_DECLARE_FUNCTION (C_CreateObject,
- (ck_session_handle_t session,
- struct ck_attribute *templ,
- unsigned long count, ck_object_handle_t *object));
-_CK_DECLARE_FUNCTION (C_CopyObject,
- (ck_session_handle_t session, ck_object_handle_t object,
- struct ck_attribute *templ, unsigned long count,
- ck_object_handle_t *new_object));
-_CK_DECLARE_FUNCTION (C_DestroyObject,
- (ck_session_handle_t session,
- ck_object_handle_t object));
-_CK_DECLARE_FUNCTION (C_GetObjectSize,
- (ck_session_handle_t session,
- ck_object_handle_t object,
- unsigned long *size));
-_CK_DECLARE_FUNCTION (C_GetAttributeValue,
- (ck_session_handle_t session,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count));
-_CK_DECLARE_FUNCTION (C_SetAttributeValue,
- (ck_session_handle_t session,
- ck_object_handle_t object,
- struct ck_attribute *templ,
- unsigned long count));
-_CK_DECLARE_FUNCTION (C_FindObjectsInit,
- (ck_session_handle_t session,
- struct ck_attribute *templ,
- unsigned long count));
-_CK_DECLARE_FUNCTION (C_FindObjects,
- (ck_session_handle_t session,
- ck_object_handle_t *object,
- unsigned long max_object_count,
- unsigned long *object_count));
-_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
- (ck_session_handle_t session));
-
-_CK_DECLARE_FUNCTION (C_EncryptInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Encrypt,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *encrypted_data,
- unsigned long *encrypted_data_len));
-_CK_DECLARE_FUNCTION (C_EncryptUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_EncryptFinal,
- (ck_session_handle_t session,
- unsigned char *last_encrypted_part,
- unsigned long *last_encrypted_part_len));
-
-_CK_DECLARE_FUNCTION (C_DecryptInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Decrypt,
- (ck_session_handle_t session,
- unsigned char *encrypted_data,
- unsigned long encrypted_data_len,
- unsigned char *data, unsigned long *data_len));
-_CK_DECLARE_FUNCTION (C_DecryptUpdate,
- (ck_session_handle_t session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part, unsigned long *part_len));
-_CK_DECLARE_FUNCTION (C_DecryptFinal,
- (ck_session_handle_t session,
- unsigned char *last_part,
- unsigned long *last_part_len));
-
-_CK_DECLARE_FUNCTION (C_DigestInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism));
-_CK_DECLARE_FUNCTION (C_Digest,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *digest,
- unsigned long *digest_len));
-_CK_DECLARE_FUNCTION (C_DigestUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_DigestKey,
- (ck_session_handle_t session, ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_DigestFinal,
- (ck_session_handle_t session,
- unsigned char *digest,
- unsigned long *digest_len));
-
-_CK_DECLARE_FUNCTION (C_SignInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Sign,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len));
-_CK_DECLARE_FUNCTION (C_SignUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_SignFinal,
- (ck_session_handle_t session,
- unsigned char *signature,
- unsigned long *signature_len));
-_CK_DECLARE_FUNCTION (C_SignRecoverInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_SignRecover,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long *signature_len));
-
-_CK_DECLARE_FUNCTION (C_VerifyInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_Verify,
- (ck_session_handle_t session,
- unsigned char *data, unsigned long data_len,
- unsigned char *signature,
- unsigned long signature_len));
-_CK_DECLARE_FUNCTION (C_VerifyUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len));
-_CK_DECLARE_FUNCTION (C_VerifyFinal,
- (ck_session_handle_t session,
- unsigned char *signature,
- unsigned long signature_len));
-_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t key));
-_CK_DECLARE_FUNCTION (C_VerifyRecover,
- (ck_session_handle_t session,
- unsigned char *signature,
- unsigned long signature_len,
- unsigned char *data,
- unsigned long *data_len));
-
-_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
- (ck_session_handle_t session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len));
-_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
- (ck_session_handle_t session,
- unsigned char *part, unsigned long part_len,
- unsigned char *encrypted_part,
- unsigned long *encrypted_part_len));
-_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
- (ck_session_handle_t session,
- unsigned char *encrypted_part,
- unsigned long encrypted_part_len,
- unsigned char *part,
- unsigned long *part_len));
-
-_CK_DECLARE_FUNCTION (C_GenerateKey,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- struct ck_attribute *templ,
- unsigned long count,
- ck_object_handle_t *key));
-_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- struct ck_attribute *public_key_template,
- unsigned long public_key_attribute_count,
- struct ck_attribute *private_key_template,
- unsigned long private_key_attribute_count,
- ck_object_handle_t *public_key,
- ck_object_handle_t *private_key));
-_CK_DECLARE_FUNCTION (C_WrapKey,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t wrapping_key,
- ck_object_handle_t key,
- unsigned char *wrapped_key,
- unsigned long *wrapped_key_len));
-_CK_DECLARE_FUNCTION (C_UnwrapKey,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t unwrapping_key,
- unsigned char *wrapped_key,
- unsigned long wrapped_key_len,
- struct ck_attribute *templ,
- unsigned long attribute_count,
- ck_object_handle_t *key));
-_CK_DECLARE_FUNCTION (C_DeriveKey,
- (ck_session_handle_t session,
- struct ck_mechanism *mechanism,
- ck_object_handle_t base_key,
- struct ck_attribute *templ,
- unsigned long attribute_count,
- ck_object_handle_t *key));
-
-_CK_DECLARE_FUNCTION (C_SeedRandom,
- (ck_session_handle_t session, unsigned char *seed,
- unsigned long seed_len));
-_CK_DECLARE_FUNCTION (C_GenerateRandom,
- (ck_session_handle_t session,
- unsigned char *random_data,
- unsigned long random_len));
-
-_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
-_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
-
-
-struct ck_function_list
-{
- struct ck_version version;
- CK_C_Initialize C_Initialize;
- CK_C_Finalize C_Finalize;
- CK_C_GetInfo C_GetInfo;
- CK_C_GetFunctionList C_GetFunctionList;
- CK_C_GetSlotList C_GetSlotList;
- CK_C_GetSlotInfo C_GetSlotInfo;
- CK_C_GetTokenInfo C_GetTokenInfo;
- CK_C_GetMechanismList C_GetMechanismList;
- CK_C_GetMechanismInfo C_GetMechanismInfo;
- CK_C_InitToken C_InitToken;
- CK_C_InitPIN C_InitPIN;
- CK_C_SetPIN C_SetPIN;
- CK_C_OpenSession C_OpenSession;
- CK_C_CloseSession C_CloseSession;
- CK_C_CloseAllSessions C_CloseAllSessions;
- CK_C_GetSessionInfo C_GetSessionInfo;
- CK_C_GetOperationState C_GetOperationState;
- CK_C_SetOperationState C_SetOperationState;
- CK_C_Login C_Login;
- CK_C_Logout C_Logout;
- CK_C_CreateObject C_CreateObject;
- CK_C_CopyObject C_CopyObject;
- CK_C_DestroyObject C_DestroyObject;
- CK_C_GetObjectSize C_GetObjectSize;
- CK_C_GetAttributeValue C_GetAttributeValue;
- CK_C_SetAttributeValue C_SetAttributeValue;
- CK_C_FindObjectsInit C_FindObjectsInit;
- CK_C_FindObjects C_FindObjects;
- CK_C_FindObjectsFinal C_FindObjectsFinal;
- CK_C_EncryptInit C_EncryptInit;
- CK_C_Encrypt C_Encrypt;
- CK_C_EncryptUpdate C_EncryptUpdate;
- CK_C_EncryptFinal C_EncryptFinal;
- CK_C_DecryptInit C_DecryptInit;
- CK_C_Decrypt C_Decrypt;
- CK_C_DecryptUpdate C_DecryptUpdate;
- CK_C_DecryptFinal C_DecryptFinal;
- CK_C_DigestInit C_DigestInit;
- CK_C_Digest C_Digest;
- CK_C_DigestUpdate C_DigestUpdate;
- CK_C_DigestKey C_DigestKey;
- CK_C_DigestFinal C_DigestFinal;
- CK_C_SignInit C_SignInit;
- CK_C_Sign C_Sign;
- CK_C_SignUpdate C_SignUpdate;
- CK_C_SignFinal C_SignFinal;
- CK_C_SignRecoverInit C_SignRecoverInit;
- CK_C_SignRecover C_SignRecover;
- CK_C_VerifyInit C_VerifyInit;
- CK_C_Verify C_Verify;
- CK_C_VerifyUpdate C_VerifyUpdate;
- CK_C_VerifyFinal C_VerifyFinal;
- CK_C_VerifyRecoverInit C_VerifyRecoverInit;
- CK_C_VerifyRecover C_VerifyRecover;
- CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
- CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
- CK_C_SignEncryptUpdate C_SignEncryptUpdate;
- CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
- CK_C_GenerateKey C_GenerateKey;
- CK_C_GenerateKeyPair C_GenerateKeyPair;
- CK_C_WrapKey C_WrapKey;
- CK_C_UnwrapKey C_UnwrapKey;
- CK_C_DeriveKey C_DeriveKey;
- CK_C_SeedRandom C_SeedRandom;
- CK_C_GenerateRandom C_GenerateRandom;
- CK_C_GetFunctionStatus C_GetFunctionStatus;
- CK_C_CancelFunction C_CancelFunction;
- CK_C_WaitForSlotEvent C_WaitForSlotEvent;
-};
-
-
-typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
-typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
-typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
-typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
-
-
-struct ck_c_initialize_args
-{
- ck_createmutex_t create_mutex;
- ck_destroymutex_t destroy_mutex;
- ck_lockmutex_t lock_mutex;
- ck_unlockmutex_t unlock_mutex;
- ck_flags_t flags;
- void *reserved;
-};
-
-
-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0)
-#define CKF_OS_LOCKING_OK (1UL << 1)
-
-#define CKR_OK (0UL)
-#define CKR_CANCEL (1UL)
-#define CKR_HOST_MEMORY (2UL)
-#define CKR_SLOT_ID_INVALID (3UL)
-#define CKR_GENERAL_ERROR (5UL)
-#define CKR_FUNCTION_FAILED (6UL)
-#define CKR_ARGUMENTS_BAD (7UL)
-#define CKR_NO_EVENT (8UL)
-#define CKR_NEED_TO_CREATE_THREADS (9UL)
-#define CKR_CANT_LOCK (0xaUL)
-#define CKR_ATTRIBUTE_READ_ONLY (0x10UL)
-#define CKR_ATTRIBUTE_SENSITIVE (0x11UL)
-#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL)
-#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL)
-#define CKR_DATA_INVALID (0x20UL)
-#define CKR_DATA_LEN_RANGE (0x21UL)
-#define CKR_DEVICE_ERROR (0x30UL)
-#define CKR_DEVICE_MEMORY (0x31UL)
-#define CKR_DEVICE_REMOVED (0x32UL)
-#define CKR_ENCRYPTED_DATA_INVALID (0x40UL)
-#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL)
-#define CKR_FUNCTION_CANCELED (0x50UL)
-#define CKR_FUNCTION_NOT_PARALLEL (0x51UL)
-#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL)
-#define CKR_KEY_HANDLE_INVALID (0x60UL)
-#define CKR_KEY_SIZE_RANGE (0x62UL)
-#define CKR_KEY_TYPE_INCONSISTENT (0x63UL)
-#define CKR_KEY_NOT_NEEDED (0x64UL)
-#define CKR_KEY_CHANGED (0x65UL)
-#define CKR_KEY_NEEDED (0x66UL)
-#define CKR_KEY_INDIGESTIBLE (0x67UL)
-#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL)
-#define CKR_KEY_NOT_WRAPPABLE (0x69UL)
-#define CKR_KEY_UNEXTRACTABLE (0x6aUL)
-#define CKR_MECHANISM_INVALID (0x70UL)
-#define CKR_MECHANISM_PARAM_INVALID (0x71UL)
-#define CKR_OBJECT_HANDLE_INVALID (0x82UL)
-#define CKR_OPERATION_ACTIVE (0x90UL)
-#define CKR_OPERATION_NOT_INITIALIZED (0x91UL)
-#define CKR_PIN_INCORRECT (0xa0UL)
-#define CKR_PIN_INVALID (0xa1UL)
-#define CKR_PIN_LEN_RANGE (0xa2UL)
-#define CKR_PIN_EXPIRED (0xa3UL)
-#define CKR_PIN_LOCKED (0xa4UL)
-#define CKR_SESSION_CLOSED (0xb0UL)
-#define CKR_SESSION_COUNT (0xb1UL)
-#define CKR_SESSION_HANDLE_INVALID (0xb3UL)
-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL)
-#define CKR_SESSION_READ_ONLY (0xb5UL)
-#define CKR_SESSION_EXISTS (0xb6UL)
-#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL)
-#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL)
-#define CKR_SIGNATURE_INVALID (0xc0UL)
-#define CKR_SIGNATURE_LEN_RANGE (0xc1UL)
-#define CKR_TEMPLATE_INCOMPLETE (0xd0UL)
-#define CKR_TEMPLATE_INCONSISTENT (0xd1UL)
-#define CKR_TOKEN_NOT_PRESENT (0xe0UL)
-#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL)
-#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL)
-#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL)
-#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL)
-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL)
-#define CKR_USER_ALREADY_LOGGED_IN (0x100UL)
-#define CKR_USER_NOT_LOGGED_IN (0x101UL)
-#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL)
-#define CKR_USER_TYPE_INVALID (0x103UL)
-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL)
-#define CKR_USER_TOO_MANY_TYPES (0x105UL)
-#define CKR_WRAPPED_KEY_INVALID (0x110UL)
-#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL)
-#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL)
-#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL)
-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL)
-#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL)
-#define CKR_RANDOM_NO_RNG (0x121UL)
-#define CKR_DOMAIN_PARAMS_INVALID (0x130UL)
-#define CKR_BUFFER_TOO_SMALL (0x150UL)
-#define CKR_SAVED_STATE_INVALID (0x160UL)
-#define CKR_INFORMATION_SENSITIVE (0x170UL)
-#define CKR_STATE_UNSAVEABLE (0x180UL)
-#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL)
-#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL)
-#define CKR_MUTEX_BAD (0x1a0UL)
-#define CKR_MUTEX_NOT_LOCKED (0x1a1UL)
-#define CKR_FUNCTION_REJECTED (0x200UL)
-#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31))
-
-
-
-/* Compatibility layer. */
-
-#ifdef CRYPTOKI_COMPAT
-
-#undef CK_DEFINE_FUNCTION
-#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name
-
-/* For NULL. */
-#include <stddef.h>
-
-typedef unsigned char CK_BYTE;
-typedef unsigned char CK_CHAR;
-typedef unsigned char CK_UTF8CHAR;
-typedef unsigned char CK_BBOOL;
-typedef unsigned long int CK_ULONG;
-typedef long int CK_LONG;
-typedef CK_BYTE *CK_BYTE_PTR;
-typedef CK_CHAR *CK_CHAR_PTR;
-typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
-typedef CK_ULONG *CK_ULONG_PTR;
-typedef void *CK_VOID_PTR;
-typedef void **CK_VOID_PTR_PTR;
-#define CK_FALSE 0
-#define CK_TRUE 1
-#ifndef CK_DISABLE_TRUE_FALSE
-#ifndef FALSE
-#define FALSE 0
-#endif
-#ifndef TRUE
-#define TRUE 1
-#endif
-#endif
-
-typedef struct ck_version CK_VERSION;
-typedef struct ck_version *CK_VERSION_PTR;
-
-typedef struct ck_info CK_INFO;
-typedef struct ck_info *CK_INFO_PTR;
-
-typedef ck_slot_id_t *CK_SLOT_ID_PTR;
-
-typedef struct ck_slot_info CK_SLOT_INFO;
-typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
-
-typedef struct ck_token_info CK_TOKEN_INFO;
-typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
-
-typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
-
-typedef struct ck_session_info CK_SESSION_INFO;
-typedef struct ck_session_info *CK_SESSION_INFO_PTR;
-
-typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
-
-typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
-
-typedef struct ck_attribute CK_ATTRIBUTE;
-typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
-
-typedef struct ck_date CK_DATE;
-typedef struct ck_date *CK_DATE_PTR;
-
-typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
-
-typedef struct ck_mechanism CK_MECHANISM;
-typedef struct ck_mechanism *CK_MECHANISM_PTR;
-
-typedef struct ck_mechanism_info CK_MECHANISM_INFO;
-typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
-
-typedef struct ck_function_list CK_FUNCTION_LIST;
-typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
-typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
-
-typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
-typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
-
-#define NULL_PTR NULL
-
-/* Delete the helper macros defined at the top of the file. */
-#undef ck_flags_t
-#undef ck_version
-
-#undef ck_info
-#undef cryptoki_version
-#undef manufacturer_id
-#undef library_description
-#undef library_version
-
-#undef ck_notification_t
-#undef ck_slot_id_t
-
-#undef ck_slot_info
-#undef slot_description
-#undef hardware_version
-#undef firmware_version
-
-#undef ck_token_info
-#undef serial_number
-#undef max_session_count
-#undef session_count
-#undef max_rw_session_count
-#undef rw_session_count
-#undef max_pin_len
-#undef min_pin_len
-#undef total_public_memory
-#undef free_public_memory
-#undef total_private_memory
-#undef free_private_memory
-#undef utc_time
-
-#undef ck_session_handle_t
-#undef ck_user_type_t
-#undef ck_state_t
-
-#undef ck_session_info
-#undef slot_id
-#undef device_error
-
-#undef ck_object_handle_t
-#undef ck_object_class_t
-#undef ck_hw_feature_type_t
-#undef ck_key_type_t
-#undef ck_certificate_type_t
-#undef ck_attribute_type_t
-
-#undef ck_attribute
-#undef value
-#undef value_len
-
-#undef ck_date
-
-#undef ck_mechanism_type_t
-
-#undef ck_mechanism
-#undef parameter
-#undef parameter_len
-
-#undef ck_mechanism_info
-#undef min_key_size
-#undef max_key_size
-
-#undef ck_rv_t
-#undef ck_notify_t
-
-#undef ck_function_list
-
-#undef ck_createmutex_t
-#undef ck_destroymutex_t
-#undef ck_lockmutex_t
-#undef ck_unlockmutex_t
-
-#undef ck_c_initialize_args
-#undef create_mutex
-#undef destroy_mutex
-#undef lock_mutex
-#undef unlock_mutex
-#undef reserved
-
-#endif /* CRYPTOKI_COMPAT */
-
-
-/* System dependencies. */
-#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
-#pragma pack(pop, cryptoki)
-#endif
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* PKCS11_H */
diff --git a/common/pkcs11i.h b/common/pkcs11i.h
deleted file mode 100644
index d9e3ffc..0000000
--- a/common/pkcs11i.h
+++ /dev/null
@@ -1,505 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef PKCS11_I_H_
-#define PKCS11_I_H_ 1
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-/* -------------------------------------------------------------------
- * TRUST ASSERTIONS
- *
- * These are retired and should not be used in new code
- */
-
-#define CKO_X_TRUST_ASSERTION (CKO_X_VENDOR + 100)
-#define CKA_X_ASSERTION_TYPE (CKA_X_VENDOR + 1)
-#define CKA_X_CERTIFICATE_VALUE (CKA_X_VENDOR + 2)
-#define CKA_X_PURPOSE (CKA_X_VENDOR + 3)
-#define CKA_X_PEER (CKA_X_VENDOR + 4)
-typedef CK_ULONG CK_X_ASSERTION_TYPE;
-#define CKT_X_DISTRUSTED_CERTIFICATE 1UL
-#define CKT_X_PINNED_CERTIFICATE 2UL
-#define CKT_X_ANCHORED_CERTIFICATE 3UL
-
-/* -------------------------------------------------------------------
- * Other deprecated definitions
- */
-#define CKA_X_CRITICAL (CKA_X_VENDOR + 101)
-
-/* -------------------------------------------------------------------
- * SUBCLASSABLE PKCS#11 FUNCTIONS
- */
-
-typedef struct _CK_X_FUNCTION_LIST CK_X_FUNCTION_LIST;
-
-typedef CK_RV (* CK_X_Initialize) (CK_X_FUNCTION_LIST *,
- CK_VOID_PTR);
-
-typedef CK_RV (* CK_X_Finalize) (CK_X_FUNCTION_LIST *,
- CK_VOID_PTR);
-
-typedef CK_RV (* CK_X_GetInfo) (CK_X_FUNCTION_LIST *,
- CK_INFO_PTR);
-
-typedef CK_RV (* CK_X_GetSlotList) (CK_X_FUNCTION_LIST *,
- CK_BBOOL,
- CK_SLOT_ID_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_GetSlotInfo) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_SLOT_INFO_PTR);
-
-typedef CK_RV (* CK_X_GetTokenInfo) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_TOKEN_INFO_PTR);
-
-typedef CK_RV (* CK_X_GetMechanismList) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_MECHANISM_TYPE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_GetMechanismInfo) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_MECHANISM_TYPE,
- CK_MECHANISM_INFO_PTR);
-
-typedef CK_RV (* CK_X_InitToken) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR);
-
-typedef CK_RV (* CK_X_InitPIN) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_SetPIN) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_OpenSession) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID,
- CK_FLAGS,
- CK_VOID_PTR,
- CK_NOTIFY,
- CK_SESSION_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_CloseSession) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE);
-
-typedef CK_RV (* CK_X_CloseAllSessions) (CK_X_FUNCTION_LIST *,
- CK_SLOT_ID);
-
-typedef CK_RV (* CK_X_GetSessionInfo) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_SESSION_INFO_PTR);
-
-typedef CK_RV (* CK_X_GetOperationState) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SetOperationState) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Login) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_USER_TYPE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_Logout) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE);
-
-typedef CK_RV (* CK_X_CreateObject) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_CopyObject) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_DestroyObject) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_GetObjectSize) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_GetAttributeValue) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_SetAttributeValue) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_FindObjectsInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_FindObjects) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE_PTR,
- CK_ULONG,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_FindObjectsFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE);
-
-typedef CK_RV (* CK_X_EncryptInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Encrypt) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_EncryptUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_EncryptFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Decrypt) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DigestInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR);
-
-typedef CK_RV (* CK_X_Digest) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DigestUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_DigestKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_DigestFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SignInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Sign) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SignUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_SignFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SignRecoverInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_SignRecover) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_VerifyInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_Verify) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_VerifyUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_VerifyFinal) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_VerifyRecoverInit) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE);
-
-typedef CK_RV (* CK_X_VerifyRecover) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DigestEncryptUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptDigestUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_SignEncryptUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_DecryptVerifyUpdate) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_GenerateKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_GenerateKeyPair) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_WrapKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE,
- CK_OBJECT_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG_PTR);
-
-typedef CK_RV (* CK_X_UnwrapKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_DeriveKey) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_MECHANISM_PTR,
- CK_OBJECT_HANDLE,
- CK_ATTRIBUTE_PTR,
- CK_ULONG,
- CK_OBJECT_HANDLE_PTR);
-
-typedef CK_RV (* CK_X_SeedRandom) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_GenerateRandom) (CK_X_FUNCTION_LIST *,
- CK_SESSION_HANDLE,
- CK_BYTE_PTR,
- CK_ULONG);
-
-typedef CK_RV (* CK_X_WaitForSlotEvent) (CK_X_FUNCTION_LIST *,
- CK_FLAGS,
- CK_SLOT_ID_PTR,
- CK_VOID_PTR);
-
-struct _CK_X_FUNCTION_LIST {
- CK_VERSION version;
- CK_X_Initialize C_Initialize;
- CK_X_Finalize C_Finalize;
- CK_X_GetInfo C_GetInfo;
- CK_X_GetSlotList C_GetSlotList;
- CK_X_GetSlotInfo C_GetSlotInfo;
- CK_X_GetTokenInfo C_GetTokenInfo;
- CK_X_GetMechanismList C_GetMechanismList;
- CK_X_GetMechanismInfo C_GetMechanismInfo;
- CK_X_InitToken C_InitToken;
- CK_X_InitPIN C_InitPIN;
- CK_X_SetPIN C_SetPIN;
- CK_X_OpenSession C_OpenSession;
- CK_X_CloseSession C_CloseSession;
- CK_X_CloseAllSessions C_CloseAllSessions;
- CK_X_GetSessionInfo C_GetSessionInfo;
- CK_X_GetOperationState C_GetOperationState;
- CK_X_SetOperationState C_SetOperationState;
- CK_X_Login C_Login;
- CK_X_Logout C_Logout;
- CK_X_CreateObject C_CreateObject;
- CK_X_CopyObject C_CopyObject;
- CK_X_DestroyObject C_DestroyObject;
- CK_X_GetObjectSize C_GetObjectSize;
- CK_X_GetAttributeValue C_GetAttributeValue;
- CK_X_SetAttributeValue C_SetAttributeValue;
- CK_X_FindObjectsInit C_FindObjectsInit;
- CK_X_FindObjects C_FindObjects;
- CK_X_FindObjectsFinal C_FindObjectsFinal;
- CK_X_EncryptInit C_EncryptInit;
- CK_X_Encrypt C_Encrypt;
- CK_X_EncryptUpdate C_EncryptUpdate;
- CK_X_EncryptFinal C_EncryptFinal;
- CK_X_DecryptInit C_DecryptInit;
- CK_X_Decrypt C_Decrypt;
- CK_X_DecryptUpdate C_DecryptUpdate;
- CK_X_DecryptFinal C_DecryptFinal;
- CK_X_DigestInit C_DigestInit;
- CK_X_Digest C_Digest;
- CK_X_DigestUpdate C_DigestUpdate;
- CK_X_DigestKey C_DigestKey;
- CK_X_DigestFinal C_DigestFinal;
- CK_X_SignInit C_SignInit;
- CK_X_Sign C_Sign;
- CK_X_SignUpdate C_SignUpdate;
- CK_X_SignFinal C_SignFinal;
- CK_X_SignRecoverInit C_SignRecoverInit;
- CK_X_SignRecover C_SignRecover;
- CK_X_VerifyInit C_VerifyInit;
- CK_X_Verify C_Verify;
- CK_X_VerifyUpdate C_VerifyUpdate;
- CK_X_VerifyFinal C_VerifyFinal;
- CK_X_VerifyRecoverInit C_VerifyRecoverInit;
- CK_X_VerifyRecover C_VerifyRecover;
- CK_X_DigestEncryptUpdate C_DigestEncryptUpdate;
- CK_X_DecryptDigestUpdate C_DecryptDigestUpdate;
- CK_X_SignEncryptUpdate C_SignEncryptUpdate;
- CK_X_DecryptVerifyUpdate C_DecryptVerifyUpdate;
- CK_X_GenerateKey C_GenerateKey;
- CK_X_GenerateKeyPair C_GenerateKeyPair;
- CK_X_WrapKey C_WrapKey;
- CK_X_UnwrapKey C_UnwrapKey;
- CK_X_DeriveKey C_DeriveKey;
- CK_X_SeedRandom C_SeedRandom;
- CK_X_GenerateRandom C_GenerateRandom;
- CK_X_WaitForSlotEvent C_WaitForSlotEvent;
-};
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* PKCS11_X_H_ */
diff --git a/common/pkcs11x.h b/common/pkcs11x.h
deleted file mode 100644
index 4a89f73..0000000
--- a/common/pkcs11x.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef PKCS11_X_H_
-#define PKCS11_X_H_ 1
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-/* -------------------------------------------------------------------
- * NSS TRUST OBJECTS
- *
- * And related, non-standard
- */
-
-/* Define this if you want the NSS specific symbols */
-#define CRYPTOKI_NSS_VENDOR_DEFINED 1
-#ifdef CRYPTOKI_NSS_VENDOR_DEFINED
-
-/* Various NSS objects */
-#define CKO_NSS_CRL 0xce534351UL
-#define CKO_NSS_SMIME 0xce534352UL
-#define CKO_NSS_TRUST 0xce534353UL
-#define CKO_NSS_BUILTIN_ROOT_LIST 0xce534354UL
-#define CKO_NSS_NEWSLOT 0xce534355UL
-#define CKO_NSS_DELSLOT 0xce534356UL
-
-/* Various NSS key types */
-#define CKK_NSS_PKCS8 0xce534351UL
-
-/* Various NSS attributes */
-#define CKA_NSS_URL 0xce534351UL
-#define CKA_NSS_EMAIL 0xce534352UL
-#define CKA_NSS_SMIME_INFO 0xce534353UL
-#define CKA_NSS_SMIME_TIMESTAMP 0xce534354UL
-#define CKA_NSS_PKCS8_SALT 0xce534355UL
-#define CKA_NSS_PASSWORD_CHECK 0xce534356UL
-#define CKA_NSS_EXPIRES 0xce534357UL
-#define CKA_NSS_KRL 0xce534358UL
-#define CKA_NSS_PQG_COUNTER 0xce534364UL
-#define CKA_NSS_PQG_SEED 0xce534365UL
-#define CKA_NSS_PQG_H 0xce534366UL
-#define CKA_NSS_PQG_SEED_BITS 0xce534367UL
-#define CKA_NSS_MODULE_SPEC 0xce534368UL
-
-/* NSS trust attributes */
-#define CKA_TRUST_DIGITAL_SIGNATURE 0xce536351UL
-#define CKA_TRUST_NON_REPUDIATION 0xce536352UL
-#define CKA_TRUST_KEY_ENCIPHERMENT 0xce536353UL
-#define CKA_TRUST_DATA_ENCIPHERMENT 0xce536354UL
-#define CKA_TRUST_KEY_AGREEMENT 0xce536355UL
-#define CKA_TRUST_KEY_CERT_SIGN 0xce536356UL
-#define CKA_TRUST_CRL_SIGN 0xce536357UL
-#define CKA_TRUST_SERVER_AUTH 0xce536358UL
-#define CKA_TRUST_CLIENT_AUTH 0xce536359UL
-#define CKA_TRUST_CODE_SIGNING 0xce53635aUL
-#define CKA_TRUST_EMAIL_PROTECTION 0xce53635bUL
-#define CKA_TRUST_IPSEC_END_SYSTEM 0xce53635cUL
-#define CKA_TRUST_IPSEC_TUNNEL 0xce53635dUL
-#define CKA_TRUST_IPSEC_USER 0xce53635eUL
-#define CKA_TRUST_TIME_STAMPING 0xce53635fUL
-#define CKA_TRUST_STEP_UP_APPROVED 0xce536360UL
-#define CKA_CERT_SHA1_HASH 0xce5363b4UL
-#define CKA_CERT_MD5_HASH 0xce5363b5UL
-
-/* NSS trust values */
-typedef CK_ULONG CK_TRUST;
-#define CKT_NSS_TRUSTED 0xce534351UL
-#define CKT_NSS_TRUSTED_DELEGATOR 0xce534352UL
-#define CKT_NSS_MUST_VERIFY_TRUST 0xce534353UL
-#define CKT_NSS_NOT_TRUSTED 0xce53435AUL
-#define CKT_NSS_TRUST_UNKNOWN 0xce534355UL
-#define CKT_NSS_VALID_DELEGATOR 0xce53435BUL
-
-/* NSS specific mechanisms */
-#define CKM_NSS_AES_KEY_WRAP 0xce534351UL
-#define CKM_NSS_AES_KEY_WRAP_PAD 0xce534352UL
-
-/* NSS specific return values */
-#define CKR_NSS_CERTDB_FAILED 0xce534351UL
-#define CKR_NSS_KEYDB_FAILED 0xce534352UL
-
-#endif /* CRYPTOKI_NSS_VENDOR_DEFINED */
-
-/* Define this if you want the vendor specific symbols */
-#define CRYPTOKI_X_VENDOR_DEFINED 1
-#ifdef CRYPTOKI_X_VENDOR_DEFINED
-
-#define CKA_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL)
-#define CKO_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL)
-
-/* -------------------------------------------------------------------
- * BLACKLISTS
- */
-
-#define CKA_X_DISTRUSTED (CKA_X_VENDOR + 100)
-
-/* -------------------------------------------------------------------
- * CERTIFICATE EXTENSIONS
- *
- * For attaching certificate extensions to certificates
- */
-
-#define CKO_X_CERTIFICATE_EXTENSION (CKO_X_VENDOR + 200)
-
-/* From the 2.40 draft */
-#ifndef CKA_PUBLIC_KEY_INFO
-#define CKA_PUBLIC_KEY_INFO 0x00000129UL
-#endif
-
-#endif /* CRYPTOKI_X_VENDOR_DEFINED */
-
-#if defined(__cplusplus)
-}
-#endif
-
-#endif /* PKCS11_X_H_ */
diff --git a/common/test-array.c b/common/test-array.c
deleted file mode 100644
index 695917a..0000000
--- a/common/test-array.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "array.h"
-#include "test.h"
-
-static void
-test_create (void)
-{
- p11_array *array;
-
- array = p11_array_new (NULL);
- assert_ptr_not_null (array);
- p11_array_free (array);
-}
-
-static void
-test_free_null (void)
-{
- p11_array_free (NULL);
-}
-
-static void
-destroy_value (void *data)
-{
- int *value = data;
- *value = 2;
-}
-
-static void
-test_free_destroys (void)
-{
- p11_array *array;
- int value = 0;
-
- array = p11_array_new (destroy_value);
- assert_ptr_not_null (array);
- if (!p11_array_push (array, &value))
- assert_not_reached ();
- p11_array_free (array);
-
- assert_num_eq (2, value);
-}
-
-static void
-test_add (void)
-{
- char *value = "VALUE";
- p11_array *array;
-
- array = p11_array_new (NULL);
- if (!p11_array_push (array, value))
- assert_not_reached ();
-
- assert_num_eq (1, array->num);
- assert_ptr_eq (array->elem[0], value);
-
- p11_array_free (array);
-}
-
-static void
-test_add_remove (void)
-{
- char *value = "VALUE";
- p11_array *array;
-
- array = p11_array_new (NULL);
- if (!p11_array_push (array, value))
- assert_not_reached ();
-
- assert_num_eq (1, array->num);
-
- assert_ptr_eq (array->elem[0], value);
-
- p11_array_remove (array, 0);
-
- assert_num_eq (0, array->num);
-
- p11_array_free (array);
-}
-
-static void
-test_remove_destroys (void)
-{
- p11_array *array;
- int value = 0;
-
- array = p11_array_new (destroy_value);
- if (!p11_array_push (array, &value))
- assert_not_reached ();
-
- p11_array_remove (array, 0);
-
- assert_num_eq (2, value);
-
- /* should not be destroyed again */
- value = 0;
-
- p11_array_free (array);
-
- assert_num_eq (0, value);
-}
-
-static void
-test_remove_and_count (void)
-{
- p11_array *array;
- int *value;
- int i;
-
- array = p11_array_new (free);
-
- assert_num_eq (0, array->num);
-
- for (i = 0; i < 20000; ++i) {
- value = malloc (sizeof (int));
- assert (value != NULL);
- *value = i;
- if (!p11_array_push (array, value))
- assert_not_reached ();
- assert_num_eq (i + 1, array->num);
- }
-
- for (i = 10; i < 20000; ++i) {
- p11_array_remove (array, 10);
- assert_num_eq (20010 - (i + 1), array->num);
- }
-
- assert_num_eq (10, array->num);
-
- p11_array_free (array);
-}
-
-static void
-test_clear_destroys (void)
-{
- p11_array *array;
- int value = 0;
-
- array = p11_array_new (destroy_value);
- if (!p11_array_push (array, &value))
- assert_not_reached ();
-
- assert_num_eq (1, array->num);
-
- p11_array_clear (array);
-
- assert_num_eq (2, value);
- assert_num_eq (0, array->num);
-
- /* should not be destroyed again */
- value = 0;
-
- p11_array_free (array);
-
- assert_num_eq (0, value);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_create, "/array/create");
- p11_test (test_add, "/array/add");
- p11_test (test_add_remove, "/array/add-remove");
- p11_test (test_remove_destroys, "/array/remove-destroys");
- p11_test (test_remove_and_count, "/array/remove-and-count");
- p11_test (test_free_null, "/array/free-null");
- p11_test (test_free_destroys, "/array/free-destroys");
- p11_test (test_clear_destroys, "/array/clear-destroys");
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-attrs.c b/common/test-attrs.c
deleted file mode 100644
index 79895e2..0000000
--- a/common/test-attrs.c
+++ /dev/null
@@ -1,757 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "debug.h"
-
-static void
-test_terminator (void)
-{
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_LABEL, NULL, 0 },
- { CKA_INVALID },
- };
-
- assert_num_eq (true, p11_attrs_terminator (attrs + 2));
- assert_num_eq (true, p11_attrs_terminator (NULL));
- assert_num_eq (false, p11_attrs_terminator (attrs));
- assert_num_eq (false, p11_attrs_terminator (attrs + 1));
-}
-
-static void
-test_count (void)
-{
- CK_BBOOL vtrue = CK_TRUE;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE empty[] = {
- { CKA_INVALID },
- };
-
- assert_num_eq (2, p11_attrs_count (attrs));
- assert_num_eq (0, p11_attrs_count (NULL));
- assert_num_eq (0, p11_attrs_count (empty));
-}
-
-static void
-test_build_one (void)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 };
-
- attrs = p11_attrs_build (NULL, &add, NULL);
-
- /* Test the first attribute */
- assert_ptr_not_null (attrs);
- assert (attrs->type == CKA_LABEL);
- assert_num_eq (3, attrs->ulValueLen);
- assert (memcmp (attrs->pValue, "yay", 3) == 0);
-
- assert (attrs[1].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_build_two (void)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 };
- CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 };
-
- attrs = p11_attrs_build (NULL, &one, &two, NULL);
-
- assert_ptr_not_null (attrs);
- assert (attrs[0].type == CKA_LABEL);
- assert_num_eq (3, attrs[0].ulValueLen);
- assert (memcmp (attrs[0].pValue, "yay", 3) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[1].type == CKA_VALUE);
- assert_num_eq (5, attrs[1].ulValueLen);
- assert (memcmp (attrs[1].pValue, "eight", 5) == 0);
-
- assert (attrs[2].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_build_invalid (void)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 };
- CK_ATTRIBUTE invalid = { CKA_INVALID };
- CK_ATTRIBUTE two = { CKA_VALUE, "eight", 5 };
-
- attrs = p11_attrs_build (NULL, &one, &invalid, &two, NULL);
-
- assert_ptr_not_null (attrs);
- assert (attrs[0].type == CKA_LABEL);
- assert_num_eq (3, attrs[0].ulValueLen);
- assert (memcmp (attrs[0].pValue, "yay", 3) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[1].type == CKA_VALUE);
- assert_num_eq (5, attrs[1].ulValueLen);
- assert (memcmp (attrs[1].pValue, "eight", 5) == 0);
-
- assert (attrs[2].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_buildn_two (void)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE add[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 }
- };
-
- attrs = p11_attrs_buildn (NULL, add, 2);
-
- /* Test the first attribute */
- assert_ptr_not_null (attrs);
- assert (attrs->type == CKA_LABEL);
- assert_num_eq (3, attrs->ulValueLen);
- assert (memcmp (attrs->pValue, "yay", 3) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[1].type == CKA_VALUE);
- assert_num_eq (5, attrs[1].ulValueLen);
- assert (memcmp (attrs[1].pValue, "eight", 5) == 0);
-
- assert (attrs[2].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_buildn_one (void)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 };
-
- attrs = p11_attrs_buildn (NULL, &add, 1);
-
- /* Test the first attribute */
- assert_ptr_not_null (attrs);
- assert (attrs->type == CKA_LABEL);
- assert_num_eq (3, attrs->ulValueLen);
- assert (memcmp (attrs->pValue, "yay", 3) == 0);
-
- assert (attrs[1].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_build_add (void)
-{
- CK_ATTRIBUTE initial[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_VALUE, "nine", 4 },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 };
- CK_ATTRIBUTE two = { CKA_TOKEN, "\x01", 1 };
-
- attrs = p11_attrs_buildn (NULL, initial, 2);
- attrs = p11_attrs_build (attrs, &one, &two, NULL);
-
- assert_ptr_not_null (attrs);
- assert (attrs[0].type == CKA_LABEL);
- assert_num_eq (3, attrs[0].ulValueLen);
- assert (memcmp (attrs[0].pValue, "yay", 3) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[1].type == CKA_VALUE);
- assert_num_eq (4, attrs[1].ulValueLen);
- assert (memcmp (attrs[1].pValue, "nine", 4) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[2].type == CKA_TOKEN);
- assert_num_eq (1, attrs[2].ulValueLen);
- assert (memcmp (attrs[2].pValue, "\x01", 1) == 0);
-
- assert (attrs[3].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_build_null (void)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE add = { CKA_LABEL, NULL, (CK_ULONG)-1 };
-
- attrs = p11_attrs_build (NULL, &add, NULL);
-
- /* Test the first attribute */
- assert_ptr_not_null (attrs);
- assert (attrs->type == CKA_LABEL);
- assert (attrs->ulValueLen == (CK_ULONG)-1);
- assert_ptr_eq (NULL, attrs->pValue);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_dup (void)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- attrs = p11_attrs_dup (original);
-
- /* Test the first attribute */
- assert_ptr_not_null (attrs);
- assert (attrs->type == CKA_LABEL);
- assert_num_eq (3, attrs->ulValueLen);
- assert (memcmp (attrs->pValue, "yay", 3) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[1].type == CKA_VALUE);
- assert_num_eq (5, attrs[1].ulValueLen);
- assert (memcmp (attrs[1].pValue, "eight", 5) == 0);
-
- assert (attrs[2].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_take (void)
-{
- CK_ATTRIBUTE initial[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_VALUE, "nine", 4 },
- };
-
- CK_ATTRIBUTE *attrs;
-
- attrs = p11_attrs_buildn (NULL, initial, 2);
- attrs = p11_attrs_take (attrs, CKA_LABEL, strdup ("boooyah"), 7);
- attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1);
- assert_ptr_not_null (attrs);
-
- assert (attrs[0].type == CKA_LABEL);
- assert_num_eq (7, attrs[0].ulValueLen);
- assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[1].type == CKA_VALUE);
- assert_num_eq (4, attrs[1].ulValueLen);
- assert (memcmp (attrs[1].pValue, "nine", 4) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[2].type == CKA_TOKEN);
- assert_num_eq (1, attrs[2].ulValueLen);
- assert (memcmp (attrs[2].pValue, "\x01", 1) == 0);
-
- assert (attrs[3].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-
-static void
-test_merge_replace (void)
-{
- CK_ATTRIBUTE initial[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_VALUE, "nine", 4 },
- };
-
- CK_ATTRIBUTE extra[] = {
- { CKA_LABEL, "boooyah", 7 },
- { CKA_APPLICATION, "disco", 5 },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
-
- attrs = p11_attrs_buildn (NULL, initial, 2);
- merge = p11_attrs_buildn (NULL, extra, 2);
- attrs = p11_attrs_merge (attrs, merge, true);
- assert_ptr_not_null (attrs);
-
- assert (attrs[0].type == CKA_LABEL);
- assert_num_eq (7, attrs[0].ulValueLen);
- assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[1].type == CKA_VALUE);
- assert_num_eq (4, attrs[1].ulValueLen);
- assert (memcmp (attrs[1].pValue, "nine", 4) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[2].type == CKA_APPLICATION);
- assert_num_eq (5, attrs[2].ulValueLen);
- assert (memcmp (attrs[2].pValue, "disco", 5) == 0);
-
- assert (attrs[3].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_merge_empty (void)
-{
- CK_ATTRIBUTE extra[] = {
- { CKA_LABEL, "boooyah", 7 },
- { CKA_APPLICATION, "disco", 5 },
- };
-
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *merge;
-
- merge = p11_attrs_buildn (NULL, extra, 2);
- attrs = p11_attrs_merge (attrs, merge, true);
- assert_ptr_not_null (attrs);
- assert_ptr_eq (merge, attrs);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_merge_augment (void)
-{
- CK_ATTRIBUTE initial[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_VALUE, "nine", 4 },
- };
-
- CK_ATTRIBUTE extra[] = {
- { CKA_LABEL, "boooyah", 7 },
- { CKA_APPLICATION, "disco", 5 },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
-
- attrs = p11_attrs_buildn (NULL, initial, 2);
- merge = p11_attrs_buildn (NULL, extra, 2);
- attrs = p11_attrs_merge (attrs, merge, false);
- assert_ptr_not_null (attrs);
-
- assert (attrs[0].type == CKA_LABEL);
- assert_num_eq (5, attrs[0].ulValueLen);
- assert (memcmp (attrs[0].pValue, "label", 5) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[1].type == CKA_VALUE);
- assert_num_eq (4, attrs[1].ulValueLen);
- assert (memcmp (attrs[1].pValue, "nine", 4) == 0);
-
- assert_ptr_not_null (attrs);
- assert (attrs[2].type == CKA_APPLICATION);
- assert_num_eq (5, attrs[2].ulValueLen);
- assert (memcmp (attrs[2].pValue, "disco", 5) == 0);
-
- assert (attrs[3].type == CKA_INVALID);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_free_null (void)
-{
- p11_attrs_free (NULL);
-}
-
-static void
-test_equal (void)
-{
- char *data = "extra attribute";
- CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 };
- CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 };
- CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 };
- CK_ATTRIBUTE other = { CKA_VALUE, data, 5 };
- CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 };
- CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 };
-
- assert (p11_attr_equal (&one, &one));
- assert (!p11_attr_equal (&one, NULL));
- assert (!p11_attr_equal (NULL, &one));
- assert (!p11_attr_equal (&one, &two));
- assert (!p11_attr_equal (&two, &other));
- assert (p11_attr_equal (&other, &overflow));
- assert (!p11_attr_equal (&one, &null));
- assert (!p11_attr_equal (&one, &null));
- assert (!p11_attr_equal (&other, &content));
-}
-
-static void
-test_hash (void)
-{
- char *data = "extra attribute";
- CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 };
- CK_ATTRIBUTE null = { CKA_LABEL, NULL, 3 };
- CK_ATTRIBUTE two = { CKA_VALUE, "yay", 3 };
- CK_ATTRIBUTE other = { CKA_VALUE, data, 5 };
- CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 };
- CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 };
- unsigned int hash;
-
- hash = p11_attr_hash (&one);
- assert (hash != 0);
-
- assert (p11_attr_hash (&one) == hash);
- assert (p11_attr_hash (&two) != hash);
- assert (p11_attr_hash (&other) != hash);
- assert (p11_attr_hash (&overflow) != hash);
- assert (p11_attr_hash (&null) != hash);
- assert (p11_attr_hash (&content) != hash);
-
- hash = p11_attr_hash (NULL);
- assert (hash == 0);
-}
-
-static void
-test_to_string (void)
-{
- char *data = "extra attribute";
- CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 };
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, data, 5 },
- { CKA_INVALID },
- };
-
- char *string;
-
-
- string = p11_attr_to_string (&one, CKA_INVALID);
- assert_str_eq ("{ CKA_LABEL = (3) \"yay\" }", string);
- free (string);
-
- string = p11_attrs_to_string (attrs, -1);
- assert_str_eq ("(2) [ { CKA_LABEL = (3) \"yay\" }, { CKA_VALUE = (5) NOT-PRINTED } ]", string);
- free (string);
-
- string = p11_attrs_to_string (attrs, 1);
- assert_str_eq ("(1) [ { CKA_LABEL = (3) \"yay\" } ]", string);
- free (string);
-}
-
-static void
-test_find (void)
-{
- CK_BBOOL vtrue = CK_TRUE;
- CK_ATTRIBUTE *attr;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_INVALID },
- };
-
- attr = p11_attrs_find (attrs, CKA_LABEL);
- assert_ptr_eq (attrs + 0, attr);
-
- attr = p11_attrs_find (attrs, CKA_TOKEN);
- assert_ptr_eq (attrs + 1, attr);
-
- attr = p11_attrs_find (attrs, CKA_VALUE);
- assert_ptr_eq (NULL, attr);
-}
-
-static void
-test_findn (void)
-{
- CK_BBOOL vtrue = CK_TRUE;
- CK_ATTRIBUTE *attr;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- };
-
- attr = p11_attrs_findn (attrs, 2, CKA_LABEL);
- assert_ptr_eq (attrs + 0, attr);
-
- attr = p11_attrs_findn (attrs, 2, CKA_TOKEN);
- assert_ptr_eq (attrs + 1, attr);
-
- attr = p11_attrs_findn (attrs, 2, CKA_VALUE);
- assert_ptr_eq (NULL, attr);
-
- attr = p11_attrs_findn (attrs, 1, CKA_TOKEN);
- assert_ptr_eq (NULL, attr);
-}
-
-static void
-test_remove (void)
-{
- CK_BBOOL vtrue = CK_TRUE;
- CK_ATTRIBUTE *attr;
- CK_ATTRIBUTE *attrs;
- CK_BBOOL ret;
-
- CK_ATTRIBUTE initial[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- };
-
- attrs = p11_attrs_buildn (NULL, initial, 2);
- assert_ptr_not_null (attrs);
-
- attr = p11_attrs_find (attrs, CKA_LABEL);
- assert_ptr_eq (attrs + 0, attr);
-
- ret = p11_attrs_remove (attrs, CKA_LABEL);
- assert_num_eq (CK_TRUE, ret);
-
- attr = p11_attrs_find (attrs, CKA_LABEL);
- assert_ptr_eq (NULL, attr);
-
- ret = p11_attrs_remove (attrs, CKA_LABEL);
- assert_num_eq (CK_FALSE, ret);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_match (void)
-{
- CK_BBOOL vtrue = CK_TRUE;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE subset[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE different[] = {
- { CKA_LABEL, "other", 5 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE extra[] = {
- { CKA_VALUE, "the value", 9 },
- { CKA_LABEL, "other", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_INVALID },
- };
-
- assert (p11_attrs_match (attrs, attrs));
- assert (p11_attrs_match (attrs, subset));
- assert (!p11_attrs_match (attrs, different));
- assert (!p11_attrs_match (attrs, extra));
-}
-
-static void
-test_matchn (void)
-{
- CK_BBOOL vtrue = CK_TRUE;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "label", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE subset[] = {
- { CKA_LABEL, "label", 5 },
- };
-
- CK_ATTRIBUTE different[] = {
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_LABEL, "other", 5 },
- };
-
- CK_ATTRIBUTE extra[] = {
- { CKA_VALUE, "the value", 9 },
- { CKA_LABEL, "other", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- };
-
- assert (p11_attrs_matchn (attrs, subset, 1));
- assert (!p11_attrs_matchn (attrs, different, 2));
- assert (!p11_attrs_matchn (attrs, extra, 3));
-}
-
-static void
-test_find_bool (void)
-{
- CK_BBOOL vtrue = CK_TRUE;
- CK_BBOOL vfalse = CK_FALSE;
- CK_BBOOL value;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "\x01yy", 3 },
- { CKA_VALUE, &vtrue, (CK_ULONG)-1 },
- { CKA_TOKEN, &vtrue, sizeof (CK_BBOOL) },
- { CKA_TOKEN, &vfalse, sizeof (CK_BBOOL) },
- { CKA_INVALID },
- };
-
- assert (p11_attrs_find_bool (attrs, CKA_TOKEN, &value) && value == CK_TRUE);
- assert (!p11_attrs_find_bool (attrs, CKA_LABEL, &value));
- assert (!p11_attrs_find_bool (attrs, CKA_VALUE, &value));
-}
-
-static void
-test_find_ulong (void)
-{
- CK_ULONG v33 = 33UL;
- CK_ULONG v45 = 45UL;
- CK_ULONG value;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, &v33, 2 },
- { CKA_VALUE, &v45, (CK_ULONG)-1 },
- { CKA_BITS_PER_PIXEL, &v33, sizeof (CK_ULONG) },
- { CKA_BITS_PER_PIXEL, &v45, sizeof (CK_ULONG) },
- { CKA_INVALID },
- };
-
- assert (p11_attrs_find_ulong (attrs, CKA_BITS_PER_PIXEL, &value) && value == v33);
- assert (!p11_attrs_find_ulong (attrs, CKA_LABEL, &value));
- assert (!p11_attrs_find_ulong (attrs, CKA_VALUE, &value));
-}
-
-static void
-test_find_value (void)
-{
- void *value;
- size_t length;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "", (CK_ULONG)-1 },
- { CKA_LABEL, NULL, 5 },
- { CKA_LABEL, "", 0 },
- { CKA_LABEL, "test", 4 },
- { CKA_VALUE, NULL, 0 },
- { CKA_INVALID },
- };
-
- value = p11_attrs_find_value (attrs, CKA_LABEL, &length);
- assert_ptr_eq (attrs[3].pValue, value);
- assert_num_eq (4, length);
-
- value = p11_attrs_find_value (attrs, CKA_LABEL, NULL);
- assert_ptr_eq (attrs[3].pValue, value);
-
- value = p11_attrs_find_value (attrs, CKA_VALUE, &length);
- assert_ptr_eq (NULL, value);
-
- value = p11_attrs_find_value (attrs, CKA_TOKEN, &length);
- assert_ptr_eq (NULL, value);
-}
-
-static void
-test_find_valid (void)
-{
- CK_ATTRIBUTE *attr;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "", (CK_ULONG)-1 },
- { CKA_LABEL, NULL, 5 },
- { CKA_LABEL, "", 0 },
- { CKA_LABEL, "test", 4 },
- { CKA_VALUE, "value", 5 },
- { CKA_INVALID },
- };
-
- attr = p11_attrs_find_valid (attrs, CKA_LABEL);
- assert_ptr_eq (attrs + 3, attr);
-
- attr = p11_attrs_find_valid (attrs, CKA_VALUE);
- assert_ptr_eq (attrs + 4, attr);
-
- attr = p11_attrs_find_valid (attrs, CKA_TOKEN);
- assert_ptr_eq (NULL, attr);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_equal, "/attrs/equal");
- p11_test (test_hash, "/attrs/hash");
- p11_test (test_to_string, "/attrs/to-string");
-
- p11_test (test_terminator, "/attrs/terminator");
- p11_test (test_count, "/attrs/count");
- p11_test (test_build_one, "/attrs/build-one");
- p11_test (test_build_two, "/attrs/build-two");
- p11_test (test_build_invalid, "/attrs/build-invalid");
- p11_test (test_buildn_one, "/attrs/buildn-one");
- p11_test (test_buildn_two, "/attrs/buildn-two");
- p11_test (test_build_add, "/attrs/build-add");
- p11_test (test_build_null, "/attrs/build-null");
- p11_test (test_dup, "/attrs/dup");
- p11_test (test_take, "/attrs/take");
- p11_test (test_merge_replace, "/attrs/merge-replace");
- p11_test (test_merge_augment, "/attrs/merge-augment");
- p11_test (test_merge_empty, "/attrs/merge-empty");
- p11_test (test_free_null, "/attrs/free-null");
- p11_test (test_match, "/attrs/match");
- p11_test (test_matchn, "/attrs/matchn");
- p11_test (test_find, "/attrs/find");
- p11_test (test_findn, "/attrs/findn");
- p11_test (test_find_bool, "/attrs/find-bool");
- p11_test (test_find_ulong, "/attrs/find-ulong");
- p11_test (test_find_value, "/attrs/find-value");
- p11_test (test_find_valid, "/attrs/find-valid");
- p11_test (test_remove, "/attrs/remove");
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-buffer.c b/common/test-buffer.c
deleted file mode 100644
index 4fd060d..0000000
--- a/common/test-buffer.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "debug.h"
-#include "buffer.h"
-
-static void
-test_init_uninit (void)
-{
- p11_buffer buffer;
-
- p11_buffer_init (&buffer, 10);
- assert_ptr_not_null (buffer.data);
- assert_num_eq (0, buffer.len);
- assert_num_eq (0, buffer.flags);
- assert (buffer.size >= 10);
- assert_ptr_not_null (buffer.ffree);
- assert_ptr_not_null (buffer.frealloc);
-
- p11_buffer_uninit (&buffer);
-}
-
-static void
-test_append (void)
-{
- p11_buffer buffer;
-
- p11_buffer_init (&buffer, 10);
- buffer.len = 5;
- p11_buffer_append (&buffer, 35);
- assert_num_eq (5 + 35, buffer.len);
- assert (buffer.size >= 35 + 5);
-
- p11_buffer_append (&buffer, 15);
- assert_num_eq (5 + 35 + 15, buffer.len);
- assert (buffer.size >= 5 + 35 + 15);
-
- p11_buffer_uninit (&buffer);
-}
-
-static void
-test_null (void)
-{
- p11_buffer buffer;
-
- p11_buffer_init_null (&buffer, 10);
- p11_buffer_add (&buffer, "Blah", -1);
- p11_buffer_add (&buffer, " blah", -1);
-
- assert_str_eq ("Blah blah", buffer.data);
-
- p11_buffer_uninit (&buffer);
-}
-
-static int mock_realloced = 0;
-static int mock_freed = 0;
-
-static void *
-mock_realloc (void *data,
- size_t size)
-{
- mock_realloced++;
- return realloc (data, size);
-}
-
-static void
-mock_free (void *data)
-{
- mock_freed++;
- free (data);
-}
-
-static void
-test_init_for_data (void)
-{
- p11_buffer buffer;
- unsigned char *ret;
- size_t len;
-
- mock_realloced = 0;
- mock_freed = 0;
-
- p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, 0,
- mock_realloc, mock_free);
-
- assert_ptr_not_null (buffer.data);
- assert_str_eq ("blah", (char *)buffer.data);
- assert_num_eq (4, buffer.len);
- assert_num_eq (0, buffer.flags);
- assert_num_eq (4, buffer.size);
- assert_ptr_eq (mock_free, buffer.ffree);
- assert_ptr_eq (mock_realloc, buffer.frealloc);
-
- assert_num_eq (0, mock_realloced);
- assert_num_eq (0, mock_freed);
-
- len = buffer.len;
- ret = p11_buffer_append (&buffer, 1024);
- assert_ptr_eq ((char *)buffer.data + len, ret);
- assert_num_eq (1, mock_realloced);
-
- p11_buffer_uninit (&buffer);
- assert_num_eq (1, mock_realloced);
- assert_num_eq (1, mock_freed);
-}
-
-static void
-test_steal (void)
-{
- p11_buffer buffer;
- char *string;
- size_t length;
-
- mock_freed = 0;
-
- p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4,
- P11_BUFFER_NULL, mock_realloc, mock_free);
-
- assert_ptr_not_null (buffer.data);
- assert_str_eq ("blah", buffer.data);
-
- p11_buffer_add (&buffer, " yada", -1);
- assert_str_eq ("blah yada", buffer.data);
-
- string = p11_buffer_steal (&buffer, &length);
- p11_buffer_uninit (&buffer);
-
- assert_str_eq ("blah yada", string);
- assert_num_eq (9, length);
- assert_num_eq (0, mock_freed);
-
- free (string);
-}
-
-static void
-test_add (void)
-{
- p11_buffer buffer;
-
- p11_buffer_init (&buffer, 10);
-
- p11_buffer_add (&buffer, (unsigned char *)"Planet Express", 15);
- assert_num_eq (15, buffer.len);
- assert_str_eq ("Planet Express", (char *)buffer.data);
- assert (p11_buffer_ok (&buffer));
-
- p11_buffer_uninit (&buffer);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_init_uninit, "/buffer/init-uninit");
- p11_test (test_init_for_data, "/buffer/init-for-data");
- p11_test (test_append, "/buffer/append");
- p11_test (test_null, "/buffer/null");
- p11_test (test_add, "/buffer/add");
- p11_test (test_steal, "/buffer/steal");
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-compat.c b/common/test-compat.c
deleted file mode 100644
index e28698e..0000000
--- a/common/test-compat.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "compat.h"
-
-static void
-test_strndup (void)
-{
- char unterminated[] = { 't', 'e', 's', 't', 'e', 'r', 'o', 'n', 'i', 'o' };
- char *res;
-
- res = strndup (unterminated, 6);
- assert_str_eq (res, "tester");
- free (res);
-
- res = strndup ("test", 6);
- assert_str_eq (res, "test");
- free (res);
-}
-
-#ifdef OS_UNIX
-
-static void
-test_getauxval (void)
-{
- /* 23 is AT_SECURE */
- const char *args[] = { BUILDDIR "/frob-getauxval", "23", NULL };
- char *path;
- int ret;
-
- ret = p11_test_run_child (args, true);
- assert_num_eq (ret, 0);
-
- path = p11_test_copy_setgid (args[0]);
- if (path == NULL)
- return;
-
- args[0] = path;
- ret = p11_test_run_child (args, true);
- assert_num_cmp (ret, !=, 0);
-
- if (unlink (path) < 0)
- assert_fail ("unlink failed", strerror (errno));
- free (path);
-}
-
-static void
-test_secure_getenv (void)
-{
- const char *args[] = { BUILDDIR "/frob-getenv", "BLAH", NULL };
- char *path;
- int ret;
-
- setenv ("BLAH", "5", 1);
-
- ret = p11_test_run_child (args, true);
- assert_num_eq (ret, 5);
-
- path = p11_test_copy_setgid (args[0]);
- if (path == NULL)
- return;
-
- args[0] = path;
- ret = p11_test_run_child (args, true);
- assert_num_cmp (ret, ==, 0);
-
-/* if (unlink (path) < 0)
- assert_fail ("unlink failed", strerror (errno));
- */
- free (path);
-}
-
-static void
-test_mmap (void)
-{
- p11_mmap *map;
- void *data;
- size_t size;
- char file[] = "emptyfileXXXXXX";
- int fd = mkstemp (file);
- assert (fd >= 0);
- close (fd);
- /* mmap on empty file should work */
- map = p11_mmap_open (file, NULL, &data, &size);
- unlink (file);
- assert_ptr_not_null (map);
- p11_mmap_close (map);
-}
-
-#endif /* OS_UNIX */
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_strndup, "/compat/strndup");
-#ifdef OS_UNIX
- /* Don't run this test when under fakeroot */
- if (!getenv ("FAKED_MODE")) {
- p11_test (test_getauxval, "/compat/getauxval");
- p11_test (test_secure_getenv, "/compat/secure_getenv");
- }
- p11_test (test_mmap, "/compat/mmap");
-#endif
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-constants.c b/common/test-constants.c
deleted file mode 100644
index 577d611..0000000
--- a/common/test-constants.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "constants.h"
-#include "debug.h"
-
-static void
-test_constants (void *arg)
-{
- const p11_constant *constant = arg;
- p11_dict *nicks, *names;
- CK_ULONG check;
- int i, j;
-
- nicks = p11_constant_reverse (true);
- names = p11_constant_reverse (false);
-
- for (i = 1; constant[i].value != CKA_INVALID; i++) {
- if (constant[i].value < constant[i - 1].value)
- assert_fail ("attr constant out of order", constant[i].name);
- }
- for (i = 0; constant[i].value != CKA_INVALID; i++) {
- assert_ptr_not_null (constant[i].name);
-
- if (constant[i].nicks[0]) {
- assert_str_eq (constant[i].nicks[0],
- p11_constant_nick (constant, constant[i].value));
- }
-
- assert_str_eq (constant[i].name,
- p11_constant_name (constant, constant[i].value));
-
- for (j = 0; constant[i].nicks[j] != NULL; j++) {
- check = p11_constant_resolve (nicks, constant[i].nicks[j]);
- assert_num_eq (constant[i].value, check);
- }
-
- check = p11_constant_resolve (names, constant[i].name);
- assert_num_eq (constant[i].value, check);
- }
-
- p11_dict_free (names);
- p11_dict_free (nicks);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_testx (test_constants, (void *)p11_constant_types, "/constants/types");
- p11_testx (test_constants, (void *)p11_constant_classes, "/constants/classes");
- p11_testx (test_constants, (void *)p11_constant_trusts, "/constants/trusts");
- p11_testx (test_constants, (void *)p11_constant_certs, "/constants/certs");
- p11_testx (test_constants, (void *)p11_constant_keys, "/constants/keys");
- p11_testx (test_constants, (void *)p11_constant_asserts, "/constants/asserts");
- p11_testx (test_constants, (void *)p11_constant_categories, "/constants/categories");
- p11_testx (test_constants, (void *)p11_constant_mechanisms, "/constants/mechanisms");
- p11_testx (test_constants, (void *)p11_constant_users, "/constants/users");
- p11_testx (test_constants, (void *)p11_constant_states, "/constants/states");
- p11_testx (test_constants, (void *)p11_constant_returns, "/constants/returns");
-
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-dict.c b/common/test-dict.c
deleted file mode 100644
index f12a34e..0000000
--- a/common/test-dict.c
+++ /dev/null
@@ -1,522 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "dict.h"
-
-static void
-test_create (void)
-{
- p11_dict *map;
-
- map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL);
- assert_ptr_not_null (map);
- p11_dict_free (map);
-}
-
-static void
-test_free_null (void)
-{
- p11_dict_free (NULL);
-}
-
-typedef struct {
- int value;
- bool freed;
-} Key;
-
-static unsigned int
-key_hash (const void *ptr)
-{
- const Key *k = ptr;
- assert (!k->freed);
- return p11_dict_intptr_hash (&k->value);
-}
-
-static bool
-key_equal (const void *one,
- const void *two)
-{
- const Key *k1 = one;
- const Key *k2 = two;
- assert (!k1->freed);
- assert (!k2->freed);
- return p11_dict_intptr_equal (&k1->value, &k2->value);
-}
-
-static void
-key_destroy (void *data)
-{
- Key *k = data;
- assert (!k->freed);
- k->freed = true;
-}
-
-static void
-value_destroy (void *data)
-{
- int *value = data;
- *value = 2;
-}
-
-static void
-test_free_destroys (void)
-{
- p11_dict *map;
- Key key = { 8, 0 };
- int value = 0;
-
- map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy);
- assert_ptr_not_null (map);
- if (!p11_dict_set (map, &key, &value))
- assert_not_reached ();
- p11_dict_free (map);
-
- assert_num_eq (true, key.freed);
- assert_num_eq (2, value);
-}
-
-static void
-test_iterate (void)
-{
- p11_dict *map;
- p11_dictiter iter;
- int key = 1;
- int value = 2;
- void *pkey;
- void *pvalue;
- int ret;
-
- map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL);
- assert_ptr_not_null (map);
- if (!p11_dict_set (map, &key, &value))
- assert_not_reached ();
-
- p11_dict_iterate (map, &iter);
-
- ret = p11_dict_next (&iter, &pkey, &pvalue);
- assert_num_eq (1, ret);
- assert_ptr_eq (pkey, &key);
- assert_ptr_eq (pvalue, &value);
-
- ret = p11_dict_next (&iter, &pkey, &pvalue);
- assert_num_eq (0, ret);
-
- p11_dict_free (map);
-}
-
-static int
-compar_strings (const void *one,
- const void *two)
-{
- char **p1 = (char **)one;
- char **p2 = (char **)two;
- return strcmp (*p1, *p2);
-}
-
-static void
-test_iterate_remove (void)
-{
- p11_dict *map;
- p11_dictiter iter;
- char *keys[] = { "111", "222", "333" };
- char *values[] = { "444", "555", "666" };
- void *okeys[3];
- void *ovalues[3];
- bool ret;
- int i;
-
- map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
- assert_ptr_not_null (map);
-
- for (i = 0; i < 3; i++) {
- if (!p11_dict_set (map, keys[i], values[i]))
- assert_not_reached ();
- }
-
- p11_dict_iterate (map, &iter);
-
- ret = p11_dict_next (&iter, &okeys[0], &ovalues[0]);
- assert_num_eq (true, ret);
-
- ret = p11_dict_next (&iter, &okeys[1], &ovalues[1]);
- assert_num_eq (true, ret);
- if (!p11_dict_remove (map, okeys[1]))
- assert_not_reached ();
-
- ret = p11_dict_next (&iter, &okeys[2], &ovalues[2]);
- assert_num_eq (true, ret);
-
- ret = p11_dict_next (&iter, NULL, NULL);
- assert_num_eq (false, ret);
-
- assert_num_eq (2, p11_dict_size (map));
- p11_dict_free (map);
-
- qsort (okeys, 3, sizeof (void *), compar_strings);
- qsort (ovalues, 3, sizeof (void *), compar_strings);
-
- for (i = 0; i < 3; i++) {
- assert_str_eq (keys[i], okeys[i]);
- assert_ptr_eq (keys[i], okeys[i]);
- assert_str_eq (values[i], ovalues[i]);
- assert_ptr_eq (values[i], ovalues[i]);
- }
-}
-
-static void
-test_set_get (void)
-{
- char *key = "KEY";
- char *value = "VALUE";
- char *check;
- p11_dict *map;
-
- map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
- p11_dict_set (map, key, value);
- check = p11_dict_get (map, key);
- assert_ptr_eq (check, value);
-
- p11_dict_free (map);
-}
-
-static void
-test_set_get_remove (void)
-{
- char *key = "KEY";
- char *value = "VALUE";
- char *check;
- p11_dict *map;
- bool ret;
-
- map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
-
- if (!p11_dict_set (map, key, value))
- assert_not_reached ();
-
- check = p11_dict_get (map, key);
- assert_ptr_eq (check, value);
-
- ret = p11_dict_remove (map, key);
- assert_num_eq (true, ret);
- ret = p11_dict_remove (map, key);
- assert_num_eq (false, ret);
-
- check = p11_dict_get (map, key);
- assert (check == NULL);
-
- p11_dict_free (map);
-}
-
-static void
-test_set_clear (void)
-{
- char *key = "KEY";
- char *value = "VALUE";
- char *check;
- p11_dict *map;
-
- map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL);
-
- if (!p11_dict_set (map, key, value))
- assert_not_reached ();
-
- p11_dict_clear (map);
-
- check = p11_dict_get (map, key);
- assert (check == NULL);
-
- p11_dict_free (map);
-}
-
-static void
-test_remove_destroys (void)
-{
- p11_dict *map;
- Key key = { 8, 0 };
- int value = 0;
- bool ret;
-
- map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy);
- assert_ptr_not_null (map);
- if (!p11_dict_set (map, &key, &value))
- assert_not_reached ();
-
- ret = p11_dict_remove (map, &key);
- assert_num_eq (true, ret);
- assert_num_eq (true, key.freed);
- assert_num_eq (2, value);
-
- /* should not be destroyed again */
- key.freed = false;
- value = 0;
-
- ret = p11_dict_remove (map, &key);
- assert_num_eq (false, ret);
- assert_num_eq (false, key.freed);
- assert_num_eq (0, value);
-
- /* should not be destroyed again */
- key.freed = false;
- value = 0;
-
- p11_dict_free (map);
-
- assert_num_eq (false, key.freed);
- assert_num_eq (0, value);
-}
-
-static void
-test_set_destroys (void)
-{
- p11_dict *map;
- Key key = { 8, 0 };
- Key key2 = { 8, 0 };
- int value, value2;
- bool ret;
-
- map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy);
- assert_ptr_not_null (map);
- if (!p11_dict_set (map, &key, &value))
- assert_not_reached ();
-
- key.freed = key2.freed = false;
- value = value2 = 0;
-
- /* Setting same key and value, should not be destroyed */
- ret = p11_dict_set (map, &key, &value);
- assert_num_eq (true, ret);
- assert_num_eq (false, key.freed);
- assert_num_eq (false, key2.freed);
- assert_num_eq (0, value);
- assert_num_eq (0, value2);
-
- key.freed = key2.freed = false;
- value = value2 = 0;
-
- /* Setting a new key same value, key should be destroyed */
- ret = p11_dict_set (map, &key2, &value);
- assert_num_eq (true, ret);
- assert_num_eq (true, key.freed);
- assert_num_eq (false, key2.freed);
- assert_num_eq (0, value);
- assert_num_eq (0, value2);
-
- key.freed = key2.freed = false;
- value = value2 = 0;
-
- /* Setting same key, new value, value should be destroyed */
- ret = p11_dict_set (map, &key2, &value2);
- assert_num_eq (true, ret);
- assert_num_eq (false, key.freed);
- assert_num_eq (false, key2.freed);
- assert_num_eq (2, value);
- assert_num_eq (0, value2);
-
- key.freed = key2.freed = false;
- value = value2 = 0;
-
- /* Setting new key new value, both should be destroyed */
- ret = p11_dict_set (map, &key, &value);
- assert_num_eq (true, ret);
- assert_num_eq (false, key.freed);
- assert_num_eq (true, key2.freed);
- assert_num_eq (0, value);
- assert_num_eq (2, value2);
-
- key.freed = key2.freed = false;
- value = value2 = 0;
-
- p11_dict_free (map);
- assert_num_eq (true, key.freed);
- assert_num_eq (2, value);
- assert_num_eq (false, key2.freed);
- assert_num_eq (0, value2);
-}
-
-
-static void
-test_clear_destroys (void)
-{
- p11_dict *map;
- Key key = { 18, 0 };
- int value = 0;
-
- map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy);
- assert_ptr_not_null (map);
- if (!p11_dict_set (map, &key, &value))
- assert_not_reached ();
-
- p11_dict_clear (map);
- assert_num_eq (true, key.freed);
- assert_num_eq (2, value);
-
- /* should not be destroyed again */
- key.freed = false;
- value = 0;
-
- p11_dict_clear (map);
- assert_num_eq (false, key.freed);
- assert_num_eq (0, value);
-
- /* should not be destroyed again */
- key.freed = false;
- value = 0;
-
- p11_dict_free (map);
-
- assert_num_eq (false, key.freed);
- assert_num_eq (0, value);
-}
-
-static unsigned int
-test_hash_intptr_with_collisions (const void *data)
-{
- /* lots and lots of collisions, only returns 100 values */
- return (unsigned int)(*((int*)data) % 100);
-}
-
-static void
-test_hash_add_check_lots_and_collisions (void)
-{
- p11_dict *map;
- int *value;
- int i;
-
- map = p11_dict_new (test_hash_intptr_with_collisions,
- p11_dict_intptr_equal, NULL, free);
-
- for (i = 0; i < 20000; ++i) {
- value = malloc (sizeof (int));
- assert (value != NULL);
- *value = i;
- if (!p11_dict_set (map, value, value))
- assert_not_reached ();
- }
-
- for (i = 0; i < 20000; ++i) {
- value = p11_dict_get (map, &i);
- assert_ptr_not_null (value);
- assert_num_eq (i, *value);
- }
-
- p11_dict_free (map);
-}
-
-static void
-test_hash_count (void)
-{
- p11_dict *map;
- int *value;
- int i;
- bool ret;
-
- map = p11_dict_new (p11_dict_intptr_hash, p11_dict_intptr_equal, NULL, free);
-
- assert_num_eq (0, p11_dict_size (map));
-
- for (i = 0; i < 20000; ++i) {
- value = malloc (sizeof (int));
- assert (value != NULL);
- *value = i;
- if (!p11_dict_set (map, value, value))
- assert_not_reached ();
- assert_num_eq (i + 1, p11_dict_size (map));
- }
-
- for (i = 0; i < 20000; ++i) {
- ret = p11_dict_remove (map, &i);
- assert_num_eq (true, ret);
- assert_num_eq (20000 - (i + 1), p11_dict_size (map));
- }
-
- p11_dict_clear (map);
- assert_num_eq (0, p11_dict_size (map));
-
- p11_dict_free (map);
-}
-
-static void
-test_hash_ulongptr (void)
-{
- p11_dict *map;
- unsigned long *value;
- unsigned long i;
-
- map = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free);
-
- for (i = 0; i < 20000; ++i) {
- value = malloc (sizeof (unsigned long));
- assert (value != NULL);
- *value = i;
- if (!p11_dict_set (map, value, value))
- assert_not_reached ();
- }
-
- for (i = 0; i < 20000; ++i) {
- value = p11_dict_get (map, &i);
- assert_ptr_not_null (value);
- assert_num_eq (i, *value);
- }
-
- p11_dict_free (map);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_create, "/dict/create");
- p11_test (test_set_get, "/dict/set-get");
- p11_test (test_set_get_remove, "/dict/set-get-remove");
- p11_test (test_remove_destroys, "/dict/remove-destroys");
- p11_test (test_set_clear, "/dict/set-clear");
- p11_test (test_set_destroys, "/dict/set-destroys");
- p11_test (test_clear_destroys, "/dict/clear-destroys");
- p11_test (test_free_null, "/dict/free-null");
- p11_test (test_free_destroys, "/dict/free-destroys");
- p11_test (test_iterate, "/dict/iterate");
- p11_test (test_iterate_remove, "/dict/iterate-remove");
- p11_test (test_hash_add_check_lots_and_collisions, "/dict/add-check-lots-and-collisions");
- p11_test (test_hash_count, "/dict/count");
- p11_test (test_hash_ulongptr, "/dict/ulongptr");
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-hash.c b/common/test-hash.c
deleted file mode 100644
index a12d5a4..0000000
--- a/common/test-hash.c
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "hash.h"
-
-static void
-test_murmur3 (void)
-{
- uint32_t one, two, four, seven, eleven, split;
-
- assert (sizeof (one) == P11_HASH_MURMUR3_LEN);
-
- p11_hash_murmur3 ((unsigned char *)&one, "one", 3, NULL);
- p11_hash_murmur3 ((unsigned char *)&two, "two", 3, NULL);
- p11_hash_murmur3 ((unsigned char *)&four, "four", 4, NULL);
- p11_hash_murmur3 ((unsigned char *)&seven, "seven", 5, NULL);
- p11_hash_murmur3 ((unsigned char *)&eleven, "eleven", 6, NULL);
- p11_hash_murmur3 ((unsigned char *)&split, "ele", 3, "ven", 3, NULL);
-
- assert (one != two);
- assert (one != four);
- assert (one != seven);
- assert (one != eleven);
-
- assert (two != four);
- assert (two != seven);
- assert (two != eleven);
-
- assert (four != seven);
- assert (four != eleven);
-
- assert (split == eleven);
-}
-
-static void
-test_murmur3_incr (void)
-{
- uint32_t first, second;
-
- p11_hash_murmur3 ((unsigned char *)&first,
- "this is the long input!", (size_t)23,
- NULL);
-
- p11_hash_murmur3 ((unsigned char *)&second,
- "this", (size_t)4,
- " ", (size_t)1,
- "is ", (size_t)3,
- "the long ", (size_t)9,
- "in", (size_t)2,
- "p", (size_t)1,
- "u", (size_t)1,
- "t", (size_t)1,
- "!", (size_t)1,
- NULL);
-
- assert_num_eq (first, second);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_murmur3, "/hash/murmur3");
- p11_test (test_murmur3_incr, "/hash/murmur3-incr");
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-lexer.c b/common/test-lexer.c
deleted file mode 100644
index 7d18e87..0000000
--- a/common/test-lexer.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "compat.h"
-#include "debug.h"
-#include "lexer.h"
-#include "message.h"
-
-typedef struct {
- int tok_type;
- const char *name;
- const char *value;
-} expected_tok;
-
-static void
-check_lex_msg (const char *file,
- int line,
- const char *function,
- const expected_tok *expected,
- const char *input,
- bool failure)
-{
- p11_lexer lexer;
- size_t len;
- bool failed;
- int i;
-
- p11_lexer_init (&lexer, "test", input, strlen (input));
- for (i = 0; p11_lexer_next (&lexer, &failed); i++) {
- if (expected[i].tok_type != lexer.tok_type)
- p11_test_fail (file, line, function,
- "lexer token type does not match: (%d != %d)",
- expected[i].tok_type, lexer.tok_type);
- switch (lexer.tok_type) {
- case TOK_FIELD:
- if (strcmp (expected[i].name, lexer.tok.field.name) != 0)
- p11_test_fail (file, line, function,
- "field name doesn't match: (%s != %s)",
- expected[i].name, lexer.tok.field.name);
- if (strcmp (expected[i].value, lexer.tok.field.value) != 0)
- p11_test_fail (file, line, function,
- "field value doesn't match: (%s != %s)",
- expected[i].value, lexer.tok.field.value);
- break;
- case TOK_SECTION:
- if (strcmp (expected[i].name, lexer.tok.field.name) != 0)
- p11_test_fail (file, line, function,
- "section name doesn't match: (%s != %s)",
- expected[i].name, lexer.tok.field.name);
- break;
- case TOK_PEM:
- len = strlen (expected[i].name);
- if (lexer.tok.pem.length < len ||
- strncmp (lexer.tok.pem.begin, expected[i].name, len) != 0) {
- p11_test_fail (file, line, function,
- "wrong type of PEM block: %s",
- expected[i].name);
- }
- break;
- case TOK_EOF:
- p11_test_fail (file, line, function, "eof should not be recieved");
- break;
- }
- }
-
- if (failure && !failed)
- p11_test_fail (file, line, function, "lexing didn't fail");
- else if (!failure && failed)
- p11_test_fail (file, line, function, "lexing failed");
- if (TOK_EOF != expected[i].tok_type)
- p11_test_fail (file, line, function, "premature end of lexing");
-
- p11_lexer_done (&lexer);
-}
-
-#define check_lex_success(expected, input) \
- check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, false)
-
-#define check_lex_failure(expected, input) \
- check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, true)
-
-static void
-test_basic (void)
-{
- const char *input = "[the header]\n"
- "field: value\n"
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----\n";
-
- const expected_tok expected[] = {
- { TOK_SECTION, "the header" },
- { TOK_FIELD, "field", "value" },
- { TOK_PEM, "-----BEGIN BLOCK1-----\n", },
- { TOK_EOF }
- };
-
- check_lex_success (expected, input);
-}
-
-static void
-test_corners (void)
-{
- const char *input = "\r\n" /* blankline */
- " [the header]\r\n" /* bad line endings */
- " field: value \r\n" /* whitespace */
- "number: 2\n" /* extra space*/
- "number :3\n" /* extra space*/
- "number : 4\n" /* extra space*/
- "\n"
- " # A comment \n"
- "not-a-comment: # value\n"
- "-----BEGIN BLOCK1-----\r\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\r\n"
- "-----END BLOCK1-----"; /* no new line */
-
- const expected_tok expected[] = {
- { TOK_SECTION, "the header" },
- { TOK_FIELD, "field", "value" },
- { TOK_FIELD, "number", "2" },
- { TOK_FIELD, "number", "3" },
- { TOK_FIELD, "number", "4" },
- { TOK_FIELD, "not-a-comment", "# value" },
- { TOK_PEM, "-----BEGIN BLOCK1-----\r\n", },
- { TOK_EOF }
- };
-
- check_lex_success (expected, input);
-}
-
-static void
-test_following (void)
-{
- const char *input = "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----\n"
- "field: value";
-
- const expected_tok expected[] = {
- { TOK_PEM, "-----BEGIN BLOCK1-----\n", },
- { TOK_FIELD, "field", "value" },
- { TOK_EOF }
- };
-
- check_lex_success (expected, input);
-}
-
-static void
-test_bad_pem (void)
-{
- const char *input = "field: value\n"
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n";
-
- const expected_tok expected[] = {
- { TOK_FIELD, "field", "value" },
- { TOK_EOF }
- };
-
- p11_message_quiet ();
-
- check_lex_failure (expected, input);
-
- p11_message_loud ();
-}
-
-static void
-test_bad_section (void)
-{
- const char *input = "field: value\n"
- "[section\n"
- "bad]\n";
-
- const expected_tok expected[] = {
- { TOK_FIELD, "field", "value" },
- { TOK_EOF }
- };
-
- p11_message_quiet ();
-
- check_lex_failure (expected, input);
-
- p11_message_loud ();
-}
-
-static void
-test_bad_value (void)
-{
- const char *input = "field_value\n"
- "[section\n"
- "bad]\n";
-
- const expected_tok expected[] = {
- { TOK_EOF }
- };
-
- p11_message_quiet ();
-
- check_lex_failure (expected, input);
-
- p11_message_loud ();
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_basic, "/lexer/basic");
- p11_test (test_corners, "/lexer/corners");
- p11_test (test_following, "/lexer/following");
- p11_test (test_bad_pem, "/lexer/bad-pem");
- p11_test (test_bad_section, "/lexer/bad-section");
- p11_test (test_bad_value, "/lexer/bad-value");
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-message.c b/common/test-message.c
deleted file mode 100644
index 63ecf31..0000000
--- a/common/test-message.c
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "message.h"
-
-#include <errno.h>
-#include <stdlib.h>
-
-static void
-test_with_err (void)
-{
- const char *last;
- char *expected;
-
- errno = E2BIG;
- p11_message_err (ENOENT, "Details: %s", "value");
- last = p11_message_last ();
-
- if (asprintf (&expected, "Details: value: %s", strerror (ENOENT)) < 0)
- assert_not_reached ();
- assert_str_eq (expected, last);
- free (expected);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_with_err, "/message/with-err");
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-path.c b/common/test-path.c
deleted file mode 100644
index 57619c8..0000000
--- a/common/test-path.c
+++ /dev/null
@@ -1,216 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "compat.h"
-#include "path.h"
-
-static void
-test_base (void)
-{
- struct {
- const char *in;
- const char *out;
- } fixtures[] = {
- { "/this/is/a/path", "path" },
- { "/this/is/a/folder/", "folder" },
- { "folder/", "folder" },
- { "/", "" },
- { "this", "this" },
-#ifdef OS_WIN32
- { "\\this\\is\\a\\path", "path" },
- { "\\this\\is\\a\\folder\\", "folder" },
- { "C:\\this\\is\\a\\path", "path" },
- { "D:\\this\\is\\a\\folder\\", "folder" },
- { "folder\\", "folder" },
- { "\\", "" },
-#endif
- { NULL },
- };
-
- char *out;
- int i;
-
- for (i = 0; fixtures[i].in != NULL; i++) {
- out = p11_path_base (fixtures[i].in);
- assert_str_eq (fixtures[i].out, out);
- free (out);
- }
-}
-
-#define assert_str_eq_free(ex, ac) \
- do { const char *__s1 = (ex); \
- char *__s2 = (ac); \
- if (__s1 && __s2 && strcmp (__s1, __s2) == 0) ; else \
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (%s == %s)", \
- #ex, #ac, __s1 ? __s1 : "(null)", __s2 ? __s2 : "(null)"); \
- free (__s2); \
- } while (0)
-
-static void
-test_build (void)
-{
-#ifdef OS_UNIX
- assert_str_eq_free ("/root/second",
- p11_path_build ("/root", "second", NULL));
- assert_str_eq_free ("/root/second",
- p11_path_build ("/root", "/second", NULL));
- assert_str_eq_free ("/root/second",
- p11_path_build ("/root/", "second", NULL));
- assert_str_eq_free ("/root/second/third",
- p11_path_build ("/root", "second", "third", NULL));
- assert_str_eq_free ("/root/second/third",
- p11_path_build ("/root", "/second/third", NULL));
-#else /* OS_WIN32 */
- assert_str_eq_free ("C:\\root\\second",
- p11_path_build ("C:\\root", "second", NULL));
- assert_str_eq_free ("C:\\root\\second",
- p11_path_build ("C:\\root", "\\second", NULL));
- assert_str_eq_free ("C:\\root\\second",
- p11_path_build ("C:\\root\\", "second", NULL));
- assert_str_eq_free ("C:\\root\\second\\third",
- p11_path_build ("C:\\root", "second", "third", NULL));
- assert_str_eq_free ("C:\\root\\second/third",
- p11_path_build ("C:\\root", "second/third", NULL));
-#endif
-}
-
-static void
-test_expand (void)
-{
- char *path;
-
-#ifdef OS_UNIX
- putenv ("HOME=/home/blah");
- assert_str_eq_free ("/home/blah/my/path",
- p11_path_expand ("~/my/path"));
- assert_str_eq_free ("/home/blah",
- p11_path_expand ("~"));
- putenv ("XDG_CONFIG_HOME=/my");
- assert_str_eq_free ("/my/path",
- p11_path_expand ("~/.config/path"));
- putenv ("XDG_CONFIG_HOME=");
- assert_str_eq_free ("/home/blah/.config/path",
- p11_path_expand ("~/.config/path"));
-#else /* OS_WIN32 */
- putenv ("HOME=C:\\Users\\blah");
- assert_str_eq_free ("C:\\Users\\blah\\path",
- p11_path_expand ("~/my/path"));
- assert_str_eq_free ("C:\\Users\\blah\\path",
- p11_path_expand ("~\\path"));
-#endif
-
- putenv("HOME=");
- path = p11_path_expand ("~/this/is/my/path");
- assert (strstr (path, "this/is/my/path") != NULL);
- free (path);
-}
-
-static void
-test_absolute (void)
-{
-#ifdef OS_UNIX
- assert (p11_path_absolute ("/home"));
- assert (!p11_path_absolute ("home"));
-#else /* OS_WIN32 */
- assert (p11_path_absolute ("C:\\home"));
- assert (!p11_path_absolute ("home"));
- assert (p11_path_absolute ("/home"));
-#endif
-}
-
-static void
-test_parent (void)
-{
- assert_str_eq_free ("/", p11_path_parent ("/root"));
- assert_str_eq_free ("/", p11_path_parent ("/root/"));
- assert_str_eq_free ("/", p11_path_parent ("/root//"));
- assert_str_eq_free ("/root", p11_path_parent ("/root/second"));
- assert_str_eq_free ("/root", p11_path_parent ("/root//second"));
- assert_str_eq_free ("/root", p11_path_parent ("/root//second//"));
- assert_str_eq_free ("/root", p11_path_parent ("/root///second"));
- assert_str_eq_free ("/root/second", p11_path_parent ("/root/second/test.file"));
- assert_ptr_eq (NULL, p11_path_parent ("/"));
- assert_ptr_eq (NULL, p11_path_parent ("//"));
- assert_ptr_eq (NULL, p11_path_parent (""));
-}
-
-static void
-test_prefix (void)
-{
- assert (p11_path_prefix ("/test/second", "/test"));
- assert (!p11_path_prefix ("/test", "/test"));
- assert (!p11_path_prefix ("/different/prefix", "/test"));
- assert (!p11_path_prefix ("/te", "/test"));
- assert (!p11_path_prefix ("/test", "/test/blah"));
- assert (p11_path_prefix ("/test/other/second", "/test"));
- assert (p11_path_prefix ("/test//other//second", "/test"));
-}
-
-static void
-test_canon (void)
-{
- char *test;
-
- test = strdup ("2309haonutb;AOE@#$O ");
- p11_path_canon (test);
- assert_str_eq (test, "2309haonutb_AOE___O_");
- free (test);
-
- test = strdup ("22@# %ATI@#$onot");
- p11_path_canon (test);
- assert_str_eq (test, "22____ATI___onot");
- free (test);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_base, "/path/base");
- p11_test (test_build, "/path/build");
- p11_test (test_expand, "/path/expand");
- p11_test (test_absolute, "/path/absolute");
- p11_test (test_parent, "/path/parent");
- p11_test (test_prefix, "/path/prefix");
- p11_test (test_canon, "/path/canon");
-
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-tests.c b/common/test-tests.c
deleted file mode 100644
index ba31d83..0000000
--- a/common/test-tests.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-
-static void
-test_success (void)
-{
- /* Yup, nothing */
-}
-
-
-static void
-test_failure (void)
-{
- if (getenv ("TEST_FAIL")) {
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__,
- "Unconditional test failure due to TEST_FAIL environment variable");
- }
-}
-
-static void
-test_memory (void)
-{
- char *mem;
-
- if (getenv ("TEST_FAIL")) {
- mem = malloc (1);
- assert (mem != NULL);
- free (mem);
- *mem = 1;
- }
-}
-
-
-static void
-test_leak (void)
-{
- char *mem;
-
- if (getenv ("TEST_FAIL")) {
- mem = malloc (1);
- assert (mem != NULL);
- *mem = 1;
- }
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_success, "/test/success");
-
- if (getenv ("TEST_FAIL")) {
- p11_test (test_failure, "/test/failure");
- p11_test (test_memory, "/test/memory");
- p11_test (test_leak, "/test/leak");
- }
-
- return p11_test_run (argc, argv);
-}
diff --git a/common/test-url.c b/common/test-url.c
deleted file mode 100644
index 892bf3c..0000000
--- a/common/test-url.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "debug.h"
-#include "message.h"
-
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "url.h"
-
-static void
-check_decode_msg (const char *file,
- int line,
- const char *function,
- const char *input,
- ssize_t input_len,
- const char *expected,
- size_t expected_len)
-{
- unsigned char *decoded;
- size_t length;
-
- if (input_len < 0)
- input_len = strlen (input);
- decoded = p11_url_decode (input, input + input_len, "", &length);
-
- if (expected == NULL) {
- if (decoded != NULL)
- p11_test_fail (file, line, function, "decoding should have failed");
-
- } else {
- if (decoded == NULL)
- p11_test_fail (file, line, function, "decoding failed");
- if (expected_len != length)
- p11_test_fail (file, line, function, "wrong length: (%lu != %lu)",
- (unsigned long)expected_len, (unsigned long)length);
- if (memcmp (decoded, expected, length) != 0)
- p11_test_fail (file, line, function, "decoding wrong");
- free (decoded);
- }
-}
-
-#define check_decode_success(input, input_len, expected, expected_len) \
- check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len)
-
-#define check_decode_failure(input, input_len) \
- check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0)
-
-static void
-test_decode_success (void)
-{
- check_decode_success ("%54%45%53%54%00", -1, "TEST", 5);
- check_decode_success ("%54%45%53%54%00", 6, "TE", 2);
- check_decode_success ("%54est%00", -1, "Test", 5);
-}
-
-static void
-test_decode_skip (void)
-{
- const char *input = "%54 %45 %53 %54 %00";
- unsigned char *decoded;
- size_t length;
-
- decoded = p11_url_decode (input, input + strlen (input), P11_URL_WHITESPACE, &length);
- assert_str_eq ("TEST", (char *)decoded);
- assert_num_eq (5, length);
-
- free (decoded);
-}
-
-static void
-test_decode_failure (void)
-{
- /* Early termination */
- check_decode_failure ("%54%45%53%5", -1);
- check_decode_failure ("%54%45%53%", -1);
-
- /* Not hex characters */
- check_decode_failure ("%54%XX%53%54%00", -1);
-}
-
-static void
-test_encode (void)
-{
- const unsigned char *input = (unsigned char *)"TEST";
- p11_buffer buf;
-
- if (!p11_buffer_init_null (&buf, 5))
- assert_not_reached ();
-
- p11_url_encode (input, input + 5, "", &buf);
- assert (p11_buffer_ok (&buf));
- assert_str_eq ("%54%45%53%54%00", (char *)buf.data);
- assert_num_eq (15, buf.len);
-
- p11_buffer_uninit (&buf);
-}
-
-static void
-test_encode_verbatim (void)
-{
- const unsigned char *input = (unsigned char *)"TEST";
- p11_buffer buf;
-
- if (!p11_buffer_init_null (&buf, 5))
- assert_not_reached ();
-
- p11_url_encode (input, input + 5, "ES", &buf);
- assert (p11_buffer_ok (&buf));
- assert_str_eq ("%54ES%54%00", (char *)buf.data);
- assert_num_eq (11, buf.len);
-
- p11_buffer_uninit (&buf);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_decode_success, "/url/decode-success");
- p11_test (test_decode_skip, "/url/decode-skip");
- p11_test (test_decode_failure, "/url/decode-failure");
-
- p11_test (test_encode, "/url/encode");
- p11_test (test_encode_verbatim, "/url/encode-verbatim");
- return p11_test_run (argc, argv);
-}
diff --git a/common/test.c b/common/test.c
deleted file mode 100644
index 9605d03..0000000
--- a/common/test.c
+++ /dev/null
@@ -1,548 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#define P11_TEST_SOURCE 1
-
-#include "compat.h"
-#include "test.h"
-#include "debug.h"
-#include "path.h"
-
-#include <assert.h>
-#include <dirent.h>
-#include <errno.h>
-#include <setjmp.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#ifdef OS_UNIX
-#include <sys/stat.h>
-#include <sys/wait.h>
-#endif
-
-enum {
- FIXTURE,
- TEST,
-};
-
-typedef void (*func_with_arg) (void *);
-
-typedef struct _test_item {
- int type;
-
- union {
- struct {
- char name[1024];
- func_with_arg func;
- void *argument;
- int failed;
- } test;
- struct {
- func_with_arg setup;
- func_with_arg teardown;
- } fix;
- } x;
-
- struct _test_item *next;
-} test_item;
-
-struct {
- test_item *suite;
- test_item *last;
- int number;
- jmp_buf jump;
-} gl = { NULL, NULL, 0, };
-
-void
-p11_test_fail (const char *filename,
- int line,
- const char *function,
- const char *message,
- ...)
-{
- const char *pos;
- char *output;
- char *from;
- char *next;
- va_list va;
-
- assert (gl.last != NULL);
- assert (gl.last->type == TEST);
- gl.last->x.test.failed = 1;
-
- printf ("not ok %d %s\n", gl.number, gl.last->x.test.name);
-
- va_start (va, message);
- if (vasprintf (&output, message, va) < 0)
- assert (0 && "vasprintf() failed");
- va_end (va);
-
- for (from = output; from != NULL; ) {
- next = strchr (from, '\n');
- if (next) {
- next[0] = '\0';
- next += 1;
- }
-
- printf ("# %s\n", from);
- from = next;
- }
-
- pos = strrchr (filename, '/');
- if (pos != NULL && pos[1] != '\0')
- filename = pos + 1;
-
- printf ("# in %s() at %s:%d\n", function, filename, line);
-
- free (output);
-
- /* Let coverity know we're not supposed to return from here */
-#ifdef __COVERITY__
- abort();
-#endif
-
- longjmp (gl.jump, 1);
-}
-
-static void
-test_push (test_item *it)
-{
- test_item *item;
-
- item = calloc (1, sizeof (test_item));
- assert (item != NULL);
- memcpy (item, it, sizeof (test_item));
-
- if (!gl.suite)
- gl.suite = item;
- if (gl.last)
- gl.last->next = item;
- gl.last = item;
-}
-
-void
-p11_test (void (* function) (void),
- const char *name,
- ...)
-{
- test_item item = { TEST, };
- va_list va;
-
- item.x.test.func = (func_with_arg)function;
-
- va_start (va, name);
- vsnprintf (item.x.test.name, sizeof (item.x.test.name), name, va);
- va_end (va);
-
- test_push (&item);
-}
-
-void
-p11_testx (void (* function) (void *),
- void *argument,
- const char *name,
- ...)
-{
- test_item item = { TEST, };
- va_list va;
-
- item.type = TEST;
- item.x.test.func = function;
- item.x.test.argument = argument;
-
- va_start (va, name);
- vsnprintf (item.x.test.name, sizeof (item.x.test.name), name, va);
- va_end (va);
-
- test_push (&item);
-}
-
-void
-p11_fixture (void (* setup) (void *),
- void (* teardown) (void *))
-{
- test_item item;
-
- item.type = FIXTURE;
- item.x.fix.setup = setup;
- item.x.fix.teardown = teardown;
-
- test_push (&item);
-}
-
-static int
-should_run_test (int argc,
- char **argv,
- test_item *item)
-{
- int i;
- if (argc == 0)
- return 1;
- for (i = 0; i < argc; i++) {
- if (strcmp (argv[i], item->x.test.name) == 0)
- return 1;
- }
-
- return 0;
-}
-
-int
-p11_test_run (int argc,
- char **argv)
-{
- test_item *fixture = NULL;
- test_item *item;
- test_item *next;
- int count;
- int ret = 0;
- int setup;
- int opt;
-
- /* p11-kit specific stuff */
- putenv ("P11_KIT_STRICT=1");
- p11_debug_init ();
-
- while ((opt = getopt (argc, argv, "")) != -1) {
- switch (opt) {
- default:
- fprintf (stderr, "specify only test names on the command line\n");
- return 2;
- }
- }
-
- argc -= optind;
- argv += optind;
-
- assert (gl.number == 0);
- gl.last = NULL;
-
- for (item = gl.suite, count = 0; item != NULL; item = item->next) {
- if (item->type == TEST && should_run_test (argc, argv, item))
- count++;
- }
-
- if (count == 0) {
- printf ("1..0 # No tests\n");
- return 0;
- }
-
- printf ("1..%d\n", count);
-
- for (item = gl.suite, gl.number = 0; item != NULL; item = item->next) {
- if (item->type == FIXTURE) {
- fixture = item;
- continue;
- }
-
- assert (item->type == TEST);
-
- if (!should_run_test (argc, argv, item))
- continue;
-
- gl.last = item;
- gl.number++;
- setup = 0;
-
- if (setjmp (gl.jump) == 0) {
- if (fixture && fixture->x.fix.setup)
- (fixture->x.fix.setup) (item->x.test.argument);
-
- setup = 1;
-
- assert (item->x.test.func);
- (item->x.test.func)(item->x.test.argument);
-
- printf ("ok %d %s\n", gl.number, item->x.test.name);
- }
-
- if (setup) {
- if (setjmp (gl.jump) == 0) {
- if (fixture && fixture->x.fix.teardown)
- (fixture->x.fix.teardown) (item->x.test.argument);
- }
- }
-
- gl.last = NULL;
- }
-
- for (item = gl.suite; item != NULL; item = next) {
- if (item->type == TEST) {
- if (item->x.test.failed)
- ret++;
- }
-
- next = item->next;
- free (item);
- }
-
- gl.suite = NULL;
- gl.last = 0;
- gl.number = 0;
- return ret;
-}
-
-static char *
-expand_tempdir (const char *name)
-{
- const char *env;
-
- env = secure_getenv ("TMPDIR");
- if (env && env[0]) {
- return p11_path_build (env, name, NULL);
-
- } else {
-#ifdef OS_UNIX
-#ifdef _PATH_TMP
- return p11_path_build (_PATH_TMP, name, NULL);
-#else
- return p11_path_build ("/tmp", name, NULL);
-#endif
-
-#else /* OS_WIN32 */
- char directory[MAX_PATH + 1];
-
- if (!GetTempPathA (MAX_PATH + 1, directory)) {
- printf ("# couldn't lookup temp directory\n");
- errno = ENOTDIR;
- return NULL;
- }
-
- return p11_path_build (directory, name, NULL);
-
-#endif /* OS_WIN32 */
- }
-}
-
-char *
-p11_test_directory (const char *prefix)
-{
- char *templ;
- char *directory;
-
- if (asprintf (&templ, "%s.XXXXXX", prefix) < 0)
- assert_not_reached ();
-
- directory = expand_tempdir (templ);
- assert (directory != NULL);
-
- if (!mkdtemp (directory)) {
- printf ("# couldn't create temp directory: %s: %s\n",
- directory, strerror (errno));
- free (directory);
- assert_not_reached ();
- }
-
- free (templ);
- return directory;
-}
-
-void
-p11_test_file_write (const char *base,
- const char *name,
- const void *contents,
- size_t length)
-{
- char *path = NULL;
- FILE *f;
-
- if (base) {
- if (asprintf (&path, "%s/%s", base, name) < 0)
- assert_not_reached ();
- name = path;
- }
-
- f = fopen (name, "wb");
- if (f == NULL) {
- printf ("# couldn't open file for writing: %s: %s\n", name, strerror (errno));
- free (path);
- assert_not_reached ();
- }
-
- if (fwrite (contents, 1, length, f) != length ||
- fclose (f) != 0) {
- printf ("# couldn't write to file: %s: %s\n", name, strerror (errno));
- free (path);
- assert_not_reached ();
- }
-
- free (path);
-}
-
-void
-p11_test_file_delete (const char *base,
- const char *name)
-{
- char *path = NULL;
-
- if (base) {
- if (asprintf (&path, "%s/%s", base, name) < 0)
- assert_not_reached ();
- name = path;
- }
-
- if (unlink (name) < 0) {
- printf ("# Couldn't delete file: %s\n", name);
- free (path);
- assert_not_reached ();
- }
-
- free (path);
-}
-
-void
-p11_test_directory_delete (const char *directory)
-{
- struct dirent *dp;
- DIR *dir;
-
- dir = opendir (directory);
- if (dir == NULL) {
- printf ("# Couldn't open directory: %s\n", directory);
- assert_not_reached ();
- }
-
- while ((dp = readdir (dir)) != NULL) {
- if (strcmp (dp->d_name, ".") == 0 ||
- strcmp (dp->d_name, "..") == 0)
- continue;
-
- p11_test_file_delete (directory, dp->d_name);
- }
-
- closedir (dir);
-
- if (rmdir (directory) < 0) {
- printf ("# Couldn't remove directory: %s\n", directory);
- assert_not_reached ();
- }
-}
-
-
-#ifdef OS_UNIX
-
-static void
-copy_file (const char *input,
- int fd)
-{
- p11_mmap *mmap;
- const char *data;
- ssize_t written;
- size_t size;
-
- mmap = p11_mmap_open (input, NULL, (void **)&data, &size);
- assert (mmap != NULL);
-
- while (size > 0) {
- written = write (fd, data, size);
- assert (written >= 0);
-
- data += written;
- size -= written;
- }
-
- p11_mmap_close (mmap);
-}
-
-char *
-p11_test_copy_setgid (const char *input)
-{
- gid_t groups[128];
- char *path;
- gid_t group = 0;
- int ret;
- int fd;
- int i;
-
- ret = getgroups (128, groups);
- for (i = 0; i < ret; ++i) {
- if (groups[i] != getgid ()) {
- group = groups[i];
- break;
- }
- }
- if (i == ret) {
- fprintf (stderr, "# no suitable group, skipping test\n");
- return NULL;
- }
-
- path = strdup ("/tmp/test-setgid.XXXXXX");
- assert (path != NULL);
-
- fd = mkstemp (path);
- assert (fd >= 0);
-
- copy_file (input, fd);
- if (fchown (fd, getuid (), group) < 0)
- assert_not_reached ();
- if (fchmod (fd, 02750) < 0)
- assert_not_reached ();
- if (close (fd) < 0)
- assert_not_reached ();
-
- return path;
-}
-
-int
-p11_test_run_child (const char **argv,
- bool quiet_out)
-{
- pid_t child;
- int status;
-
- child = fork ();
- assert (child >= 0);
-
- /* In the child process? */
- if (child == 0) {
- if (quiet_out)
- close (1); /* stdout */
- execv (argv[0], (char **)argv);
- assert_not_reached ();
- }
-
- if (waitpid (child, &status, 0) < 0)
- assert_not_reached ();
-
- assert (!WIFSIGNALED (status));
- assert (WIFEXITED (status));
-
- return WEXITSTATUS (status);
-}
-
-#endif /* OS_UNIX */
diff --git a/common/test.h b/common/test.h
deleted file mode 100644
index e28bb55..0000000
--- a/common/test.h
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "compat.h"
-
-#ifndef P11_TEST_H_
-#define P11_TEST_H_
-
-#ifndef P11_TEST_SOURCE
-
-#include <string.h>
-
-#ifdef assert_not_reached
-#undef assert_not_reached
-#endif
-
-#ifdef assert
-#undef assert
-#endif
-
-#define assert(expr) \
- assert_true(expr)
-#define assert_true(expr) \
- do { if (expr) ; else \
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s)", #expr); \
- } while (0)
-#define assert_false(expr) \
- do { if (expr) \
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (!(%s))", #expr); \
- } while (0)
-#define assert_fail(msg, detail) \
- do { const char *__s = (detail); \
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "%s%s%s", (msg), __s ? ": ": "", __s ? __s : ""); \
- } while (0)
-#define assert_not_reached(msg) \
- do { \
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "code should not be reached"); \
- } while (0)
-#define assert_ptr_not_null(ptr) \
- do { if ((ptr) != NULL) ; else \
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s != NULL)", #ptr); \
- } while (0)
-#define assert_num_cmp(a1, cmp, a2) \
- do { unsigned long __n1 = (a1); \
- unsigned long __n2 = (a2); \
- if (__n1 cmp __n2) ; else \
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s %s %s): (%lu %s %lu)", \
- #a1, #cmp, #a2, __n1, #cmp, __n2); \
- } while (0)
-#define assert_num_eq(a1, a2) \
- assert_num_cmp(a1, ==, a2)
-#define assert_str_cmp(a1, cmp, a2) \
- do { const char *__s1 = (a1); \
- const char *__s2 = (a2); \
- if (__s1 && __s2 && strcmp (__s1, __s2) cmp 0) ; else \
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s %s %s): (%s %s %s)", \
- #a1, #cmp, #a2, __s1 ? __s1 : "(null)", #cmp, __s2 ? __s2 : "(null)"); \
- } while (0)
-#define assert_str_eq(a1, a2) \
- assert_str_cmp(a1, ==, a2)
-#define assert_ptr_eq(a1, a2) \
- do { const void *__p1 = (a1); \
- const void *__p2 = (a2); \
- if (__p1 == __p2) ; else \
- p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (0x%08lx == 0x%08lx)", \
- #a1, #a2, (unsigned long)(size_t)__p1, (unsigned long)(size_t)__p2); \
- } while (0)
-
-#define assert_str_contains(expr, needle) \
- do { const char *__str = (expr); \
- if (__str && strstr (__str, needle)) ; else \
- p1_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s): '%s' does not contain '%s'", \
- #expr, __str, needle); \
- } while (0)
-
-#endif /* !P11_TEST_SOURCE */
-
-
-void p11_test_fail (const char *filename,
- int line,
- const char *function,
- const char *message,
- ...) GNUC_PRINTF(4, 5) CLANG_ANALYZER_NORETURN;
-
-void p11_test (void (* function) (void),
- const char *name,
- ...) GNUC_PRINTF(2, 3);
-
-void p11_testx (void (* function) (void *),
- void *argument,
- const char *name,
- ...) GNUC_PRINTF(3, 4);
-
-void p11_fixture (void (* setup) (void *),
- void (* teardown) (void *));
-
-int p11_test_run (int argc,
- char **argv);
-
-char * p11_test_directory (const char *prefix);
-
-void p11_test_directory_delete (const char *directory);
-
-void p11_test_file_write (const char *directory,
- const char *name,
- const void *contents,
- size_t length);
-
-void p11_test_file_delete (const char *directory,
- const char *name);
-
-#ifdef OS_UNIX
-
-char * p11_test_copy_setgid (const char *path);
-
-int p11_test_run_child (const char **argv,
- bool quiet_out);
-
-#endif
-
-#endif /* P11_TEST_H_ */
diff --git a/common/tool.c b/common/tool.c
deleted file mode 100644
index cca18a2..0000000
--- a/common/tool.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "buffer.h"
-#include "compat.h"
-#include "debug.h"
-#include "message.h"
-#include "path.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <getopt.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "tool.h"
-
-static char
-short_option (int opt)
-{
- if (isalpha (opt) || isdigit (opt))
- return (char)opt;
- return 0;
-}
-
-static const struct option *
-find_option (const struct option *longopts,
- int opt)
-{
- int i;
-
- for (i = 0; longopts[i].name != NULL; i++) {
- if (longopts[i].val == opt)
- return longopts + i;
- }
-
- return NULL;
-}
-
-void
-p11_tool_usage (const p11_tool_desc *usages,
- const struct option *longopts)
-{
- const struct option *longopt;
- const int indent = 22;
- const char *long_name;
- const char *description;
- const char *next;
- char short_name;
- int spaces;
- int len;
- int i;
-
- for (i = 0; usages[i].text != NULL; i++) {
-
- /* If no option, then this is a heading */
- if (!usages[i].option) {
- printf ("%s\n\n", usages[i].text);
- continue;
- }
-
- longopt = find_option (longopts, usages[i].option);
- long_name = longopt ? longopt->name : NULL;
- short_name = short_option (usages[i].option);
- description = usages[i].text;
-
- if (short_name && long_name)
- len = printf (" -%c, --%s", (int)short_name, long_name);
- else if (long_name)
- len = printf (" --%s", long_name);
- else
- len = printf (" -%c", (int)short_name);
- if (longopt && longopt->has_arg)
- len += printf ("%s<%s>",
- long_name ? "=" : " ",
- usages[i].arg ? usages[i].arg : "...");
- if (len < indent) {
- spaces = indent - len;
- } else {
- printf ("\n");
- spaces = indent;
- }
- while (description) {
- while (spaces-- > 0)
- fputc (' ', stdout);
- next = strchr (description, '\n');
- if (next) {
- next += 1;
- printf ("%.*s", (int)(next - description), description);
- description = next;
- spaces = indent;
- } else {
- printf ("%s\n", description);
- break;
- }
- }
-
- }
-}
-
-int
-p11_tool_getopt (int argc,
- char *argv[],
- const struct option *longopts)
-{
- p11_buffer buf;
- int ret;
- char opt;
- int i;
-
- if (!p11_buffer_init_null (&buf, 64))
- return_val_if_reached (-1);
-
- for (i = 0; longopts[i].name != NULL; i++) {
- opt = short_option (longopts[i].val);
- if (opt != 0) {
- p11_buffer_add (&buf, &opt, 1);
- assert (longopts[i].has_arg != optional_argument);
- if (longopts[i].has_arg == required_argument)
- p11_buffer_add (&buf, ":", 1);
- }
- }
-
- ret = getopt_long (argc, argv, buf.data, longopts, NULL);
-
- p11_buffer_uninit (&buf);
-
- return ret;
-}
-
-static void
-command_usage (const p11_tool_command *commands)
-{
- const char *progname;
- int i;
-
- progname = getprogname ();
- printf ("usage: %s command <args>...\n", progname);
- printf ("\nCommon %s commands are:\n", progname);
- for (i = 0; commands[i].name != NULL; i++) {
- if (strcmp (commands[i].name, P11_TOOL_FALLBACK) != 0)
- printf (" %-15s %s\n", commands[i].name, commands[i].text);
- }
- printf ("\nSee '%s <command> --help' for more information\n", progname);
-}
-
-static void
-verbose_arg (void)
-{
- putenv ("P11_KIT_DEBUG=tool");
- p11_message_loud ();
- p11_debug_init ();
-}
-
-static void
-quiet_arg (void)
-{
- putenv ("P11_KIT_DEBUG=");
- p11_message_quiet ();
- p11_debug_init ();
-}
-
-int
-p11_tool_main (int argc,
- char *argv[],
- const p11_tool_command *commands)
-{
- const p11_tool_command *fallback = NULL;
- char *command = NULL;
- bool want_help = false;
- bool skip;
- int in, out;
- int i;
-
- /*
- * Parse the global options. We rearrange the options as
- * necessary, in order to pass relevant options through
- * to the commands, but also have them take effect globally.
- */
-
- for (in = 1, out = 1; in < argc; in++, out++) {
-
- /* The non-option is the command, take it out of the arguments */
- if (argv[in][0] != '-') {
- if (!command) {
- skip = true;
- command = argv[in];
- } else {
- skip = false;
- }
-
- /* The global long options */
- } else if (argv[in][1] == '-') {
- skip = false;
-
- if (strcmp (argv[in], "--") == 0) {
- if (!command) {
- p11_message ("no command specified");
- return 2;
- } else {
- break;
- }
-
- } else if (strcmp (argv[in], "--verbose") == 0) {
- verbose_arg ();
-
- } else if (strcmp (argv[in], "--quiet") == 0) {
- quiet_arg ();
-
- } else if (strcmp (argv[in], "--help") == 0) {
- want_help = true;
-
- } else if (!command) {
- p11_message ("unknown global option: %s", argv[in]);
- return 2;
- }
-
- /* The global short options */
- } else {
- skip = false;
-
- for (i = 1; argv[in][i] != '\0'; i++) {
- switch (argv[in][i]) {
- case 'h':
- want_help = true;
- break;
-
- /* Compatibility option */
- case 'l':
- command = "list-modules";
- break;
-
- case 'v':
- verbose_arg ();
- break;
-
- case 'q':
- quiet_arg ();
- break;
-
- default:
- if (!command) {
- p11_message ("unknown global option: -%c", (int)argv[in][i]);
- return 2;
- }
- break;
- }
- }
- }
-
- /* Skipping this argument? */
- if (skip)
- out--;
- else
- argv[out] = argv[in];
- }
-
- /* Initialize tool's debugging after setting env vars above */
- p11_debug_init ();
-
- if (command == NULL) {
- /* As a special favor if someone just typed the command, help them out */
- if (argc == 1) {
- command_usage (commands);
- return 2;
- } else if (want_help) {
- command_usage (commands);
- return 0;
- } else {
- p11_message ("no command specified");
- return 2;
- }
- }
-
- argc = out;
-
- /* Look for the command */
- for (i = 0; commands[i].name != NULL; i++) {
- if (strcmp (commands[i].name, P11_TOOL_FALLBACK) == 0) {
- fallback = commands + i;
-
- } else if (strcmp (commands[i].name, command) == 0) {
- argv[0] = command;
- return (commands[i].function) (argc, argv);
- }
- }
-
- /* Got here because no command matched */
- if (fallback != NULL) {
- argv[0] = command;
- return (fallback->function) (argc, argv);
- }
-
- /* At this point we have no command */
- p11_message ("'%s' is not a valid command. See '%s --help'",
- command, getprogname ());
- return 2;
-}
diff --git a/common/tool.h b/common/tool.h
deleted file mode 100644
index 16785da..0000000
--- a/common/tool.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef P11_TOOL_H_
-#define P11_TOOL_H_
-
-#include <getopt.h>
-
-#define P11_TOOL_FALLBACK ""
-
-typedef struct {
- const char *name;
- int (*function) (int, char*[]);
- const char *text;
-} p11_tool_command;
-
-typedef struct {
- int option;
- const char *text;
- const char *arg;
-} p11_tool_desc;
-
-int p11_tool_main (int argc,
- char *argv[],
- const p11_tool_command *commands);
-
-int p11_tool_getopt (int argc,
- char *argv[],
- const struct option *longopts);
-
-void p11_tool_usage (const p11_tool_desc *usages,
- const struct option *longopts);
-
-#endif /* P11_TOOL_H_ */
diff --git a/common/url.c b/common/url.c
deleted file mode 100644
index 4b7e47b..0000000
--- a/common/url.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Copyright (C) 2011 Collabora Ltd.
- * Copyright (C) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "debug.h"
-#include "url.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-const static char HEX_CHARS[] = "0123456789abcdef";
-
-unsigned char *
-p11_url_decode (const char *value,
- const char *end,
- const char *skip,
- size_t *length)
-{
- char *a, *b;
- unsigned char *result, *p;
-
- assert (value <= end);
- assert (skip != NULL);
-
- /* String can only get shorter */
- result = malloc ((end - value) + 1);
- return_val_if_fail (result != NULL, NULL);
-
- /* Now loop through looking for escapes */
- p = result;
- while (value != end) {
- /*
- * A percent sign followed by two hex digits means
- * that the digits represent an escaped character.
- */
- if (*value == '%') {
- value++;
- if (value + 2 > end) {
- free (result);
- return NULL;
- }
- a = strchr (HEX_CHARS, tolower (value[0]));
- b = strchr (HEX_CHARS, tolower (value[1]));
- if (!a || !b) {
- free (result);
- return NULL;
- }
- *p = (a - HEX_CHARS) << 4;
- *(p++) |= (b - HEX_CHARS);
- value += 2;
-
- /* Ignore whitespace characters */
- } else if (strchr (skip, *value)) {
- value++;
-
- /* A different character */
- } else {
- *(p++) = *(value++);
- }
- }
-
- /* Null terminate string, in case its a string */
- *p = 0;
-
- if (length)
- *length = p - result;
- return result;
-}
-
-void
-p11_url_encode (const unsigned char *value,
- const unsigned char *end,
- const char *verbatim,
- p11_buffer *buf)
-{
- char hex[3];
-
- assert (value <= end);
-
- /* Now loop through looking for escapes */
- while (value != end) {
-
- /* These characters we let through verbatim */
- if (*value && strchr (verbatim, *value) != NULL) {
- p11_buffer_add (buf, value, 1);
-
- /* All others get encoded */
- } else {
- hex[0] = '%';
- hex[1] = HEX_CHARS[((unsigned char)*value) >> 4];
- hex[2] = HEX_CHARS[((unsigned char)*value) & 0x0F];
- p11_buffer_add (buf, hex, 3);
- }
-
- ++value;
- }
-}
diff --git a/common/url.h b/common/url.h
deleted file mode 100644
index 3c9cfb4..0000000
--- a/common/url.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef P11_URL_H
-#define P11_URL_H
-
-#include "buffer.h"
-#include "compat.h"
-
-#include <stdlib.h>
-
-#define P11_URL_WHITESPACE " \n\r\v"
-
-#define P11_URL_VERBATIM "abcdefghijklmnopqrstuvwxyz" \
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
- "0123456789_-."
-
-unsigned char * p11_url_decode (const char *value,
- const char *end,
- const char *skip,
- size_t *length);
-
-void p11_url_encode (const unsigned char *value,
- const unsigned char *end,
- const char *verbatim,
- p11_buffer *buf);
-
-#endif /* P11_URL_H */
diff --git a/configure.ac b/configure.ac
deleted file mode 100644
index 64f0b5a..0000000
--- a/configure.ac
+++ /dev/null
@@ -1,539 +0,0 @@
-AC_PREREQ(2.61)
-
-AC_INIT([p11-kit],
- [0.23.2],
- [https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue],
- [p11-kit],
- [http://p11-glue.freedesktop.org/p11-kit.html])
-
-# ------------------------------------------------------------------------------
-# p11-kit libtool versioning
-# CURRENT : REVISION : AGE
-# +1 : 0 : +1 == new interface that does not break old one.
-# +1 : 0 : 0 == removed an interface. Breaks old apps.
-# ? : +1 : ? == internal changes that doesn't break anything.
-
-P11KIT_CURRENT=1
-P11KIT_REVISION=0
-P11KIT_AGE=1
-
-# ------------------------------------------------------------------------------
-
-AC_CONFIG_HEADERS([config.h])
-AC_CONFIG_MACRO_DIR([build/m4])
-AC_CONFIG_AUX_DIR([build/litter])
-AM_INIT_AUTOMAKE([1.12 foreign serial-tests subdir-objects])
-AM_SANITY_CHECK
-AM_MAINTAINER_MODE([enable])
-m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])],)
-
-LT_PREREQ([2.2.6])
-LT_INIT([dlopen disable-static])
-
-dnl Checks for programs.
-AC_PROG_CC
-AC_PROG_CPP
-AM_PROG_CC_C_O
-PKG_PROG_PKG_CONFIG
-
-LINGUAS=""
-AM_GNU_GETTEXT([external], [need-ngettext])
-
-if test "$enable_static" = "yes"; then
- AC_MSG_ERROR([p11-kit cannot be used as a static library])
-fi
-
-AC_MSG_CHECKING([for win32])
-case "$host" in
- *-*-mingw*)
- AC_DEFINE_UNQUOTED(OS_WIN32, 1, [Building for win32])
- os_win32=yes
- os_unix=no
- ;;
- *)
- AC_DEFINE_UNQUOTED(OS_UNIX, 1, [Building for unix])
- os_win32=no
- os_unix=yes
- ;;
-esac
-AC_MSG_RESULT([$os_win32])
-AM_CONDITIONAL(OS_WIN32, test "$os_win32" = "yes")
-
-AC_C_BIGENDIAN
-
-# ------------------------------------------------------------------------------
-# Checks for libraries and headers
-
-AC_HEADER_STDBOOL
-
-if test "$os_unix" = "yes"; then
- AC_CHECK_FUNC([pthread_create], , [
- AC_CHECK_LIB(pthread, pthread_create, , [
- AC_MSG_ERROR([could not find pthread_create])
- ])
- ])
-
- AC_CHECK_FUNC([nanosleep], , [
- AC_SEARCH_LIBS([nanosleep], [rt], , [
- AC_MSG_ERROR([could not find nanosleep])
- ])
- ])
-
- AC_SEARCH_LIBS([dlopen], [dl dld], [], [
- AC_MSG_ERROR([could not find dlopen])
- ])
-
- # These are thngs we can work around
- AC_CHECK_HEADERS([sys/resource.h])
- AC_CHECK_MEMBERS([struct dirent.d_type],,,[#include <dirent.h>])
- AC_CHECK_FUNCS([getprogname getexecname basename mkstemp mkdtemp])
- AC_CHECK_FUNCS([getauxval issetugid getresuid secure_getenv])
- AC_CHECK_FUNCS([strnstr memdup strndup strerror_r])
- AC_CHECK_FUNCS([asprintf vasprintf vsnprintf])
- AC_CHECK_FUNCS([fdwalk])
- AC_CHECK_FUNCS([setenv])
-
- AC_CHECK_DECLS([asprintf, vasprintf], [], [], [[#include <stdio.h>]])
-
- # Required functions
- AC_CHECK_FUNCS([gmtime_r],
- [AC_DEFINE([HAVE_GMTIME_R], 1, [Whether gmtime_r() is available])],
- [AC_MSG_ERROR([could not find required gmtime_r() function])])
-
- # Check if these are declared and/or available to link against
- AC_CHECK_DECLS([program_invocation_short_name])
- AC_MSG_CHECKING([whether program_invocation_short_name is available])
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <argp.h>]],
- [[program_invocation_short_name = "test";]])],
- [AC_DEFINE([HAVE_PROGRAM_INVOCATION_SHORT_NAME], [1],
- [Whether program_invocation_short_name available])
- AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no])])
- AC_CHECK_DECLS([__progname])
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern char *__progname;]], [[__progname=(char*)0;]])],
- [AC_DEFINE(HAVE___PROGNAME, [1], [Whether __progname available])])
- AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern int __libc_enable_secure;]], [[__libc_enable_secure = 0;]])],
- [AC_DEFINE(HAVE___LIBC_ENABLE_SECURE, [1], [Whether __libc_enable_secure available])])
-fi
-
-AC_CHECK_LIB(intl, dgettext)
-
-# ------------------------------------------------------------------------------
-# PKCS#11 Directories
-
-AC_ARG_WITH([module-config],
- [AS_HELP_STRING([--with-module-config], [Module configuration files shipped by packages])],
- [module_config=$withval],
- [module_config='${pkgdatadir}/modules'])
-
-AC_ARG_WITH([system-config],
- [AS_HELP_STRING([--with-system-config], [Change PKCS#11 system config directory])],
- [system_config_dir=$withval],
- [system_config_dir=$sysconfdir/pkcs11])
-
-AC_ARG_WITH([user-config],
- [AS_HELP_STRING([--with-system-config], [Change PKCS#11 user config directory])],
- [user_config_dir=$withval],
- [user_config_dir="~/.config/pkcs11"])
-
-AC_ARG_WITH([module-path],
- [AS_HELP_STRING([--with-module-path], [Load modules with relative path names from here])],
- [module_path=$withval],
- [module_path=$libdir/pkcs11])
-
-# We expand these so we have concrete paths
-p11_system_config=$system_config_dir
-p11_system_config_file=$p11_system_config/pkcs11.conf
-p11_system_config_modules=$p11_system_config/modules
-p11_package_config_modules=$module_config
-p11_user_config=$user_config_dir
-p11_user_config_file="$p11_user_config/pkcs11.conf"
-p11_user_config_modules="$p11_user_config/modules"
-p11_module_path="$module_path"
-
-AC_SUBST(p11_system_config)
-AC_SUBST(p11_system_config_file)
-AC_SUBST(p11_system_config_modules)
-AC_SUBST(p11_package_config_modules)
-AC_SUBST(p11_user_config)
-AC_SUBST(p11_user_config_file)
-AC_SUBST(p11_user_config_modules)
-AC_SUBST(p11_module_path)
-
-# --------------------------------------------------------------------
-# libtasn1 support
-
-AC_ARG_WITH([libtasn1],
- AS_HELP_STRING([--without-libtasn1],
- [Disable dependency on libtasn1])
-)
-
-AS_IF([test "$with_libtasn1" != "no"], [
- PKG_CHECK_MODULES([LIBTASN1], [libtasn1 >= 2.3], [],
- [AC_MSG_ERROR([libtasn1 not found. Building without it results in significant loss of functionality. To proceed use --without-libtasn1])]
- )
- AC_SUBST(LIBTASN1_CFLAGS)
- AC_SUBST(LIBTASN1_LIBS)
- with_libtasn1="yes"
- AC_DEFINE_UNQUOTED(WITH_ASN1, 1, [Build with libtasn1 and certificate support])
-])
-
-AM_CONDITIONAL(WITH_ASN1, test "$with_libtasn1" = "yes")
-
-# --------------------------------------------------------------------
-# libffi
-
-AC_ARG_WITH([libffi],
- AS_HELP_STRING([--without-libffi],
- [Don't use libffi for building closures]))
-
-if test "$with_libffi" != "no"; then
- PKG_CHECK_MODULES(LIBFFI, [libffi >= 3.0.0])
- AC_DEFINE_UNQUOTED(WITH_FFI, 1, [Use libffi for building closures])
- AC_SUBST(LIBFFI_CFLAGS)
- AC_SUBST(LIBFFI_LIBS)
-
- SAVE_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS $LIBFFI_CFLAGS"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <ffi.h>],
- [ #if FFI_CLOSURES
- #else
- #error no closures
- #endif
- ])],
- [], [AC_MSG_ERROR([the libffi on this system has no support for closures.])])
- CFLAGS="$SAVE_CFLAGS"
-
- with_libffi="yes"
-fi
-
-AM_CONDITIONAL(WITH_FFI, test "$with_libffi" = "yes")
-
-# --------------------------------------------------------------------
-# Hash implementation
-
-AC_ARG_WITH([hash-impl],
- AS_HELP_STRING([--with-hash-impl=@<:@freebl/internal@:>@],
- [Choose the hash implementation to use])
-)
-
-AS_IF([test "$with_hash_impl" = ""], [with_hash_impl=internal])
-
-AS_CASE([$with_hash_impl],
- [freebl], [
- AC_CHECK_LIB(freebl3, NSSLOW_Init,
- [
- HASH_LIBS=-lfreebl3
- AC_DEFINE_UNQUOTED(WITH_FREEBL, 1, [Use freebl for hash implementation])
- ],
- AC_MSG_ERROR([could not find the freebl3 library])
- )
- ],
-
- [internal], [
- HASH_LIBS=
- ],
-
- [
- AC_MSG_ERROR([unsupported hash impl: $with_hash_impl])
- ]
-)
-
-AC_SUBST(HASH_LIBS)
-
-# --------------------------------------------------------------------
-# Trust Module
-
-AC_ARG_ENABLE([trust-module],
- AS_HELP_STRING([--disable-trust-module],
- [Disable building the trust module])
-)
-
-AC_MSG_CHECKING([if trust module is enabled])
-AS_IF([test "$with_libtasn1" != "yes"], [
- AS_IF([test "$enable_trust_module" = "yes"], [
- AC_MSG_ERROR([--with-libtasn1 is needed in order to build the trust module])
- ])
- AS_IF([test "$enable_trust_module" != "no"], [
- AC_MSG_WARN([--with-libtasn1 is needed in order to build the trust module, disabling])
- ])
- enable_trust_module="no"
-])
-
-AS_IF([test "$enable_trust_module" != "no"], [enable_trust_module="yes"])
-AM_CONDITIONAL(WITH_TRUST_MODULE, test "$enable_trust_module" = "yes")
-AC_MSG_RESULT([$enable_trust_module])
-
-AC_ARG_WITH([trust-paths],
- AS_HELP_STRING([--with-trust-paths=@<:@path@:>@]:
- [input paths for trust module])
-)
-
-AC_MSG_CHECKING([for trust module paths])
-
-# This option was disabled, no anchors
-if test "$with_trust_paths" = "no"; then
- with_trust_paths=""
- AC_MSG_RESULT([disabled])
-
-elif test "$enable_trust_module" != "yes"; then
- if test "$with_trust_paths" != ""; then
- AC_MSG_ERROR([need --enable-trust-module in order to specify trust module paths.])
- fi
- with_trust_paths=""
- AC_MSG_RESULT([disabled])
-
-# Option was not set, try to detect
-elif test "$with_trust_paths" = "" -o "$with_trust_paths" = "yes"; then
- with_trust_paths=""
- for f in /etc/pki/tls/certs/ca-bundle.crt \
- /etc/ssl/certs/ca-certificates.crt \
- /etc/ssl/ca-bundle.pem \
- /etc/ssl/ca-bundle.crt; do
- if test -f "$f"; then
- with_trust_paths="$f"
- break
- fi
- done
-
- if test "$with_trust_paths" = ""; then
- AC_MSG_ERROR([could not find. Use --with-trust-paths=/path to set, or --without-trust-paths to disable])
- fi
-
- AC_MSG_RESULT($with_trust_paths)
-
-else
- # Anchors explicitly set
- AC_MSG_RESULT($with_trust_paths)
-fi
-
-AC_DEFINE_UNQUOTED(TRUST_PATHS, ["$with_trust_paths"], [The trust module input paths])
-AC_SUBST(with_trust_paths)
-
-# --------------------------------------------------------------------
-# GTK Doc
-
-dnl check for tools
-AC_PATH_PROG([GTKDOC_CHECK],[gtkdoc-check])
-AC_PATH_PROGS([GTKDOC_REBASE],[gtkdoc-rebase],[true])
-AC_PATH_PROG([GTKDOC_MKPDF],[gtkdoc-mkpdf])
-AC_PATH_PROG([GTKDOC_SCAN],[gtkdoc-scan])
-AC_PATH_PROG([XSLTPROC], [xsltproc])
-
-dnl for overriding the documentation installation directory
-AC_ARG_WITH([html-dir],
- AS_HELP_STRING([--with-html-dir=PATH], [path to installed docs]),,
- [with_html_dir='${datadir}/gtk-doc/html'])
-HTML_DIR="$with_html_dir"
-AC_SUBST([HTML_DIR])
-
-dnl enable/disable documentation building
-AC_ARG_ENABLE([doc],
- AS_HELP_STRING([--enable-doc],
- [build documentation using gtk-doc [[default=no]]]),,
- [enable_doc=no])
-
-if test x$enable_doc = xyes; then
- if test -z "$GTKDOC_SCAN"; then
- AC_MSG_ERROR([gtk-doc not installed and --enable-doc requested])
- fi
- if test -z "$XSLTPROC"; then
- AC_MSG_ERROR([the xsltproc command was not found and --enable-doc requested])
- fi
- doc_status="yes (manual, reference)"
-else
- enable_doc=no
- doc_status="no (no manual or reference)"
-fi
-
-AC_MSG_CHECKING([whether to build documentation])
-AC_MSG_RESULT($enable_doc)
-
-dnl enable/disable output formats
-AC_ARG_ENABLE([doc-html],
- AS_HELP_STRING([--enable-doc-html],
- [build documentation in html format [[default=yes]]]),,
- [enable_doc_html=yes])
-AC_ARG_ENABLE([doc-pdf],
- AS_HELP_STRING([--enable-doc-pdf],
- [build documentation in pdf format [[default=no]]]),,
- [enable_doc_pdf=no])
-
-if test -z "$GTKDOC_MKPDF"; then
- enable_doc_pdf=no
-fi
-
-AM_CONDITIONAL(ENABLE_GTK_DOC, [test x$enable_doc = xyes])
-AM_CONDITIONAL(GTK_DOC_BUILD_HTML, [test x$enable_doc_html = xyes])
-AM_CONDITIONAL(GTK_DOC_BUILD_PDF, [test x$enable_doc_pdf = xyes])
-AM_CONDITIONAL(GTK_DOC_USE_LIBTOOL, [test -n "$LIBTOOL"])
-AM_CONDITIONAL(GTK_DOC_USE_REBASE, [test -n "$GTKDOC_REBASE"])
-
-# --------------------------------------------------------------------
-# Compilation and linking options
-
-AC_MSG_CHECKING([for debug mode])
-AC_ARG_ENABLE(debug,
- AC_HELP_STRING([--enable-debug=no/default/yes],
- [Turn on or off debugging]))
-
-if test "$enable_debug" != "no"; then
- AC_DEFINE_UNQUOTED(WITH_DEBUG, 1, [Print debug output])
- AC_DEFINE_UNQUOTED(_DEBUG, 1, [In debug mode])
- CFLAGS="$CFLAGS -g"
-fi
-
-if test "$enable_debug" = "yes"; then
- debug_status="yes (-g, -O0, debug output)"
- CFLAGS="$CFLAGS -O0"
-elif test "$enable_debug" = "no"; then
- debug_status="no (no debug output, NDEBUG)"
- AC_DEFINE_UNQUOTED(NDEBUG, 1, [Disable glib assertions])
-else
- debug_status="default (-g, debug output)"
-fi
-
-AC_MSG_RESULT($debug_status)
-
-AC_MSG_CHECKING(for more warnings)
-if test "$GCC" = "yes"; then
- CFLAGS="$CFLAGS \
- -Wall -Wstrict-prototypes -Wmissing-declarations \
- -Wmissing-prototypes -Wnested-externs -Wpointer-arith \
- -Wdeclaration-after-statement -Wformat=2 -Winit-self \
- -Waggregate-return -Wno-missing-format-attribute \
- -fno-strict-aliasing -fno-common"
-
- for option in -Wmissing-include-dirs -Wundef; do
- SAVE_CFLAGS="$CFLAGS"
- CFLAGS="$CFLAGS $option"
- AC_MSG_CHECKING([whether gcc understands $option])
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [])],
- [has_option=yes],
- [has_option=no])
- AC_MSG_RESULT($has_option)
- if test $has_option = no; then
- CFLAGS="$SAVE_CFLAGS"
- fi
- done
-else
- AC_MSG_RESULT(no)
-fi
-
-AC_ARG_ENABLE(strict,
- [AS_HELP_STRING([--enable-strict], [Strict code compilation])]
- )
-
-AC_MSG_CHECKING([build strict])
-
-if test "$enable_strict" = "yes"; then
- CFLAGS="$CFLAGS -Werror"
- AC_DEFINE_UNQUOTED(WITH_STRICT, 1, [More strict checks])
- strict_status="yes (-Werror, fatals)"
-else
- strict_status="no"
-fi
-
-AC_MSG_RESULT($strict_status)
-
-AC_MSG_CHECKING([whether to build with gcov testing])
-AC_ARG_ENABLE([coverage],
- [AS_HELP_STRING([--enable-coverage], [Whether to enable coverage testing ])],
- [],
- [enable_coverage=no])
-
-AC_MSG_RESULT([$enable_coverage])
-
-if test "$enable_coverage" = "yes"; then
- if test "$GCC" != "yes"; then
- AC_MSG_ERROR(Coverage testing requires GCC)
- fi
-
- AC_PATH_PROG(GCOV, gcov, no)
- if test "$GCOV" = "no" ; then
- AC_MSG_ERROR(gcov tool is not available)
- fi
-
- AC_PATH_PROG(LCOV, lcov, no)
- if test "$LCOV" = "no" ; then
- AC_MSG_ERROR(lcov tool is not installed)
- fi
-
- AC_PATH_PROG(GENHTML, genhtml, no)
- if test "$GENHTML" = "no" ; then
- AC_MSG_ERROR(lcov's genhtml tool is not installed)
- fi
-
- CFLAGS="$CFLAGS -O0 -g --coverage"
- LDFLAGS="$LDFLAGS --coverage"
-fi
-
-AM_CONDITIONAL([WITH_COVERAGE], [test "$enable_coverage" = "yes"])
-AC_SUBST(LCOV)
-AC_SUBST(GCOV)
-AC_SUBST(GENHTML)
-
-# ---------------------------------------------------------------------
-
-P11KIT_LT_RELEASE=$P11KIT_CURRENT:$P11KIT_REVISION:$P11KIT_AGE
-AC_SUBST(P11KIT_LT_RELEASE)
-
-echo $PACKAGE_VERSION | tr '.' ' ' | while read major minor unused; do
- AC_DEFINE_UNQUOTED(PACKAGE_MAJOR, $major, [Major version of package])
- AC_DEFINE_UNQUOTED(PACKAGE_MINOR, $minor, [Minor version of package])
- break
-done
-
-case "$host" in
-*-*-darwin*)
- # It seems like libtool lies about this see:
- # https://bugs.freedesktop.org/show_bug.cgi?id=57714
- SHLEXT='.so'
- ;;
-*)
- eval SHLEXT=$shrext_cmds
- ;;
-esac
-
-AC_DEFINE_UNQUOTED(SHLEXT, ["$SHLEXT"], [File extension for shared libraries])
-AC_SUBST(SHLEXT)
-
-privatedir='${libdir}/p11-kit'
-AC_SUBST(privatedir)
-
-AC_CONFIG_FILES([Makefile
- doc/Makefile
- doc/manual/Makefile
- po/Makefile.in
- p11-kit/p11-kit-1.pc
- p11-kit/pkcs11.conf.example
- trust/trust-extract-compat
- trust/test-extract
-])
-AC_OUTPUT
-
-# Format paths arguments which should wrap correctly in the output
-indent='\n '
-trust_status=$(echo "$with_trust_paths" | sed -e "s/:/$indent/g")
-
-AC_MSG_NOTICE([build options:
-
- Host: $host
- Debug build: $debug_status
- Strict build: $strict_status
- Build documentation: $doc_status
- System global config: $p11_system_config_file
- System module config directory: $p11_system_config_modules
- Package module config directory: $p11_package_config_modules
- User global config: $p11_user_config_file
- User module config directory: $p11_user_config_modules
- Load relative module paths from: $p11_module_path
-
- With libtasn1 dependency: $with_libtasn1
- With libffi: $with_libffi
- With hash implementation: $with_hash_impl
-
- Build trust module: $enable_trust_module
- Trust module paths: $trust_status
-
-])
diff --git a/doc/Makefile.am b/doc/Makefile.am
deleted file mode 100644
index de840c0..0000000
--- a/doc/Makefile.am
+++ /dev/null
@@ -1,6 +0,0 @@
-
-SUBDIRS = manual
-
-memcheck:
-
-leakcheck:
diff --git a/doc/internal/persist-format.txt b/doc/internal/persist-format.txt
deleted file mode 100644
index cb863be..0000000
--- a/doc/internal/persist-format.txt
+++ /dev/null
@@ -1,59 +0,0 @@
-These are some notes about the p11-kit persistence format
-
-The format is designed to be somewhat human readable and debuggable, and a bit
-transparent but it is also not encouraged to read/write this format from other
-applications or tools without first discussing this at the the mailing list:
-
-p11-glue@lists.freedesktop.org
-
-The format of the file reflects the PKCS#11 attributes exposed by p11-kit. The
-attributes have a one to one mapping with PKCS#11 attributes of similar names.
-No assumptions should be made that an attribute does what you think it does
-from the label.
-
-Each object in the file starts with the header '[p11-kit-object-v1]'. After that
-point there are names and valeus separated by colons. Whitespace surrounding
-the names and values is ignored.
-
-Boolean values are 'true' and 'false'. Unsigned long attributes are plain
-numbers. String/binary attributes are surrounded with quotes and percent
-encoded. Object id attributes are in their dotted form. Various PKCS#11
-constants are available.
-
-PEM blocks can be present within an object, and these contribute certain
-PKCS#11 attributes to the object. The attributes that come from PEM blocks
-never override those explicitly specified.
-
-A 'CERTIFICATE' type PEM block contributes the 'value', 'class',
-'certificate-type', 'subject', 'issuer' 'start-date', 'end-date', 'id',
-'certificate-category', 'check-value', 'serial-number', 'public-key-info'
-attributes with appropriate values.
-
-A 'PUBLIC KEY' type PEM block contributes the 'public-key-info' attribute
-with an appropriate value.
-
-Comments starting with a '#' and blank lines are ignored.
-
-Only rudimentary checks are done to make sure that the resulting attributes
-make sense. This may change in the future, and invalid files will be
-unceremoniously rejected. So again use the mailing list if there's a need
-to be writing these files at this point:
-
-p11-glue@lists.freedesktop.org
-
-Example file:
-
-[p11-kit-object-v1]
-class = certificate
-modifiable = true
-java-midp-security-domain = 0
-label = "My special label"
-id = "%01%02%03go"
-
------BEGIN CERTIFICATE-----
-MIIEXDCCA0SgAwIBAgIEOGO5ZjANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
-................................................................
-B/L/CNDi3tm/Kq+4h4YhPATKt5Rof8886ZjXOP/swNlQ8C5LWK5Gb9Auw2DaclVy
-vUxFnmG6v4SBkgPR0ml8xQ==
------END CERTIFICATE-----
-x-distrusted = true
diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am
deleted file mode 100644
index c161b19..0000000
--- a/doc/manual/Makefile.am
+++ /dev/null
@@ -1,169 +0,0 @@
-abs_top_builddir = @abs_top_builddir@
-
-NULL =
-
-# We require automake 1.6 at least.
-AUTOMAKE_OPTIONS = 1.6
-
-# The name of the module, e.g. 'glib'.
-DOC_MODULE=p11-kit
-
-# The top-level SGML file. You can change this if you want to.
-DOC_MAIN_SGML_FILE=$(DOC_MODULE)-docs.xml
-
-# The directory containing the source code. Relative to $(srcdir).
-# gtk-doc will search all .c & .h files beneath here for inline comments
-# documenting the functions and macros.
-# e.g. DOC_SOURCE_DIR=../../../gtk
-DOC_SOURCE_DIR=$(top_srcdir)/p11-kit
-
-# Extra options to pass to gtkdoc-scangobj. Not normally needed.
-SCANGOBJ_OPTIONS= --version
-
-# Extra options to supply to gtkdoc-scan.
-# e.g. SCAN_OPTIONS=--deprecated-guards="GTK_DISABLE_DEPRECATED"
-SCAN_OPTIONS= --rebuild-types --deprecated-guards="P11_KIT_DISABLE_DEPRECATED"
-
-# Extra options to supply to gtkdoc-mkdb.
-# e.g. MKDB_OPTIONS=--sgml-mode --output-format=xml
-MKDB_OPTIONS=--sgml-mode --output-format=xml
-
-# Extra options to supply to gtkdoc-mktmpl
-# e.g. MKTMPL_OPTIONS=--only-section-tmpl
-MKTMPL_OPTIONS=
-
-# MKHTML_OPTIONS=--path="$(builddir)/html $(srcdir)/html"
-
-# Extra options to supply to gtkdoc-fixref. Not normally needed.
-# e.g. FIXXREF_OPTIONS=--extra-dir=../gdk-pixbuf/html --extra-dir=../gdk/html
-FIXXREF_OPTIONS=
-
-# Used for dependencies. The docs will be rebuilt if any of these change.
-# e.g. HFILE_GLOB=$(top_srcdir)/gtk/*.h
-# e.g. CFILE_GLOB=$(top_srcdir)/gtk/*.c
-HFILE_GLOB=$(top_srcdir)/p11-kit/*.h
-CFILE_GLOB=$(top_srcdir)/p11-kit/*.c
-
-# Header files to ignore when scanning.
-# e.g. IGNORE_HFILES=gtkdebug.h gtkintl.h
-IGNORE_HFILES= \
- private.h \
- pkcs11.h \
- conf.h \
- debug.h \
- dict.h \
- log.h \
- mock.h \
- modules.h \
- pkcs11.h \
- pkcs11i.h \
- pkcs11x.h \
- private.h \
- proxy.h \
- rpc.h \
- rpc-message.h \
- util.h \
- virtual.h \
- array.h \
- compat.h \
- $(NULL)
-
-# Images to copy into HTML directory.
-# e.g. HTML_IMAGES=$(top_srcdir)/gtk/stock-icons/stock_about_24.png
-HTML_IMAGES=
-
-generate_files= \
- version.xml \
- userdir.xml \
- sysdir.xml \
- $(NULL)
-
-# Extra SGML files that are included by $(DOC_MAIN_SGML_FILE).
-# e.g. content_files=running.sgml building.sgml changes-2.0.sgml
-content_files=p11-kit-config.xml p11-kit-sharing.xml \
- p11-kit-devel.xml \
- p11-kit-proxy.xml \
- p11-kit-trust.xml \
- p11-kit.xml \
- pkcs11.conf.xml \
- trust.xml \
- annotation-glossary.xml \
- $(NULL)
-
-# SGML files where gtk-doc abbrevations (#GtkWidget) are expanded
-# These files must be listed here *and* in content_files
-# e.g. expand_content_files=running.sgml
-expand_content_files= $(generate_files)
-
-# CFLAGS and LDFLAGS for compiling gtkdoc-scangobj with your library.
-# Only needed if you are using gtkdoc-scangobj to dynamically query widget
-# signals and properties.
-# e.g. INCLUDES=-I$(top_srcdir) -I$(top_builddir) $(GTK_DEBUG_FLAGS)
-# e.g. GTKDOC_LIBS=$(top_builddir)/gtk/$(gtktargetlib)
-GTKDOC_LIBS=
-
-# Hacks around gtk-doc brokenness for out of tree builds
-$(builddir)/p11-kit-sections.txt: $(srcdir)/p11-kit-sections.txt
- cp $(srcdir)/p11-kit-sections.txt $(builddir)/p11-kit-sections.txt
-$(builddir)/p11-kit-overrides.txt: $(srcdir)/p11-kit-overrides.txt
- cp $(srcdir)/p11-kit-overrides.txt $(builddir)/p11-kit-overrides.txt
-
-# Generate our files with variables
-sysdir.xml:
- $(AM_V_GEN) echo -n '$(p11_system_config)' > "$@"
-userdir.xml:
- $(AM_V_GEN) echo -n '$(p11_user_config)' > "$@"
-version.xml:
- $(AM_V_GEN) echo -n '$(VERSION)' > "$@"
-
-# This includes the standard gtk-doc make rules, copied by gtkdocize.
-include $(top_srcdir)/build/gtk-doc.make
-
-if ENABLE_GTK_DOC
-man1_MANS = trust.1
-man8_MANS = p11-kit.8
-man5_MANS = pkcs11.conf.5
-
-XSLTPROC_FLAGS = \
- --nonet \
- --stringparam man.output.quietly 1 \
- --stringparam funcsynopsis.style ansi \
- --stringparam man.th.extra1.suppress 1 \
- --stringparam man.authors.section.enabled 0 \
- --stringparam man.copyright.section.enabled 0
-
-XSLTPROC_MAN = \
- $(XSLTPROC) $(XSLTPROC_FLAGS) --path $(builddir) \
- http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl
-
-trust.1: trust.xml $(generate_files)
- $(AM_V_GEN) $(XSLTPROC_MAN) $<
-pkcs11.conf.5: pkcs11.conf.xml $(generate_files)
- $(AM_V_GEN) $(XSLTPROC_MAN) $<
-p11-kit.8: p11-kit.xml $(generate_files)
- $(AM_V_GEN) $(XSLTPROC_MAN) $<
-
-else # ENABLE_GTK_DOC
-
-man1_MANS =
-man5_MANS =
-man8_MANS =
-
-endif # ENABLE_GTK_DOC
-
-MAN_IN_FILES = \
- $(man8_MANS:.8=.xml) \
- $(man5_MANS:.5=.xml) \
- $(man1_MANS:.1=.xml) \
- $(NULL)
-
-CLEANFILES += \
- $(generate_files) \
- $(man1_MANS) \
- $(man5_MANS) \
- $(man8_MANS) \
- $(NULL)
-
-EXTRA_DIST += \
- $(MAN_IN_FILES) \
- $(NULL)
diff --git a/doc/manual/annotation-glossary.xml b/doc/manual/annotation-glossary.xml
deleted file mode 100644
index 4a0f8a6..0000000
--- a/doc/manual/annotation-glossary.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE glossary PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
- "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<glossary id="annotation-glossary">
-<title>Annotation Glossary</title>
-<glossdiv><title>A</title>
- <glossentry>
- <glossterm><anchor id="annotation-glossterm-allow-none"/>allow-none</glossterm>
- <glossdef>
- <para>NULL is ok, both for passing and for returning.</para>
- </glossdef>
- </glossentry>
- <glossentry>
- <glossterm><anchor id="annotation-glossterm-array"/>array</glossterm>
- <glossdef>
- <para>Parameter points to an array of items.</para>
- </glossdef>
- </glossentry>
-</glossdiv>
-<glossdiv><title>E</title>
- <glossentry>
- <glossterm><anchor id="annotation-glossterm-element-type"/>element-type</glossterm>
- <glossdef>
- <para>Generics and defining elements of containers and arrays.</para>
- </glossdef>
- </glossentry>
-</glossdiv>
-<glossdiv><title>I</title>
- <glossentry>
- <glossterm><anchor id="annotation-glossterm-inout"/>inout</glossterm>
- <glossdef>
- <para>Parameter for input and for returning results. Default is <acronym>transfer full</acronym>.</para>
- </glossdef>
- </glossentry>
-</glossdiv>
-<glossdiv><title>O</title>
- <glossentry>
- <glossterm><anchor id="annotation-glossterm-out"/>out</glossterm>
- <glossdef>
- <para>Parameter for returning results. Default is <acronym>transfer full</acronym>.</para>
- </glossdef>
- </glossentry>
-</glossdiv>
-<glossdiv><title>T</title>
- <glossentry>
- <glossterm><anchor id="annotation-glossterm-transfer full"/>transfer full</glossterm>
- <glossdef>
- <para>Free data after the code is done.</para>
- </glossdef>
- </glossentry>
- <glossentry>
- <glossterm><anchor id="annotation-glossterm-type"/>type</glossterm>
- <glossdef>
- <para>Override the parsed C type with given type</para>
- </glossdef>
- </glossentry>
- <glossentry>
- <glossterm><anchor id="annotation-glossterm-transfer none"/>transfer none</glossterm>
- <glossdef>
- <para>Don't free data after the code is done.</para>
- </glossdef>
- </glossentry>
-</glossdiv>
-</glossary> \ No newline at end of file
diff --git a/doc/manual/docbook-params.xsl b/doc/manual/docbook-params.xsl
deleted file mode 100644
index 5d8591a..0000000
--- a/doc/manual/docbook-params.xsl
+++ /dev/null
@@ -1,39 +0,0 @@
-<?xml version="1.0"?>
-<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
-
-<!--
- Parameters for DocBook transformation.
-
- Copyright (C) 2009 Michael Leupold <lemma@confuego.org>
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
--->
-
- <xsl:import href="http://docbook.sourceforge.net/release/xsl/current/xhtml/chunk.xsl"/>
-
- <xsl:param name="toc.max.depth">3</xsl:param>
- <xsl:param name="generate.section.toc.level">0</xsl:param>
- <xsl:param name="generate.toc">
- book toc
- part nop
- chapter toc
- </xsl:param>
- <xsl:param name="html.stylesheet">style.css</xsl:param>
- <xsl:param name="funcsynopsis.style">ansi</xsl:param>
- <xsl:param name="funcsynopsis.decoration">1</xsl:param>
- <xsl:param name="refentry.generate.name">0</xsl:param>
- <xsl:param name="refentry.generate.title">1</xsl:param>
-
-</xsl:stylesheet>
diff --git a/doc/manual/p11-kit-config.xml b/doc/manual/p11-kit-config.xml
deleted file mode 100644
index c580445..0000000
--- a/doc/manual/p11-kit-config.xml
+++ /dev/null
@@ -1,98 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
-[
- <!ENTITY sysdir SYSTEM "sysdir.xml">
- <!ENTITY userdir SYSTEM "userdir.xml">
-]>
-
-<chapter xml:id="config">
- <title>PKCS#11 Configuration</title>
-
- <section id="config-introduction">
- <title>Consistent configuration</title>
-
- <para>In order for multiple applications on the user's desktop to use
- PKCS#11 modules in a consistent manner, there must be a configuration
- or registry to specify which modules to load and how to use them. The
- PKCS#11 specification does not specify such a configuration standard.
- </para>
-
- <para>Because of the multi-library module initialization problem, use of
- PKCS#11 modules must be coordinated within an application. p11-kit
- provides that coordination. Since coordination is required, it follows
- that p11-kit can also implement a consistent module configuration.
- </para>
- </section>
-
- <section id="config-example">
- <title>Example</title>
-
- <para>The following sections describe the config format in detail. But first
- an example which shows the various features. The configuration below, loads
- two modules called 'my-module' and 'nss'. The user settings override some
- aspects of the system settings.</para>
-
-<para>Global configuration file: <literal>&sysdir;/pkcs11.conf</literal></para>
-<programlisting>
-# This setting controls whether to load user configuration from the
-# &userdir; directory. Possible values:
-# none: No user configuration
-# merge: Merge the user config over the system configuration (default)
-# only: Only user configuration, ignore system configuration
-user-config: merge
-</programlisting>
-
-<para>One module configuration file per module: <literal>&sysdir;/modules/my-module</literal></para>
-<programlisting>
-# This setting controls the actual module library to load. This config file
-# might be installed by the package that installs this module library. This
-# is not an absolute path name. Relative path names are loaded from the
-# $(libdir)/pkcs11 directory by default.
-module: my-pkcs11-module.so
-
-# This controls whether the module is required to successfully initialize. If 'yes', then
-# a failure to load or initialize this module will result in a p11-kit system failure.
-critical: no
-</programlisting>
-
-<para>User configuration file: <literal>&userdir;/pkcs11.conf</literal></para>
-<programlisting>
-# This is an empty file. Files that do not exist are treated as empty.
-</programlisting>
-
-<para>User configuration file: <literal>&userdir;/modules/my-module</literal></para>
-<programlisting>
-# Merge with the settings in the system my-module config file. In this case
-# a developer has overridden to load a different module for my-module instead.
-module: /home/user/src/custom-module/my-module.so
-</programlisting>
-
-<para>User configuration file: <literal>&userdir;/modules/nss</literal></para>
-<programlisting>
-# Load the NSS libsoftokn.so.3 PKCS#11 library as a module. Note that we pass
-# some custom non-standard initialization arguments, as NSS expects.
-module: /usr/lib/libsoftokn3.so
-x-init-reserved: configdir='sql:/home/test/.pki/nssdb' certPrefix='' keyPrefix='' secmod='socmod.db'
-critical: yes
-</programlisting>
-
-
-</section>
-
-<section id="config-files">
- <title>Configuration Files</title>
-
- <para>A complete configuration consists of several files. These files are
- text files. Since <literal>p11-kit</literal> is built to be used in all
- sorts of environments and at very low levels of the software stack, we
- cannot make use of high level configuration APIs that you may find on a
- modern desktop.</para>
-
- <para><link linkend="pkcs11-conf">See the manual page</link> for more details
- on the format and available options.</para>
-
- <para>Note that user configuration files are not loaded from the home
- directory if running inside a setuid or setgid program.</para>
-</section>
-</chapter>
diff --git a/doc/manual/p11-kit-devel.xml b/doc/manual/p11-kit-devel.xml
deleted file mode 100644
index 2ce3f0c..0000000
--- a/doc/manual/p11-kit-devel.xml
+++ /dev/null
@@ -1,323 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<chapter xml:id="devel">
- <title>Building, Packaging, and Contributing to p11-kit</title>
-
- <section id="devel-links">
- <title>Helpful Resources</title>
-
- <para>Use the following to find more information about
- contributing to p11-kit beyond what's in this manual:</para>
-
- <itemizedlist>
- <listitem><para><ulink url="http://p11-glue.freedesktop.org/p11-kit.html">Website</ulink></para></listitem>
- <listitem><para><ulink url="mail:p11-glue@lists.freedesktop.org">Mailing list</ulink></para></listitem>
- <listitem><para><ulink url="https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&amp;component=p11-kit">Bugzilla</ulink></para></listitem>
- </itemizedlist>
- </section>
-
- <section id="devel-paths">
- <title>Packaging PKCS#11 module configs</title>
-
- <para>Developers or packagers of PKCS#11 modules need to install various
- files into specific locations so that p11-kit will recognize and load the
- module correctly.</para>
-
- <para>You should use <literal>pkg-config</literal> as described below
- to determine configuration paths. p11-kit installs a
- <literal>pkg-config</literal> file called <literal>p11-kit-1.pc</literal>.
- This file contains all the information about the various paths that p11-kit
- looks for files at.</para>
-
- <section id="devel-paths-config">
- <title>Path to place module configuration</title>
-
- <para>As described in the <link linkend="config-module">module configuration</link>
- documentation, each PKCS#11 module should install a config file describing
- that module. These config files should be installed to a specific directory which
- can be determined by running:</para>
-
- <programlisting>
-$ <command>pkg-config p11-kit-1 --variable p11_module_configs</command>
-/usr/share/p11-kit/modules</programlisting>
- </section>
-
- <section id="devel-paths-modules">
- <title>Default path for modules with relative paths</title>
-
- <para>If a <link linkend="config-module">module configuration</link>
- contains a relative path in its <literal>module:</literal> setting,
- then that module will be loaded from the default module path. This
- path can be determined by running:</para>
-
- <programlisting>
-$ <command>pkg-config p11-kit-1 --variable p11_module_path</command>
-/usr/lib64/pkcs11</programlisting>
- </section>
-
- </section>
-
- <section id="devel-commands">
- <title>Customizing installed commands</title>
-
- <para>The <literal>p11-kit</literal> tool provides a
- <literal>extract-trust</literal> command which extracts trust
- policy information such as certificate anchors and so on
- into files for use with libraries that cannot read this trust
- information directly.</para>
-
- <para>In order to be useful the <literal>extract-trust</literal>
- command needs to be customized per distribution or site. You can
- find this file in at <literal>tools/p11-kit-trust-extract.in</literal>
- in the p11-kit source code.</para>
-
- <para>The command is implemented as a simple script which
- performs the various <literal>p11-kit extract</literal> commands
- necessary to extract the information.</para>
-
- <para>Using this script as a standard way to extract this
- information allows for consistency between distributions and ease
- of system administration.</para>
- </section>
-
- <section id="devel-building">
- <title>Compiling p11-kit from Source</title>
- <para>This describes how to compiling the p11-kit package from
- source code. This is normally only necessary for those wishing to
- contribute to the project or package p11-kit.</para>
-
- <para>You can download
- <ulink url="http://p11-glue.freedesktop.org/releases/">tarballs
- of the releases</ulink> of p11-kit or
- <ulink url="http://cgit.freedesktop.org/p11-glue/p11-kit/">check
- out the source code from git</ulink>. This documentation will not
- go into all the details of how to get your development environment
- set up and instead focus on the what's unique to compiling p11-kit.</para>
-
- <section id="devel-building-unix">
- <title>Building on UNIX</title>
- <para>p11-kit uses the standard GNU build system, using autoconf for package
- configuration and resolving portability issues, automake for building makefiles
- that comply with the GNU Coding Standards, and libtool for building shared
- libraries on multiple platforms. The normal sequence for compiling and
- installing the p11-kit library is thus:</para>
-
-<programlisting>
-$ ./configure --prefix=/path/to/prefix ...
-$ make
-$ make install
-</programlisting>
-
- <para>If you've checked out the source code from git, then the
- <command>configure</command> script does not yet exist. So use
- the following instead:</para>
-
-<programlisting>
-$ ./autogen.sh --prefix=/path/to/prefix ...
-$ make
-$ make install
-</programlisting>
-
- <para>The standard options provided by GNU autoconf may be passed to the configure
- script. Please see the autoconf documentation or run <literal>./configure --help</literal>
- for information about the standard options. In particular you probably want to adjust
- the <literal>--prefix=/xxx</literal> argument depending on your system and development
- environment.</para>
- </section>
-
- <section id="devel-building-dependencies">
- <title>Optional Dependencies</title>
-
- <para>On a modern GNU Linux system, p11-kit has no required dependencies other
- than the standard C library. However on older UNIX systems, some of the following
- may be required.</para>
-
- <itemizedlist>
- <listitem><para><command>gettext</command> is required if your system doesn't
- have the <literal>gettext()</literal> functionality for handling message
- translation databases. This can be provided by the libintl library from
- the <ulink url="http://www.gnu.org/software/gettext">GNU gettext
- package</ulink>.</para></listitem>
- <listitem><para><command>pthread</command> is required if your (ancient) system
- doesn't have this included in the base system. How this is provided is platform
- specific.</para></listitem>
- </itemizedlist>
-
- <para>In addition p11-kit has several optional dependencies. If these are not available
- during the build, then certain features will be disabled.</para>
-
- <itemizedlist>
- <listitem><para><command>libffi</command> for sharing of PKCS#11 modules
- between multiple callers in the same process. It is highly recommended that
- this dependency be treated as a required dependency.</para></listitem>
- <listitem><para><command>gtk-doc</command> is required to build the reference
- manual. Use <literal>--enable-doc</literal> to control this
- dependency.</para></listitem>
- <listitem><para><command>xsltproc</command> is required to build the command
- manual pages. Use <literal>--enable-doc</literal> to control this
- dependency.</para></listitem>
- <listitem><para><command>libtasn1</command> is required to build the trust
- module and code that interacts with certificates.</para></listitem>
- <listitem><para><command>freebl3</command> (developed as part of the NSS
- code base) is an optional dependency that may be used to meet policy
- requirements of system builders. Enabling this dependency provides no other
- advantage.</para></listitem>
- </itemizedlist>
-
- </section>
-
- <section id="devel-building-configure">
- <title>Extra Configuration Options</title>
-
- <para>In addition to the normal options, the configure script in the p11-kit library
- supports these additional arguments:</para>
-
- <variablelist>
- <varlistentry>
- <term><option>--disable-trust-module</option></term>
- <listitem><para>Disables building of the trust policy module.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--disable-debug</option>, <option>--enable-debug</option></term>
- <listitem><para>By default p11-kit is built with debug symbols assertions and
- and precondition checks. Enabling the debug option configures even more
- detailed debug build, including disabling optimization. Disabling the debug
- option is not recommended, as it disables all assertions, preconditions and
- internal consistency checks, although it may result it a slightly faster
- library.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--enable-doc</option></term>
- <listitem><para>Enables building of the documentation and command line manual.
- The documentation is built in the <literal>doc/html/</literal> directory of
- the build. Requires the <literal>gtk-doc</literal> and <literal>xsltproc</literal>
- dependencies.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--enable-strict</option></term>
- <listitem><para>Enables strict checks during building of p11-kit. All
- compiler warnings become errors.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--with-hash-impl=freebl</option></term>
- <listitem><para>Instead of using internal hash code, link to the freebl3
- library and use its hash implementations. The only advantage this brings is to
- meet the policy requirements of system builders.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--with-libtasn1</option>, <option>--without-libtasn1</option></term>
- <listitem><para>Build with a dependency on the libtasn1 library. This dependency
- allows the trust policy module to be built as well as other code that interacts with
- certificates.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--with-module-path</option></term>
- <listitem><para>Specify the path to look for PKCS#11 modules which were
- listed in a module config file with a relative path.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--with-trust-paths</option></term>
- <listitem><para>Specify the files or directories to look for certificate
- anchors and blacklists. Multiple files and/or directories are specified with
- a <literal>:</literal> in between them. The first path has the highest
- priority when searching for certificates.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--with-system-config</option></term>
- <listitem><para>Specify the path to look for p11-kit config files. This
- usually defaults to something like <literal>/etc/pkcs11</literal></para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--with-user-config</option></term>
- <listitem><para>Specify the path to look for user specific p11-kit config files. If
- specify a path that begins with <literal>~/</literal> then this is expanded to the
- home directory of the user running p11-kit. If you specify a path that begins with
- <literal>~/.config/</literal> then this is expanded to the $XDG_CONFIG_HOME directory,
- as outlined in the
- <ulink url="http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html#variables">XDG Base Dir specification</ulink>.
- This option defaults to <literal>~/.pkcs11</literal></para></listitem>
- </varlistentry>
- </variablelist>
- <para></para>
- </section>
- </section>
-
- <section id="devel-building-style">
- <title>Coding Style</title>
-
- <para>We use a code style similar to the linux kernel. Use tabs
- to indent and spaces to align/wrap beyond the indentation level.</para>
-
- <para>We don't try to guarantee completely robust and problem free
- behavior in cases where the caller or system isn't behaving. We
- consider these to be outside of our control:</para>
-
- <itemizedlist>
- <listitem><para>Broken input from callers. We use preconditions
- to check input and immediately return. We don't try to provide
- error codes for all the various ways callers can screw
- around.</para></listitem>
-
- <listitem>
- <para>Out of memory. It is pretty much impossible to handle out
- of memory errors correctly. Handling them alongside other errors
- is naive and broken. We don't try to guarantee library state
- (such as locks or memory leaks) when memory allocation fails.</para>
- <para>We do check the results from all memory allocations, but
- treat them as unexpected conditions. As a nod to the behavior
- of callers of this library, we don't abort on memory allocation
- failures. We use preconditions with somewhat sane results.</para>
- <para>Exception: when reading files or allocating potentially
- unbounded amounts of memory, we should respond robustly to memory
- allocation failures.</para>
- </listitem>
- </itemizedlist>
-
- <para>These unexpected conditions indicate a bug either in p11-kit or
- in the system. All bets are off once this occurs.</para>
-
- <para>Use the <literal>return_val_xxx()</literal> precondition macros to
- check for unexpected conditions.</para>
- </section>
-
- <section id="devel-testing">
- <title>Testing and Code Coverage</title>
-
- <para>As a general rule changes to p11-kit should have a tests exercising
- that change. Use the <literal>make check</literal> command to run all
- the tests. If you run it from a subdirectory only the tests in that
- directory will be run.</para>
-
- <para>To check for memory errors or memory leaks, run <literal>make memcheck</literal>
- or <literal>make leakcheck</literal> respectively. This requires valgrind
- be installed.</para>
-
- <para>Build p11-kit with the <option>--enable-coverage</option> configure
- option to build code coverage support.</para>
-
- <para>Once you've done that you can either use <literal>make coverage</literal>
- to build code coverage information. Alternatively (and this is usually
- easier) you can use
- <ulink url="http://stef.thewalter.net/2012/12/git-coverage-useful-code-coverage.html">
- <literal>git coverage</literal></ulink> to easily check whether
- you've tested the lines changed by a patch.</para>
-
- <para>A code coverage report is
- <ulink url="http://p11-glue.freedesktop.org/build/coverage">available online</ulink></para>.
- </section>
-
- <section id="devel-debugging">
- <title>Debugging Tips</title>
-
- <para>Unexpected conditions will produce critical warnings by p11-kit.
- These are often failed internal preconditions, and usually indicate a
- bug either in p11-kit or the software calling it.</para>
-
- <para>You can use the environment variable <literal>P11_KIT_STRICT=yes</literal>
- to make p11-kit do an <literal>abort()</literal> (and core dump depending on
- your configuration) when a critical warning occurs.</para>
- </section>
-</chapter>
diff --git a/doc/manual/p11-kit-docs.xml b/doc/manual/p11-kit-docs.xml
deleted file mode 100644
index 77ff318..0000000
--- a/doc/manual/p11-kit-docs.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
-[
- <!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
- <!ENTITY version SYSTEM "version.xml">
-]>
-<book id="index">
- <bookinfo>
- <title>p11-kit</title>
- <releaseinfo>for p11-kit &version;</releaseinfo>
- </bookinfo>
-
- <xi:include href="p11-kit-config.xml"/>
- <xi:include href="p11-kit-sharing.xml"/>
- <xi:include href="p11-kit-proxy.xml"/>
- <xi:include href="p11-kit-trust.xml"/>
-
- <chapter xml:id="tools">
- <title>Manual Pages</title>
- <xi:include href="p11-kit.xml"/>
- <xi:include href="pkcs11.conf.xml"/>
- <xi:include href="trust.xml"/>
- </chapter>
-
- <chapter xml:id="reference">
- <title>API Reference</title>
- <xi:include href="xml/p11-kit.xml"/>
- <xi:include href="xml/p11-kit-uri.xml"/>
- <xi:include href="xml/p11-kit-pin.xml"/>
- <xi:include href="xml/p11-kit-util.xml"/>
- <xi:include href="xml/p11-kit-future.xml"/>
- <xi:include href="xml/p11-kit-deprecated.xml"/>
-
- <index id="api-index-full">
- <title>API Index</title>
- <xi:include href="xml/api-index-full.xml"><xi:fallback /></xi:include>
- </index>
-
- <xi:include href="annotation-glossary.xml"/>
- </chapter>
-
- <xi:include href="p11-kit-devel.xml"/>
-
-</book>
diff --git a/doc/manual/p11-kit-overrides.txt b/doc/manual/p11-kit-overrides.txt
deleted file mode 100644
index e69de29..0000000
--- a/doc/manual/p11-kit-overrides.txt
+++ /dev/null
diff --git a/doc/manual/p11-kit-proxy.xml b/doc/manual/p11-kit-proxy.xml
deleted file mode 100644
index 7cc3615..0000000
--- a/doc/manual/p11-kit-proxy.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN" "http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd" [
-]>
-<chapter xml:id="sharing">
- <title>Proxy Module</title>
-
- <para>When an application is aware of the fact that coordination
- is necessary between multiple consumers of a PKCS#11 module, and wants
- to load standard configured PKCS#11 modules, it can link to
- <literal>p11-kit</literal> and use the functions there to provide this
- functionality.</para>
-
- <para>However most current consumers of PKCS#11 are ignorant of
- this problem, and do not link to p11-kit. In order to solve this
- multiple initialization problem for all applications,
- <literal>p11-kit</literal> provides a proxy compatibility
- module.</para>
-
- <para>This proxy module acts like a normal PKCS#11 module, but
- internally loads a preconfigured set of PKCS#11 modules and
- manages their features as described earlier. Each slot in the configured modules
- is exposed as a slot of the <literal>p11-kit</literal> proxy module. The proxy
- module is then used as a normal PKCS#11 module would be. It can be loaded by
- crypto libraries like NSS and behaves as expected.</para>
-
- <para>The <literal>C_GetFunctionList</literal> exported entry point of the
- proxy module returns a new managed PKCS#11 module each time it is called. These
- managed instances are released when the proxy module is unloaded.</para>
-</chapter>
diff --git a/doc/manual/p11-kit-sections.txt b/doc/manual/p11-kit-sections.txt
deleted file mode 100644
index 85e226f..0000000
--- a/doc/manual/p11-kit-sections.txt
+++ /dev/null
@@ -1,136 +0,0 @@
-<SECTION>
-<FILE>p11-kit-uri</FILE>
-P11_KIT_URI_SCHEME
-P11_KIT_URI_SCHEME_LEN
-P11KitUriType
-P11KitUriResult
-P11KitUri
-p11_kit_uri
-p11_kit_uri_new
-p11_kit_uri_get_module_info
-p11_kit_uri_match_module_info
-p11_kit_uri_get_token_info
-p11_kit_uri_match_token_info
-p11_kit_uri_get_attributes
-p11_kit_uri_set_attributes
-p11_kit_uri_clear_attributes
-p11_kit_uri_match_attributes
-p11_kit_uri_get_attribute
-p11_kit_uri_set_attribute
-p11_kit_uri_clear_attribute
-p11_kit_uri_set_unrecognized
-p11_kit_uri_any_unrecognized
-p11_kit_uri_get_pin_source
-p11_kit_uri_set_pin_source
-p11_kit_uri_get_pinfile
-p11_kit_uri_set_pinfile
-p11_kit_uri_format
-p11_kit_uri_parse
-p11_kit_uri_free
-p11_kit_uri_message
-P11_KIT_URI_NO_MEMORY
-</SECTION>
-
-<SECTION>
-<FILE>p11-kit-pin</FILE>
-P11KitPin
-p11_kit_pin_new
-p11_kit_pin_new_for_buffer
-p11_kit_pin_new_for_string
-p11_kit_pin_get_value
-p11_kit_pin_get_length
-p11_kit_pin_ref
-p11_kit_pin_unref
-P11KitPinFlags
-P11_KIT_PIN_FALLBACK
-p11_kit_pin_register_callback
-p11_kit_pin_unregister_callback
-p11_kit_pin_callback
-p11_kit_pin_request
-p11_kit_pin_destroy_func
-p11_kit_pin_file_callback
-</SECTION>
-
-<SECTION>
-<FILE>p11-kit</FILE>
-P11_KIT_MODULE_CRITICAL
-P11_KIT_MODULE_UNMANAGED
-p11_kit_modules_load_and_initialize
-p11_kit_modules_finalize_and_release
-p11_kit_modules_load
-p11_kit_modules_initialize
-p11_kit_modules_finalize
-p11_kit_modules_release
-p11_kit_module_load
-p11_kit_module_initialize
-p11_kit_module_finalize
-p11_kit_module_release
-p11_kit_module_for_name
-p11_kit_module_get_name
-p11_kit_module_get_flags
-p11_kit_config_option
-</SECTION>
-
-<SECTION>
-<FILE>p11-kit-util</FILE>
-p11_kit_strerror
-p11_kit_message
-p11_kit_space_strdup
-p11_kit_space_strlen
-p11_kit_be_quiet
-p11_kit_be_loud
-<SUBSECTION Private>
-CK_FUNCTION_LIST_PTR
-CK_RV
-CK_ATTRIBUTE
-CK_ATTRIBUTE_PTR
-CK_ATTRIBUTE_TYPE
-CK_FLAGS
-CK_FUNCTION_LIST
-CK_INFO_PTR
-CK_TOKEN_INFO_PTR
-CK_ULONG
-p11_kit_uri_result_t
-p11_kit_uri_type_t
-</SECTION>
-
-<SECTION>
-<FILE>p11-kit-future</FILE>
-p11_kit_set_progname
-p11_kit_destroyer
-P11KitIter
-p11_kit_iter
-p11_kit_iter_new
-p11_kit_iter_set_uri
-p11_kit_iter_add_callback
-p11_kit_iter_add_filter
-p11_kit_iter_callback
-p11_kit_iter_begin
-p11_kit_iter_begin_with
-p11_kit_iter_next
-p11_kit_iter_get_module
-p11_kit_iter_get_slot
-p11_kit_iter_get_token
-p11_kit_iter_get_session
-p11_kit_iter_keep_session
-p11_kit_iter_get_object
-p11_kit_iter_load_attributes
-p11_kit_iter_destroy_object
-p11_kit_iter_free
-P11KitIterBehavior
-p11_kit_remote_serve_module
-</SECTION>
-
-<SECTION>
-<FILE>p11-kit-deprecated</FILE>
-p11_kit_initialize_registered
-p11_kit_finalize_registered
-p11_kit_registered_modules
-p11_kit_registered_module_to_name
-p11_kit_registered_name_to_module
-p11_kit_registered_option
-p11_kit_initialize_module
-p11_kit_load_initialize_module
-p11_kit_finalize_module
-P11_KIT_DEPRECATED_FOR
-</SECTION>
diff --git a/doc/manual/p11-kit-sharing.xml b/doc/manual/p11-kit-sharing.xml
deleted file mode 100644
index 0edf36e..0000000
--- a/doc/manual/p11-kit-sharing.xml
+++ /dev/null
@@ -1,110 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<chapter xml:id="sharing">
- <title>Sharing PKCS#11 modules</title>
-
- <section xml:id="sharing-problem">
- <title>Multiple consumers of PKCS#11 in a process</title>
-
- <para>As more and more applications and libraries use PKCS#11 we run
- into a very basic problem. The PKCS#11 modules cannot be initialized and
- finalized properly without coordination between the various consumers.
- </para>
-
- <para>An example: An application might use GnuTLS for
- TLS connections, and use libgcr for display of certificates. Both of
- these want to load (and initialize) the same PKCS#11 modules. There are
- many places where this situation occurs, including large applications
- like Evolution which due to their dependencies end up using both NSS and
- GnuTLS.</para>
-
- <para>Consumer A loads a PKCS#11 module and uses the module's
- C_Initialize function to initialize it, which works as expected.
- When consumer B initializes the module (also using C_Initialize),
- the error code <literal>CKR_CRYPTOKI_ALREADY_INITIALIZED</literal>
- is correctly returned. This is normal PKCS#11 specification
- defined behavior for when a module is initialized twice in the
- same process. If consumer B is aware of this situation they may
- choose to ignore this error code.</para>
-
- <para>However when the consumer A is done with its use of the
- PKCS#11 module it finalizes the module using the module's
- C_Finalize function. This is expected of a well behaved PKCS#11
- consumer. This then causes errors and/or crashes for consumer B,
- which cannot know that the module has now been finalized out
- from underneath it.</para>
-
- <para>It is necessary for the two consumers to coordinate their
- initialization and finalization in some fashion. In
- <literal>p11-kit</literal> we provide this coordination in a
- loosely coupled, backwards compatible, and flexible way.</para>
- </section>
-
- <section xml:id="sharing-managed">
- <title>Managed modules</title>
-
- <para><literal>p11-kit</literal> wraps PKCS#11 modules to manage
- them and customize their functionality so that they are able
- to be shared between multiple callers in the same process.</para>
-
- <para>Each caller that uses the
- <link linkend="p11-kit-modules-load"><function>p11_kit_modules_load()</function></link>
- or <link linkend="p11-kit-module-load"><function>p11_kit_module_load()</function></link>
- function gets independent wrapped PKCS#11 module(s). This is unless a caller
- or module configuration specifies that a module should be used in an
- unmanaged fashion.</para>
-
- <para>When modules are managed, the following aspects are wrapped and
- coordinated:</para>
-
- <itemizedlist>
- <listitem>
- <para>Calls to <literal>C_Initialize</literal> and
- <literal>C_Finalize</literal> can be called by multiple
- callers.</para>
-
- <para>The first time that the managed module
- <literal>C_Initialize</literal> is called, the PKCS#11 module's actual
- <literal>C_Initialize</literal> function is called. Subsequent calls by
- other callers will cause <literal>p11-kit</literal> to increment an
- internal initialization count, rather than calling
- <literal>C_Initialize</literal> again.</para>
-
- <para>Multiple callers can call the managed
- <literal>C_Initialize</literal> function concurrently from different
- threads and <literal>p11-kit</literal> will guarantee that this managed
- in a thread-safe manner.</para>
- </listitem>
- <listitem>
- <para>When the managed module <literal>C_Finalize</literal> is used
- to finalize a module, each time it is called it decrements the internal
- initialization count for that module. When the internal initialization
- count reaches zero, the module's actual <literal>C_Finalize</literal>
- function is called.</para>
-
- <para>Multiple callers can call the managed <literal>C_Finalize</literal>
- function concurrently from different threads and <literal>p11-kit</literal>
- will guarantee that this managed in a thread-safe manner.</para>
- </listitem>
- <listitem>
- <para>Call to <literal>C_CloseAllSessions</literal> only close the
- sessions that the caller of the managed module has opened. This allows the
- <literal>C_CloseAllSessions</literal> function to be used without closing
- sessions for other callers of the same PKCS#11 module.</para>
- </listitem>
- <listitem>
- <para>Managed modules have ability to log PKCS#11 method calls for debugging
- purposes. See the <link linkend="option-log-calls"><literal>log-calls = yes</literal></link>
- module configuration option.</para>
- </listitem>
- <listitem>
- <para>Managed modules have the ability to be remoted to another machine or
- isolated in their own process.
- See the <link linkend="option-remote"><literal>remote = ...</literal></link>
- module configuration option.</para>
- </listitem>
- </itemizedlist>
- </section>
-</chapter>
diff --git a/doc/manual/p11-kit-trust.xml b/doc/manual/p11-kit-trust.xml
deleted file mode 100644
index dde614c..0000000
--- a/doc/manual/p11-kit-trust.xml
+++ /dev/null
@@ -1,128 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
-[
- <!ENTITY sysdir SYSTEM "sysdir.xml">
- <!ENTITY userdir SYSTEM "userdir.xml">
-]>
-
-<chapter xml:id="trust-module">
-<title>Trust Policy Module</title>
-
- <para>The trust module provides system certificate anchors, blacklists
- and other trust policy to crypto libraries applications. This
- information is exposed as PKCS#11 objects.</para>
-
- <para>You can use the <link linkend="trust">trust</link> command line
- tool to examine and modify the trust policy store.</para>
-
-<section id="trust-files">
- <title>Paths loaded by the Module</title>
-
- <para>The trust module loads certificates and trust policy information
- from preconfigured paths and allows them to be looked up via PKCS#11.
- The input paths can be determined with using the following command:</para>
-
-<programlisting>
-$ pkg-config --variable p11_trust_paths p11-kit-1
-/usr/share/p11-kit/trust:/etc/pki/trust
-</programlisting>
-
- <para>Files in the following formats are supported for loading by the
- trust policy module:</para>
-
- <variablelist>
- <varlistentry>
- <term>X.509 certificates</term>
- <listitem><para>X.509 certificates in raw DER format. Does not
- automatically contain trust policy information.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term>PEM certificates</term>
- <listitem><para>X.509 certificates in PEM format. These have a
- <literal>BEGIN CERTIFICATE</literal> header. This file does not
- automatically contain trust policy information.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term>OpenSSL trust certificates</term>
- <listitem><para>OpenSSL specific certificates in PEM format
- that contain trust information. These have a
- <literal>BEGIN TRUSTED CERTIFICATE</literal> PEM header. Both
- trust anchor and blacklist information can be loaded
- from these files.</para></listitem>
- </varlistentry>
- </variablelist>
-
- <para>If the input path is a file, then it is loaded. Certificate(s) in the
- file are automatically treated as anchors, unless they contain alternate
- trust policy information.</para>
-
- <para>If the input path is a directory, files inside that directory are
- parsed and loaded. If the file contains trust policy information (such as the
- OpenSSL trust certificates) then it will be respected. Files without trust policy
- information are not automatically marked as an anchor or blacklisted.</para>
-
- <para>In addition two optional subdirectories of the input path are loaded. Files
- placed in the <literal>anchors/</literal> subdirectory become trust anchors
- when they do not contain trust policy information. Files placed in the
- <literal>blacklist/</literal> subdirectory are blacklisted whether they
- contain trust information or not.</para>
-
- <para>The first input path becomes the first PKCS#11 token of the trust
- module, and has the highest priority when callers search for trust
- policy information.</para>
-</section>
-
-<section id="trust-nss">
- <title>Using the Trust Policy Module with NSS</title>
-
- <para>The trust policy module is a drop in replacement for the
- <literal>libnssckbi.so</literal> module and thus works out of
- the box with NSS. The trust policy module provides NSS style
- PKCS#11 trust objects for NSS to retrieve.</para>
-
- <para>The module may be used to replace the
- <literal>libnssckbi.so</literal> file via an distribution
- specific alternatives mechanism or otherwise.</para>
-
- <para>Alternatively NSS applications like Firefox or Thunderbird
- may be configured to use the trust policy module by adding
- the <literal>p11-kit-trust.so</literal> PKCS#11 module via their
- GUI or command line configuration.</para>
-</section>
-
-<section id="trust-glib-networking">
- <title>Using the Trust Policy Module with glib-networking</title>
-
- <para>The trust policy module can be used as a source of trust
- information for glib-networking's <literal>gnutls-pkcs11</literal> backend.
- The module provides PKCS#11 trust assertion objects as expected.</para>
-
- <para>The module should work by default if the <literal>gnutls-pkcs11</literal>
- backend is selected as the glib-networking TLS backend.</para>
-</section>
-
-<section id="trust-disable">
- <title>Disabling the Trust Policy Module</title>
-
- <para>This module is installed and enabled by default. It may
- be disabled in the following ways:</para>
-
- <itemizedlist>
- <listitem><para>Use the <option>--disable-trust-module</option>
- during the <link linkend="devel-building-configure">p11-kit
- build</link>.</para></listitem>
- <listitem><para>Disable loading trust policy information
- from this module by adding a file to <literal>&sysdir;/modules</literal>
- called <literal>p11-kit-trust.module</literal> containing a
- <literal>trust-policy: no</literal> line.</para></listitem>
-
- <listitem><para>Disable this module completely by
- adding a file to <literal>&sysdir;/modules</literal>
- called <literal>p11-kit-trust.module</literal> containing a
- <literal>enable-in:</literal> line (without a value).</para></listitem>
- </itemizedlist>
-
-</section>
-
-</chapter>
diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml
deleted file mode 100644
index be3f982..0000000
--- a/doc/manual/p11-kit.xml
+++ /dev/null
@@ -1,131 +0,0 @@
-<?xml version='1.0'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="p11-kit">
-
-<refentryinfo>
- <title>p11-kit</title>
- <productname>p11-kit</productname>
- <authorgroup>
- <author>
- <contrib>Maintainer</contrib>
- <firstname>Stef</firstname>
- <surname>Walter</surname>
- <email>stef@thewalter.net</email>
- </author>
- </authorgroup>
-</refentryinfo>
-
-<refmeta>
- <refentrytitle>p11-kit</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="manual">System Commands</refmiscinfo>
-</refmeta>
-
-<refnamediv>
- <refname>p11-kit</refname>
- <refpurpose>Tool for operating on configured PKCS#11 modules</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <cmdsynopsis>
- <command>p11-kit list-modules</command>
- </cmdsynopsis>
- <cmdsynopsis>
- <command>p11-kit extract</command> ...
- </cmdsynopsis>
-</refsynopsisdiv>
-
-<refsect1 id="p11-kit-description">
- <title>Description</title>
- <para><command>p11-kit</command> is a command line tool that
- can be used to perform operations on PKCS#11 modules configured on the
- system.</para>
-
- <para>See the various sub commands below. The following global options
- can be used:</para>
-
- <variablelist>
- <varlistentry>
- <term><option>-v, --verbose</option></term>
- <listitem><para>Run in verbose mode with debug
- output.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>-q, --quiet</option></term>
- <listitem><para>Run in quiet mode without warning or
- failure messages.</para></listitem>
- </varlistentry>
- </variablelist>
-
-</refsect1>
-
-<refsect1 id="p11-kit-list-modules">
- <title>List Modules</title>
-
- <para>List system configured PKCS#11 modules.</para>
-
-<programlisting>
-$ p11-kit list-modules
-</programlisting>
-
- <para>The modules, information about them and the tokens present in
- the PKCS#11 modules will be displayed.</para>
-
-</refsect1>
-
-<refsect1 id="p11-kit-extract">
- <title>Extract</title>
-
- <para>Extract certificates from configured PKCS#11 modules.</para>
-
- <para>See <member><citerefentry><refentrytitle>trust</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
- for more information</para>
-</refsect1>
-
-<refsect1 id="p11-kit-extract-trust">
- <title>Extract Trust</title>
-
- <para>Extract standard trust information files.</para>
-
- <para>See <citerefentry><refentrytitle>trust</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- for more information</para>
-</refsect1>
-
-<refsect1 id="p11-kit-remote">
- <title>Remote</title>
-
- <para>Run a PKCS#11 module remotely.</para>
-
-<programlisting>
-$ p11-kit remote /path/to/pkcs11-module.so
-</programlisting>
-
- <para>This is not meant to be run directly from a terminal. But rather in a
- <option>remote</option> option in a
- <citerefentry><refentrytitle>pkcs11.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- file.</para>
-</refsect1>
-
-<refsect1 id="p11-kit-bugs">
- <title>Bugs</title>
- <para>
- Please send bug reports to either the distribution bug tracker
- or the upstream bug tracker at
- <ulink url="https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&amp;component=p11-kit">https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&amp;component=p11-kit</ulink>.
- </para>
-</refsect1>
-
-<refsect1 id="p11-kit-see-also">
- <title>See also</title>
- <simplelist type="inline">
- <member><citerefentry><refentrytitle>pkcs11.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
- </simplelist>
- <para>
- Further details available in the p11-kit online documentation at
- <ulink url="http://p11-glue.freedesktop.org/doc/p11-kit/">http://p11-glue.freedesktop.org/doc/p11-kit/</ulink>.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml
deleted file mode 100644
index ffd89a5..0000000
--- a/doc/manual/pkcs11.conf.xml
+++ /dev/null
@@ -1,281 +0,0 @@
-<?xml version='1.0'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
-[
- <!ENTITY sysdir SYSTEM "sysdir.xml">
- <!ENTITY userdir SYSTEM "userdir.xml">
-]>
-
-<refentry id="pkcs11-conf">
-
-<refentryinfo>
- <title>pkcs11.conf</title>
- <productname>p11-kit</productname>
- <authorgroup>
- <author>
- <contrib>Maintainer</contrib>
- <firstname>Stef</firstname>
- <surname>Walter</surname>
- <email>stef@thewalter.net</email>
- </author>
- </authorgroup>
-</refentryinfo>
-
-<refmeta>
- <refentrytitle>pkcs11.conf</refentrytitle>
- <manvolnum>5</manvolnum>
- <refmiscinfo class="manual">System Files</refmiscinfo>
-</refmeta>
-
-<refnamediv>
- <refname>pkcs11.conf</refname>
- <refpurpose>Configuration files for PKCS#11 modules</refpurpose>
-</refnamediv>
-
-<refsect1 id="pkcs11-conf-description">
- <title>Description</title>
- <para>The <command>pkcs11.conf</command> configuration files are a standard
- way to configure PKCS#11 modules.</para>
-</refsect1>
-
-<refsect1 id="config-format">
- <title>File format</title>
- <para>A complete configuration consists of several files. These files are
- text files. Since <literal>p11-kit</literal> is built to be used in all
- sorts of environments and at very low levels of the software stack, we
- cannot make use of high level configuration APIs that you may find on a
- modern desktop.</para>
-
- <para>Each setting in the config file is specified consists of a name and
- a value. The name is a simple string consisting of characters and dashes.
- The name consists of alpha numeric characters, dot, hyphen and
- underscore.</para>
-
- <para>The value is specified after the name on the same line, separated
- from it by a <literal>:</literal> (colon). White space between the
- name and value is ignored.</para>
-
- <para>Blank lines are ignored. White space at the beginning or end of
- lines is stripped. Lines that begin with a <literal>#</literal> character
- are ignored as comments. Comments are not recognized when they come after
- a value on a line.</para>
-
- <para>A fictitious module configuration file might look like:</para>
-<programlisting>
-module: module.so
-# Here is a comment
-
-managed: true
-setting.2: A long value with text.
-x-custom : text
-</programlisting>
-</refsect1>
-
-<refsect1 id="config-module">
- <title>Module Configuration</title>
-
- <para>Each configured PKCS#11 module has its own config file. These files
- can be <link linkend="config-locations">placed in various locations</link>.</para>
- <para>The filename of the configuration file may consist of upper and lowercase letters
- underscore, comma, dash and dots. The first characters needs to be an alphanumeric,
- the filename should end with a <literal>.module</literal> extension.</para>
- <para>Most importantly each config file specifies the path of the PKCS#11 module to
- load. A module config file has the following fields:</para>
-
- <variablelist>
- <varlistentry>
- <term><option>module:</option></term>
- <listitem>
- <para>The filename of the PKCS#11 module to load.
- This should include an extension like <literal>.so</literal></para>
- <para>If this value is blank, then the module will be ignored.
- This can be used in the user configs to override loading of a module
- specified in the system configuration.</para>
-
- <para>If this is a relative path, then the module will be loaded
- from the <link linkend="devel-paths-modules">default module directory</link>.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>critical:</option></term>
- <listitem>
- <para>Set to <literal>yes</literal> if the module is critical and
- required to load. If a critical module fails to load or initialize,
- then the loading process for all registered modules will abort and
- return an error code.</para>
-
- <para>This argument is optional and defaults to <literal>no</literal>.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>enable-in:</option></term>
- <listitem>
- <para>A comma and/or space separated list of names of programs that
- this module should only be loaded in. The module will not be loaded
- for other programs using p11-kit. The base name of the process executable
- should be used here, for example
- <literal>seahorse, ssh</literal>.</para>
- <para>This is not a security feature. The argument is optional. If
- not present, then any process will load the module.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>disable-in:</option></term>
- <listitem>
- <para>A comma and/or space separated list of names of programs that
- this module should not be loaded in. The module will be loaded for any
- other programs using p11-kit. The base name of the process
- executable should be used here, for example
- <literal>firefox, thunderbird-bin</literal>.</para>
- <para>This is not a security feature. The argument is optional. If
- not present, then any process will load the module.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>managed:</option></term>
- <listitem>
- <para>Set to <literal>no</literal> if the module is not to be managed by
- p11-kit. Making a module unmanaged is not recommended, and will cause
- problems if multiple callers in a single process share a PKCS#11 module.</para>
-
- <para>This argument is optional and defaults to <literal>yes</literal>.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>priority:</option></term>
- <listitem>
- <para>The value should be an integer. When lists of modules are
- returned to a caller of p11-kit, modules with a higher number are sorted
- first. When applications search modules for certificates, keys and
- trust policy information, this setting will affect what find
- first.</para>
- <para>This argument is optional, and defaults to zero. Modules
- with the same <option>priority</option> option will be sorted
- alphabetically.</para>
- </listitem>
- </varlistentry>
- <varlistentry id="option-remote">
- <term><option>remote:</option></term>
- <listitem>
- <para>Instead of loading the PKCS#11 module locally, run the module
- remotely.</para>
- <para>Specify a command to run, prefixed with <literal>|</literal> a pipe.
- The command must speak the p11-kit remoting protocol on its standard in
- and standard out. For example:</para>
-<programlisting>
-remote: |ssh user@remote p11-kit remote /path/to/module.so
-</programlisting>
- <para>Other forms of remoting will appear in later p11-kit releases.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>trust-policy:</option></term>
- <listitem>
- <para>Set to <literal>yes</literal> to use use this module as a source
- of trust policy information such as certificate anchors and black lists.</para>
- </listitem>
- </varlistentry>
- <varlistentry id="option-log-calls">
- <term>log-calls:</term>
- <listitem>
- <para>Set to <literal>yes</literal> to write a log to stderr of all the
- calls into the module. This is only supported for managed modules.</para>
-
- <para>This argument is optional and defaults to <literal>no</literal>.</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- <para>Do not specify both <literal>enable-in</literal> and <literal>disable-in</literal>
- for the same module.</para>
-
- <para>Other fields may be present, but it is recommended that field names
- that are not specified in this document start with a <literal>x-</literal>
- prefix.</para>
-</refsect1>
-
-<refsect1 id="config-global">
- <title>Global Configuration</title>
-
- <para>A global configuration may also be present. This file contains settings
- that are not related to a single PKCS#11 module. The location(s) of the
- global configuration are described below. The global configuration file
- can contain the following fields:</para>
-
- <variablelist>
- <varlistentry>
- <term><option>user-config:</option></term>
- <listitem><para>This will be equal to one of the following values:
- <literal>none</literal>, <literal>merge</literal>,
- <literal>only</literal>.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>managed:</option></term>
- <listitem>
- <para>Set to <literal>yes</literal> or <literal>no</literal> to
- force all modules to be managed or unmanaged by p11-kit. Setting this
- setting in a global configuration file will override the
- <literal>managed</literal> setting in the individual module configuration
- files. Making modules unmanaged is not recommended, and will cause
- problems if multiple callers in a single process share a PKCS#11
- module.</para>
-
- <para>This argument is optional.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>log-calls:</term>
- <listitem>
- <para>Set to <literal>yes</literal> to write a log to stderr of all the
- calls into all configured modules. This is only supported for managed
- modules.</para>
-
- <para>This argument is optional.</para>
- </listitem>
- </varlistentry>
- </variablelist>
-
- <para>Other fields may be present, but it is recommended that field names
- that are not specified in this document start with a <literal>x-</literal>
- prefix.</para>
-</refsect1>
-
-<refsect1 id="config-locations">
- <title>Configuration Files</title>
-
- <para>Each configured PKCS#11 module has its own config file. These
- files are placed in a directory. In addition a global config file exists.
- There is a system configuration consisting of the various module config
- files and a file for global configuration. Optionally each user can provide
- additional configuration or override the system configuration.</para>
-
- <para>The system global configuration file is usually in
- <literal>&sysdir;/pkcs11.conf</literal> and the user global
- configuration file is in <literal>&userdir;/pkcs11.conf</literal> in the
- user's home directory.</para>
-
- <para>The module config files are usually located in the
- <literal>&sysdir;/modules</literal> directory, with one configuration
- file per module. In addition the <literal>&userdir;/modules</literal> directory
- can be used for modules installed by the user.</para>
-
- <para>Note that user configuration files are not loaded from the home
- directory if running inside a setuid or setgid program.</para>
-
- <para>The default system config file and module directory can be changed
- when building p11-kit. Always
- <link linkend="devel-paths">lookup these paths</link> using
- <literal>pkg-config</literal>.</para>
-</refsect1>
-
-<refsect1 id="pkcs11-conf-see-also">
- <title>See also</title>
- <simplelist type="inline">
- <member><citerefentry><refentrytitle>p11-kit</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
- </simplelist>
- <para>Further details available in the p11-kit online documentation at
- <ulink url="http://p11-glue.freedesktop.org/doc/p11-kit/">http://p11-glue.freedesktop.org/doc/p11-kit/</ulink>.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/doc/manual/style.css b/doc/manual/style.css
deleted file mode 100644
index 3d0f951..0000000
--- a/doc/manual/style.css
+++ /dev/null
@@ -1,116 +0,0 @@
-@import url("gtk-doc.css");
-
-TABLE.navigation {
- background-color: #f9b631 !important;
- border-width: 0 !important;
- color: white;
- font-family: Georgia, "Times New Roman", Times, serif;
- height: 4em !important;
-}
-
-TABLE.navigation TH {
- font-size: 30pt !important;
- font-weight: normal;
- text-align: left !important;
- padding-left: 10pt;
-}
-
-TABLE.navigation TH:first-child {
- padding-left: 40pt;
-}
-
-.shortcuts {
- color: white !important;
-}
-
-.shortcuts a {
- color: white !important;
- font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;
-}
-
-P.title {
- font-size: 30pt !important;
-}
-
-BODY {
- padding-top: 5.5em !important;
-}
-
-DIV.book,
-DIV.refentry,
-DIV.chapter,
-DIV.index,
-DIV.footer,
-DIV.section {
- font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif;
- font-size: 9.5pt;
- line-height: 150%;
-}
-
-BODY > DIV.book,
-BODY > DIV.footer {
- margin-left: 1em;
- margin-right: 1em;
-}
-
-BODY > DIV.refentry,
-BODY > DIV.chapter,
-BODY > DIV.index,
-BODY > DIV.section {
- margin-left: 3em;
- margin-right: 1em;
-}
-
-DIV.variablelist TABLE {
- font-size: 9.5pt;
- line-height: 150%;
-}
-
-DIV.refsect1,
-DIV.refsect2,
-DIV.refsynopsisdiv {
- margin-bottom: 3em !important;
-}
-
-H1 {
- position: relative;
- left: -1em;
- font-weight: normal !important;
-}
-
-H2 {
- position: relative;
- left: -1em;
- font-weight: normal !important;
-}
-
-H3 {
- position: relative;
- left: -1em;
- font-weight: normal !important;
-}
-
-CODE.option {
- white-space: nowrap;
-}
-
-DIV.toc DL {
- margin-top: 0;
- margin-bottom: 0;
-}
-
-DIV.book > DIV.toc > DL > DT {
- margin-top: 1em;
-}
-
-DIV.toc DT {
- margin-bottom: 0.3em;
-}
-
-TABLE.variablelist SPAN.term {
- padding-right: 1em;
-}
-
-DIV.cmdsynopsis {
- font-family: monospace;
-}
diff --git a/doc/manual/trust.xml b/doc/manual/trust.xml
deleted file mode 100644
index 05f2726..0000000
--- a/doc/manual/trust.xml
+++ /dev/null
@@ -1,372 +0,0 @@
-<?xml version='1.0'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="trust">
-
-<refentryinfo>
- <title>trust</title>
- <productname>p11-kit</productname>
- <authorgroup>
- <author>
- <contrib>Maintainer</contrib>
- <firstname>Stef</firstname>
- <surname>Walter</surname>
- <email>stef@thewalter.net</email>
- </author>
- </authorgroup>
-</refentryinfo>
-
-<refmeta>
- <refentrytitle>trust</refentrytitle>
- <manvolnum>1</manvolnum>
- <refmiscinfo class="manual">User Commands</refmiscinfo>
-</refmeta>
-
-<refnamediv>
- <refname>trust</refname>
- <refpurpose>Tool for operating on the trust policy store</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <cmdsynopsis>
- <command>trust list</command>
- </cmdsynopsis>
- <cmdsynopsis>
- <command>trust extract</command> <arg choice="plain">--filter=&lt;what&gt;</arg>
- <arg choice="plain">--format=&lt;type&gt;</arg> /path/to/destination
- </cmdsynopsis>
- <cmdsynopsis>
- <command>trust anchor</command> /path/to/certificate.crt
- </cmdsynopsis>
-</refsynopsisdiv>
-
-<refsect1 id="trust-description">
- <title>Description</title>
- <para><command>trust</command> is a command line tool to examine and
- modify the shared trust policy store.</para>
-
- <para>See the various sub commands below. The following global options
- can be used:</para>
-
- <variablelist>
- <varlistentry>
- <term><option>-v, --verbose</option></term>
- <listitem><para>Run in verbose mode with debug
- output.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>-q, --quiet</option></term>
- <listitem><para>Run in quiet mode without warning or
- failure messages.</para></listitem>
- </varlistentry>
- </variablelist>
-
-</refsect1>
-
-<refsect1 id="trust-list">
- <title>List</title>
-
- <para>List trust policy store items.</para>
-
-<programlisting>
-$ trust list
-</programlisting>
-
- <para>List information about the various items in the trust policy store.
- Each item is listed with it's PKCS#11 URI and some descriptive information.</para>
-
- <para>You can specify the following options to control what to list.</para>
-
- <varlistentry>
- <term><option>--filter=&lt;what&gt;</option></term>
- <listitem>
- <para>Specifies what certificates to extract. You can specify the following values:
- <variablelist>
- <varlistentry>
- <term><option>ca-anchors</option></term>
- <listitem><para>Certificate anchors</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>trust-policy</option></term>
- <listitem><para>Anchors and blacklist (default)</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>blacklist</option></term>
- <listitem><para>Blacklisted certificates</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>certificates</option></term>
- <listitem><para>All certificates</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>pkcs11:object=xx</option></term>
- <listitem><para>A PKCS#11 URI to filter with</para></listitem>
- </varlistentry>
- </variablelist>
- </para>
-
- <para>If an output format is chosen that cannot support type what has been
- specified by the filter, a message will be printed.</para>
-
- <para>None of the available formats support storage of blacklist entries
- that do not contain a full certificate. Thus any certificates blacklisted by
- their issuer and serial number alone, are not included in the extracted
- blacklist.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--purpose=&lt;usage&gt;</option></term>
- <listitem><para>Limit to certificates usable for the given purpose
- You can specify one of the following values:
- <variablelist>
- <varlistentry>
- <term><option>server-auth</option></term>
- <listitem><para>For authenticating servers</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>client-auth</option></term>
- <listitem><para>For authenticating clients</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>email</option></term>
- <listitem><para>For email protection</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>code-signing</option></term>
- <listitem><para>For authenticated signed code</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>1.2.3.4.5...</option></term>
- <listitem><para>An arbitrary purpose OID</para></listitem>
- </varlistentry>
- </variablelist>
- </para></listitem>
- </varlistentry>
-
-</refsect1>
-
-<refsect1 id="trust-anchor">
- <title>Anchor</title>
-
- <para>Store or remove trust anchors.</para>
-
-<programlisting>
-$ trust anchor /path/to/certificate.crt
-$ trust anchor --remove /path/to/certificate.crt
-$ trust anchor --remove "pkcs11:id=%AA%BB%CC%DD%EE;object-type=cert"
-</programlisting>
-
- <para>Store or remove trust anchors in the trust policy store. These are
- usually root certificate authorities.</para>
-
- <para>Specify either the <option>--store</option> or <option>--remove</option>
- operations. If no operation is specified then <option>--store</option> is
- assumed.</para>
-
- <para>When storing, one or more certificate files are expected on the
- command line. These are stored as anchors, unless they are already
- present.</para>
-
- <para>When removing an anchor, either specify certificate files or
- PKCS#11 URI's on the command line. Matching anchors will be removed.</para>
-
- <para>It may be that this command needs to be run as root in order to
- modify the system trust policy store, if no user specific store is
- available.</para>
-
- <para>You can specify the following options.</para>
-
- <variablelist>
- <varlistentry>
- <term><option>--remove</option></term>
- <listitem><para>Remove one or more anchors from the trust
- policy store. Specify certificate files or PKCS#11 URI's
- on the command line.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--store</option></term>
- <listitem><para>Store one or more anchors to the trust
- policy store. Specify certificate files on the command
- line.</para></listitem>
- </varlistentry>
- </variablelist>
-
-</refsect1>
-
-<refsect1 id="trust-extract">
- <title>Extract</title>
-
- <para>Extract trust policy from the shared trust policy store.</para>
-
-<programlisting>
-$ trust extract --format=x509-directory --filter=ca-anchors /path/to/directory
-</programlisting>
-
- <para>You can specify the following options to control what to extract.
- The <option>--filter</option> and <option>--format</option> arguments
- should be specified. By default this command will not overwrite the
- destination file or directory.</para>
-
- <variablelist>
- <varlistentry>
- <term><option>--comment</option></term>
- <listitem><para>Add identifying comments to PEM bundle output files
- before each certificate.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--filter=&lt;what&gt;</option></term>
- <listitem>
- <para>Specifies what certificates to extract. You can specify the following values:
- <variablelist>
- <varlistentry>
- <term><option>ca-anchors</option></term>
- <listitem><para>Certificate anchors (default)</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>trust-policy</option></term>
- <listitem><para>Anchors and blacklist</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>blacklist</option></term>
- <listitem><para>Blacklisted certificates</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>certificates</option></term>
- <listitem><para>All certificates</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>pkcs11:object=xx</option></term>
- <listitem><para>A PKCS#11 URI</para></listitem>
- </varlistentry>
- </variablelist>
- </para>
-
- <para>If an output format is chosen that cannot support type what has been
- specified by the filter, a message will be printed.</para>
-
- <para>None of the available formats support storage of blacklist entries
- that do not contain a full certificate. Thus any certificates blacklisted by
- their issuer and serial number alone, are not included in the extracted
- blacklist.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--format=&lt;type&gt;</option></term>
- <listitem><para>The format of the destination file or directory.
- You can specify one of the following values:
- <variablelist>
- <varlistentry>
- <term><option>x509-file</option></term>
- <listitem><para>DER X.509 certificate file</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>x509-directory</option></term>
- <listitem><para>directory of X.509 certificates</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>pem-bundle</option></term>
- <listitem><para>File containing one or more certificate PEM blocks</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>pem-directory</option></term>
- <listitem><para>Directory of PEM files each containing one certificate</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>pem-directory-hash</option></term>
- <listitem><para>Directory of PEM files each containing one certificate, with hash symlinks</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>openssl-bundle</option></term>
- <listitem><para>OpenSSL specific PEM bundle of certificates</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>openssl-directory</option></term>
- <listitem><para>Directory of OpenSSL specific PEM files</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>java-cacerts</option></term>
- <listitem><para>Java keystore 'cacerts' certificate bundle</para></listitem>
- </varlistentry>
- </variablelist>
- </para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--overwrite</option></term>
- <listitem><para>Overwrite output file or directory.</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>--purpose=&lt;usage&gt;</option></term>
- <listitem><para>Limit to certificates usable for the given purpose
- You can specify one of the following values:
- <variablelist>
- <varlistentry>
- <term><option>server-auth</option></term>
- <listitem><para>For authenticating servers</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>client-auth</option></term>
- <listitem><para>For authenticating clients</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>email</option></term>
- <listitem><para>For email protection</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>code-signing</option></term>
- <listitem><para>For authenticated signed code</para></listitem>
- </varlistentry>
- <varlistentry>
- <term><option>1.2.3.4.5...</option></term>
- <listitem><para>An arbitrary purpose OID</para></listitem>
- </varlistentry>
- </variablelist>
- </para></listitem>
- </varlistentry>
- </variablelist>
-
-</refsect1>
-
-<refsect1 id="trust-extract-compat">
- <title>Extract Compat</title>
-
- <para>Extract compatibility trust certificate bundles.</para>
-
-<programlisting>
-$ trust extract-compat
-</programlisting>
-
- <para>OpenSSL, Java and some versions of GnuTLS cannot currently read
- trust information directly from the trust policy store. This command
- extracts trust information such as certificate anchors for use by
- these libraries.</para>
-
- <para>What this command does, and where it extracts the files is
- distribution or site specific. Packagers or administrators are expected
- customize this command.</para>
-
-</refsect1>
-
-<refsect1 id="trust-bugs">
- <title>Bugs</title>
- <para>
- Please send bug reports to either the distribution bug tracker
- or the upstream bug tracker at
- <ulink url="https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&amp;component=p11-kit">https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue&amp;component=p11-kit</ulink>.
- </para>
-</refsect1>
-
-<refsect1 id="trust-see-also">
- <title>See also</title>
- <simplelist type="inline">
- <member><citerefentry><refentrytitle>p11-kit</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
- </simplelist>
- <para>An explanatory document about storing trust policy:
- <ulink url="http://p11-glue.freedesktop.org/doc/storing-trust-policy/">http://p11-glue.freedesktop.org/doc/storing-trust-policy/</ulink></para>
- <para>
- Further details available in the p11-kit online documentation at
- <ulink url="http://p11-glue.freedesktop.org/doc/p11-kit/">http://p11-glue.freedesktop.org/doc/p11-kit/</ulink>.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am
deleted file mode 100644
index 14ec4d6..0000000
--- a/p11-kit/Makefile.am
+++ /dev/null
@@ -1,253 +0,0 @@
-
-inc_HEADERS += \
- p11-kit/deprecated.h \
- p11-kit/iter.h \
- p11-kit/p11-kit.h \
- p11-kit/pin.h \
- p11-kit/remote.h \
- p11-kit/uri.h \
- $(NULL)
-
-MODULE_SRCS = \
- p11-kit/util.c \
- p11-kit/conf.c p11-kit/conf.h \
- p11-kit/iter.c \
- p11-kit/log.c p11-kit/log.h \
- p11-kit/modules.c p11-kit/modules.h \
- p11-kit/pkcs11.h \
- p11-kit/pin.c \
- p11-kit/pkcs11.h \
- p11-kit/private.h \
- p11-kit/proxy.c p11-kit/proxy.h \
- p11-kit/messages.c \
- p11-kit/rpc-transport.c p11-kit/rpc.h \
- p11-kit/rpc-message.c p11-kit/rpc-message.h \
- p11-kit/rpc-client.c p11-kit/rpc-server.c \
- p11-kit/uri.c \
- p11-kit/virtual.c p11-kit/virtual.h \
- $(inc_HEADERS)
-
-lib_LTLIBRARIES += \
- libp11-kit.la
-
-libp11_kit_la_CFLAGS = \
- -DP11_SYSTEM_CONFIG_FILE=\""$(p11_system_config_file)"\" \
- -DP11_SYSTEM_CONFIG_MODULES=\""$(p11_system_config_modules)"\" \
- -DP11_PACKAGE_CONFIG_MODULES=\""$(p11_package_config_modules)"\" \
- -DP11_USER_CONFIG_FILE=\""$(p11_user_config_file)"\" \
- -DP11_USER_CONFIG_MODULES=\""$(p11_user_config_modules)"\" \
- -DP11_MODULE_PATH=\""$(p11_module_path)"\" \
- $(LIBFFI_CFLAGS) \
- $(NULL)
-
-libp11_kit_la_LDFLAGS = \
- -no-undefined \
- -version-info $(P11KIT_LT_RELEASE) \
- -export-symbols-regex '^C_GetFunctionList|^p11_kit_'
-
-libp11_kit_la_SOURCES = $(MODULE_SRCS)
-
-libp11_kit_la_LIBADD = \
- libp11-common.la \
- libp11-library.la \
- $(LIBFFI_LIBS) \
- $(LTLIBINTL) \
- $(NULL)
-
-noinst_LTLIBRARIES += \
- libp11-kit-testable.la
-
-libp11_kit_testable_la_LDFLAGS = -no-undefined
-libp11_kit_testable_la_SOURCES = $(MODULE_SRCS)
-libp11_kit_testable_la_LIBADD = $(libp11_kit_la_LIBADD)
-
-if OS_WIN32
-
-libp11_kit_testable_la_CFLAGS = \
- -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \
- -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules/win32"\" \
- -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules/win32"\" \
- -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \
- -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules/win32"\" \
- -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \
- $(LIBFFI_CFLAGS) \
- $(NULL)
-
-else
-
-libp11_kit_testable_la_CFLAGS = \
- -DP11_SYSTEM_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/system-pkcs11.conf"\" \
- -DP11_SYSTEM_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/system-modules"\" \
- -DP11_PACKAGE_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/package-modules"\" \
- -DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/fixtures/user-pkcs11.conf"\" \
- -DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/fixtures/user-modules"\" \
- -DP11_MODULE_PATH=\""$(abs_top_builddir)/.libs"\" \
- $(LIBFFI_CFLAGS) \
- $(NULL)
-
-# Proxy module is actually same as library, so install a link
-install-exec-hook:
- $(LN_S) -f `readlink $(DESTDIR)$(libdir)/libp11-kit.{so,dylib}` $(DESTDIR)$(libdir)/p11-kit-proxy.so
- $(MKDIR_P) $(DESTDIR)$(p11_package_config_modules)
-
-endif
-
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = p11-kit/p11-kit-1.pc
-
-exampledir = $(p11_system_config)
-example_DATA = p11-kit/pkcs11.conf.example
-
-EXTRA_DIST += \
- p11-kit/p11-kit-1.pc.in \
- p11-kit/pkcs11.conf.example.in \
- p11-kit/docs.h \
- $(NULL)
-
-bin_PROGRAMS += p11-kit/p11-kit
-
-p11_kit_p11_kit_SOURCES = \
- p11-kit/lists.c \
- p11-kit/p11-kit.c \
- $(NULL)
-
-p11_kit_p11_kit_LDADD = \
- libp11-kit.la \
- libp11-tool.la \
- libp11-common.la \
- $(LTLIBINTL) \
- $(NULL)
-
-private_PROGRAMS += p11-kit-remote
-
-p11_kit_remote_SOURCES = \
- p11-kit/remote.c \
- $(NULL)
-
-p11_kit_remote_LDADD = \
- libp11-tool.la \
- libp11-common.la \
- libp11-kit.la \
- $(NULL)
-
-# Tests ----------------------------------------------------------------
-
-p11_kit_LIBS = \
- libp11-kit-testable.la \
- libp11-test.la \
- libp11-common.la \
- $(LTLIBINTL)
-
-CHECK_PROGS += \
- test-progname \
- test-util \
- test-conf \
- test-uri \
- test-pin \
- test-init \
- test-modules \
- test-deprecated \
- test-proxy \
- test-iter \
- test-rpc \
- $(NULL)
-
-test_conf_SOURCES = p11-kit/test-conf.c
-test_conf_LDADD = $(p11_kit_LIBS)
-
-test_deprecated_SOURCES = p11-kit/test-deprecated.c
-test_deprecated_LDADD = $(p11_kit_LIBS)
-
-test_init_SOURCES = p11-kit/test-init.c
-test_init_LDADD = $(p11_kit_LIBS)
-
-test_iter_SOURCES = p11-kit/test-iter.c
-test_iter_LDADD = $(p11_kit_LIBS)
-
-test_modules_SOURCES = p11-kit/test-modules.c
-test_modules_LDADD = $(p11_kit_LIBS)
-
-test_pin_SOURCES = p11-kit/test-pin.c
-test_pin_LDADD = $(p11_kit_LIBS)
-
-test_progname_SOURCES = p11-kit/test-progname.c
-test_progname_LDADD = $(p11_kit_LIBS)
-
-test_proxy_SOURCES = p11-kit/test-proxy.c
-test_proxy_LDADD = $(p11_kit_LIBS)
-
-test_rpc_SOURCES = p11-kit/test-rpc.c
-test_rpc_LDADD = $(p11_kit_LIBS)
-
-test_uri_SOURCES = p11-kit/test-uri.c
-test_uri_LDADD = $(p11_kit_LIBS)
-
-test_util_SOURCES = p11-kit/test-util.c
-test_util_LDADD = $(p11_kit_LIBS)
-
-noinst_PROGRAMS += \
- print-messages \
- frob-setuid
-
-print_messages_SOURCES = p11-kit/print-messages.c
-print_messages_LDADD = $(p11_kit_LIBS)
-
-frob_setuid_SOURCES = p11-kit/frob-setuid.c
-frob_setuid_LDADD = $(p11_kit_LIBS)
-
-if WITH_FFI
-
-CHECK_PROGS += \
- test-virtual \
- test-managed \
- test-log \
- test-transport \
- $(NULL)
-
-test_log_SOURCES = p11-kit/test-log.c
-test_log_LDADD = $(p11_kit_LIBS)
-
-test_managed_SOURCES = p11-kit/test-managed.c
-test_managed_LDADD = $(p11_kit_LIBS)
-
-test_transport_SOURCES = p11-kit/test-transport.c
-test_transport_LDADD = $(p11_kit_LIBS)
-
-test_virtual_SOURCES = p11-kit/test-virtual.c
-test_virtual_LDADD = $(p11_kit_LIBS)
-
-endif
-
-noinst_LTLIBRARIES += \
- mock-one.la \
- mock-two.la \
- mock-three.la \
- mock-four.la \
- mock-five.la
-
-mock_one_la_SOURCES = p11-kit/mock-module-ep.c
-mock_one_la_LIBADD = libp11-test.la libp11-common.la
-mock_one_la_LDFLAGS = \
- -module -avoid-version -rpath /nowhere \
- -no-undefined -export-symbols-regex 'C_GetFunctionList'
-
-mock_two_la_SOURCES = p11-kit/mock-module-ep2.c
-mock_two_la_LDFLAGS = $(mock_one_la_LDFLAGS)
-mock_two_la_LIBADD = $(mock_one_la_LIBADD)
-
-mock_three_la_SOURCES = $(mock_one_la_SOURCES)
-mock_three_la_LDFLAGS = $(mock_one_la_LDFLAGS)
-mock_three_la_LIBADD = $(mock_one_la_LIBADD)
-
-mock_four_la_SOURCES = $(mock_one_la_SOURCES)
-mock_four_la_LDFLAGS = $(mock_one_la_LDFLAGS)
-mock_four_la_LIBADD = $(mock_one_la_LIBADD)
-
-mock_five_la_SOURCES = p11-kit/mock-module-ep3.c
-mock_five_la_LDFLAGS = $(mock_one_la_LDFLAGS)
-mock_five_la_LIBADD = $(mock_one_la_LIBADD)
-
-EXTRA_DIST += \
- p11-kit/fixtures \
- p11-kit/test-mock.c \
- $(NULL)
diff --git a/p11-kit/conf.c b/p11-kit/conf.c
deleted file mode 100644
index 8a328ed..0000000
--- a/p11-kit/conf.c
+++ /dev/null
@@ -1,509 +0,0 @@
-/*
- * Copyright (c) 2005 Stefan Walter
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stef@memberwebs.com>
- */
-
-#include "config.h"
-
-#include "conf.h"
-#define P11_DEBUG_FLAG P11_DEBUG_CONF
-#include "debug.h"
-#include "lexer.h"
-#include "message.h"
-#include "path.h"
-#include "private.h"
-
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include <assert.h>
-#include <ctype.h>
-#include <dirent.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-static int
-strequal (const char *one, const char *two)
-{
- return strcmp (one, two) == 0;
-}
-
-/* -----------------------------------------------------------------------------
- * CONFIG PARSER
- */
-
-bool
-_p11_conf_merge_defaults (p11_dict *map,
- p11_dict *defaults)
-{
- p11_dictiter iter;
- void *key;
- void *value;
-
- p11_dict_iterate (defaults, &iter);
- while (p11_dict_next (&iter, &key, &value)) {
- /* Only override if not set */
- if (p11_dict_get (map, key))
- continue;
- key = strdup (key);
- return_val_if_fail (key != NULL, false);
- value = strdup (value);
- return_val_if_fail (key != NULL, false);
- if (!p11_dict_set (map, key, value))
- return_val_if_reached (false);
- }
-
- return true;
-}
-
-p11_dict *
-_p11_conf_parse_file (const char* filename,
- struct stat *sb,
- int flags)
-{
- p11_dict *map = NULL;
- void *data;
- p11_lexer lexer;
- bool failed = false;
- size_t length;
- p11_mmap *mmap;
- int error;
-
- assert (filename);
-
- p11_debug ("reading config file: %s", filename);
-
- mmap = p11_mmap_open (filename, sb, &data, &length);
- if (mmap == NULL) {
- error = errno;
- if ((flags & CONF_IGNORE_MISSING) &&
- (error == ENOENT || error == ENOTDIR)) {
- p11_debug ("config file does not exist");
-
- } else if ((flags & CONF_IGNORE_ACCESS_DENIED) &&
- (error == EPERM || error == EACCES)) {
- p11_debug ("config file is inaccessible");
-
- } else {
- p11_message_err (error, "couldn't open config file: %s", filename);
- errno = error;
- return NULL;
- }
- }
-
- map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free);
- return_val_if_fail (map != NULL, NULL);
-
- /* Empty config fall through above */
- if (mmap == NULL)
- return map;
-
- p11_lexer_init (&lexer, filename, data, length);
- while (p11_lexer_next (&lexer, &failed)) {
- switch (lexer.tok_type) {
- case TOK_FIELD:
- p11_debug ("config value: %s: %s", lexer.tok.field.name,
- lexer.tok.field.value);
- if (!p11_dict_set (map, lexer.tok.field.name, lexer.tok.field.value))
- return_val_if_reached (NULL);
- lexer.tok.field.name = NULL;
- lexer.tok.field.value = NULL;
- break;
- case TOK_PEM:
- p11_message ("%s: unexpected pem block", filename);
- failed = true;
- break;
- case TOK_SECTION:
- p11_message ("%s: unexpected section header", filename);
- failed = true;
- break;
- case TOK_EOF:
- assert_not_reached ();
- break;
- }
-
- if (failed)
- break;
- }
-
- p11_lexer_done (&lexer);
- p11_mmap_close (mmap);
-
- if (failed) {
- p11_dict_free (map);
- map = NULL;
- errno = EINVAL;
- }
-
- return map;
-}
-
-static int
-user_config_mode (p11_dict *config,
- int defmode)
-{
- const char *mode;
-
- /* Whether we should use or override from user directory */
- mode = p11_dict_get (config, "user-config");
- if (mode == NULL) {
- return defmode;
- } else if (strequal (mode, "none")) {
- return CONF_USER_NONE;
- } else if (strequal (mode, "merge")) {
- return CONF_USER_MERGE;
- } else if (strequal (mode, "only")) {
- return CONF_USER_ONLY;
- } else if (strequal (mode, "override")) {
- return CONF_USER_ONLY;
- } else {
- p11_message ("invalid mode for 'user-config': %s", mode);
- return CONF_USER_INVALID;
- }
-}
-
-p11_dict *
-_p11_conf_load_globals (const char *system_conf, const char *user_conf,
- int *user_mode)
-{
- p11_dict *config = NULL;
- p11_dict *uconfig = NULL;
- p11_dict *result = NULL;
- char *path = NULL;
- int error = 0;
- int flags;
- int mode;
-
- /*
- * This loads the system and user configs. This depends on the user-config
- * value in both the system and user configs. A bit more complex than
- * you might imagine, since user-config can be set to 'none' in the
- * user configuration, essentially turning itself off.
- */
-
- /* Load the main configuration */
- config = _p11_conf_parse_file (system_conf, NULL, CONF_IGNORE_MISSING);
- if (!config)
- goto finished;
-
- /* Whether we should use or override from user directory */
- mode = user_config_mode (config, CONF_USER_MERGE);
- if (mode == CONF_USER_INVALID) {
- error = EINVAL;
- goto finished;
- }
-
- if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) {
- p11_debug ("skipping user config in setuid or setgid program");
- mode = CONF_USER_NONE;
- }
-
- if (mode != CONF_USER_NONE) {
- path = p11_path_expand (user_conf);
- if (!path) {
- error = errno;
- goto finished;
- }
-
- /* Load up the user configuration, ignore selinux denying us access */
- flags = CONF_IGNORE_MISSING | CONF_IGNORE_ACCESS_DENIED;
- uconfig = _p11_conf_parse_file (path, NULL, flags);
- if (!uconfig) {
- error = errno;
- goto finished;
- }
-
- /* Figure out what the user mode is, defaulting to system mode if not set */
- mode = user_config_mode (uconfig, mode);
- if (mode == CONF_USER_INVALID) {
- error = EINVAL;
- goto finished;
- }
-
- /* If merging, then supplement user config with system values */
- if (mode == CONF_USER_MERGE) {
- if (!_p11_conf_merge_defaults (uconfig, config)) {
- error = errno;
- goto finished;
- }
- }
-
- /* If user config valid at all, then replace system with what we have */
- if (mode != CONF_USER_NONE) {
- p11_dict_free (config);
- config = uconfig;
- uconfig = NULL;
- }
- }
-
- if (user_mode)
- *user_mode = mode;
-
- result = config;
- config = NULL;
-
-finished:
- free (path);
- p11_dict_free (config);
- p11_dict_free (uconfig);
- errno = error;
- return result;
-}
-
-static char *
-calc_name_from_filename (const char *fname)
-{
- /* We eventually want to settle on .module */
- static const char *const suffix = ".module";
- static const size_t suffix_len = 7;
- const char *c = fname;
- size_t fname_len;
- size_t name_len;
- char *name;
-
- assert (fname);
-
- /* Make sure the filename starts with an alphanumeric */
- if (!isalnum(*c))
- return NULL;
- ++c;
-
- /* Only allow alnum, _, -, and . */
- while (*c) {
- if (!isalnum(*c) && *c != '_' && *c != '-' && *c != '.')
- return NULL;
- ++c;
- }
-
- /* Make sure we have one of the suffixes */
- fname_len = strlen (fname);
- if (suffix_len >= fname_len)
- return NULL;
- name_len = (fname_len - suffix_len);
- if (strcmp (fname + name_len, suffix) != 0)
- return NULL;
-
- name = malloc (name_len + 1);
- return_val_if_fail (name != NULL, NULL);
- memcpy (name, fname, name_len);
- name[name_len] = 0;
- return name;
-}
-
-static bool
-load_config_from_file (const char *configfile,
- struct stat *sb,
- const char *name,
- p11_dict *configs,
- int flags)
-{
- p11_dict *config;
- p11_dict *prev;
- char *key;
- int error = 0;
-
- assert (configfile);
-
- key = calc_name_from_filename (name);
- if (key == NULL) {
- p11_message ("invalid config filename, will be ignored in the future: %s", configfile);
- key = strdup (name);
- return_val_if_fail (key != NULL, false);
- }
-
- config = _p11_conf_parse_file (configfile, sb, flags);
- if (!config) {
- free (key);
- return false;
- }
-
- prev = p11_dict_get (configs, key);
- if (prev == NULL) {
- if (!p11_dict_set (configs, key, config))
- return_val_if_reached (false);
- config = NULL;
- } else {
- if (!_p11_conf_merge_defaults (prev, config))
- error = errno;
- free (key);
- }
-
- /* If still set */
- p11_dict_free (config);
-
- if (error) {
- errno = error;
- return false;
- }
-
- return true;
-}
-
-static bool
-load_configs_from_directory (const char *directory,
- p11_dict *configs,
- int flags)
-{
- struct dirent *dp;
- struct stat st;
- DIR *dir;
- int error = 0;
- bool is_dir;
- char *path;
- int count = 0;
-
- p11_debug ("loading module configs in: %s", directory);
-
- /* First we load all the modules */
- dir = opendir (directory);
- if (!dir) {
- error = errno;
- if ((flags & CONF_IGNORE_MISSING) &&
- (errno == ENOENT || errno == ENOTDIR)) {
- p11_debug ("module configs do not exist");
- return true;
- } else if ((flags & CONF_IGNORE_ACCESS_DENIED) &&
- (errno == EPERM || errno == EACCES)) {
- p11_debug ("couldn't list inacessible module configs");
- return true;
- }
- p11_message_err (error, "couldn't list directory: %s", directory);
- errno = error;
- return false;
- }
-
- while ((dp = readdir(dir)) != NULL) {
- path = p11_path_build (directory, dp->d_name, NULL);
- return_val_if_fail (path != NULL, false);
-
- if (stat (path, &st) < 0) {
- error = errno;
- p11_message_err (error, "couldn't stat path: %s", path);
- free (path);
- break;
- }
-
- is_dir = S_ISDIR (st.st_mode);
-
- if (!is_dir && !load_config_from_file (path, &st, dp->d_name, configs, flags)) {
- error = errno;
- free (path);
- break;
- }
-
- free (path);
- count ++;
- }
-
- closedir (dir);
-
- if (error) {
- errno = error;
- return false;
- }
-
- return true;
-}
-
-p11_dict *
-_p11_conf_load_modules (int mode,
- const char *package_dir,
- const char *system_dir,
- const char *user_dir)
-{
- p11_dict *configs;
- char *path;
- int error = 0;
- int flags;
-
- /* A hash table of name -> config */
- configs = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal,
- free, (p11_destroyer)p11_dict_free);
-
- /* Load each user config first, if user config is allowed */
- if (mode != CONF_USER_NONE) {
- flags = CONF_IGNORE_MISSING | CONF_IGNORE_ACCESS_DENIED;
- path = p11_path_expand (user_dir);
- if (!path)
- error = errno;
- else if (!load_configs_from_directory (path, configs, flags))
- error = errno;
- free (path);
- if (error != 0) {
- p11_dict_free (configs);
- errno = error;
- return NULL;
- }
- }
-
- /*
- * Now unless user config is overriding, load system modules.
- * Basically if a value for the same config name is not already
- * loaded above (in the user configs) then they're loaded here.
- */
- if (mode != CONF_USER_ONLY) {
- flags = CONF_IGNORE_MISSING;
- if (!load_configs_from_directory (system_dir, configs, flags) ||
- !load_configs_from_directory (package_dir, configs, flags)) {
- error = errno;
- p11_dict_free (configs);
- errno = error;
- return NULL;
- }
- }
-
- return configs;
-}
-
-bool
-_p11_conf_parse_boolean (const char *string,
- bool default_value)
-{
- if (!string)
- return default_value;
-
- if (strcmp (string, "yes") == 0) {
- return true;
- } else if (strcmp (string, "no") == 0) {
- return false;
- } else {
- p11_message ("invalid setting '%s' defaulting to '%s'",
- string, default_value ? "yes" : "no");
- return default_value;
- }
-}
diff --git a/p11-kit/conf.h b/p11-kit/conf.h
deleted file mode 100644
index 911e650..0000000
--- a/p11-kit/conf.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (c) 2005 Stefan Walter
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __CONF_H__
-#define __CONF_H__
-
-#include "dict.h"
-
-enum {
- CONF_IGNORE_MISSING = 0x01,
- CONF_IGNORE_ACCESS_DENIED = 0x02,
-};
-
-enum {
- CONF_USER_INVALID = 0,
- CONF_USER_NONE = 1,
- CONF_USER_MERGE,
- CONF_USER_ONLY
-};
-
-bool _p11_conf_merge_defaults (p11_dict *config,
- p11_dict *defaults);
-
-/* Returns a hash of char *key -> char *value */
-p11_dict * _p11_conf_parse_file (const char *filename,
- struct stat *sb,
- int flags);
-
-/* Returns a hash of char *key -> char *value */
-p11_dict * _p11_conf_load_globals (const char *system_conf,
- const char *user_conf,
- int *user_mode);
-
-/* Returns a hash of char* name -> hash_t *config */
-p11_dict * _p11_conf_load_modules (int user_mode,
- const char *package_dir,
- const char *system_dir,
- const char *user_dir);
-
-bool _p11_conf_parse_boolean (const char *string,
- bool default_value);
-
-#endif /* __CONF_H__ */
diff --git a/p11-kit/deprecated.h b/p11-kit/deprecated.h
deleted file mode 100644
index ffe5d9d..0000000
--- a/p11-kit/deprecated.h
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef __P11_KIT_DEPRECATED_H__
-#define __P11_KIT_DEPRECATED_H__
-
-#ifndef __P11_KIT_H__
-#error "Please include <p11-kit/p11-kit.h> instead of this file."
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef P11_KIT_NO_DEPRECATIONS
-#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
-#define P11_KIT_DEPRECATED_FOR(f) __attribute__((deprecated("Use " #f " instead")))
-#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)
-#define P11_KIT_DEPRECATED_FOR(f) __attribute__((__deprecated__))
-#endif
-#endif
-
-#ifndef P11_KIT_DEPRECATED_FOR
-#define P11_KIT_DEPRECATED_FOR(f)
-#endif
-
-#ifndef P11_KIT_DISABLE_DEPRECATED
-
-P11_KIT_DEPRECATED_FOR (p11_kit_modules_load)
-CK_RV p11_kit_initialize_registered (void);
-
-P11_KIT_DEPRECATED_FOR (p11_kit_modules_release)
-CK_RV p11_kit_finalize_registered (void);
-
-P11_KIT_DEPRECATED_FOR (p11_kit_modules_release)
-CK_FUNCTION_LIST_PTR * p11_kit_registered_modules (void);
-
-P11_KIT_DEPRECATED_FOR (p11_kit_module_for_name)
-CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module (const char *name);
-
-P11_KIT_DEPRECATED_FOR (p11_kit_module_get_name)
-char * p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module);
-
-P11_KIT_DEPRECATED_FOR (p11_kit_config_option)
-char * p11_kit_registered_option (CK_FUNCTION_LIST_PTR module,
- const char *field);
-
-P11_KIT_DEPRECATED_FOR (module->C_Initialize)
-CK_RV p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module);
-
-P11_KIT_DEPRECATED_FOR (module->C_Finalize)
-CK_RV p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module);
-
-P11_KIT_DEPRECATED_FOR (p11_kit_module_load)
-CK_RV p11_kit_load_initialize_module (const char *module_path,
- CK_FUNCTION_LIST_PTR *module);
-
-#endif /* P11_KIT_DISABLE_DEPRECATED */
-
-#undef P11_KIT_DEPRECATED_FOR
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* __P11_KIT_DEPRECATED_H__ */
diff --git a/p11-kit/docs.h b/p11-kit/docs.h
deleted file mode 100644
index 7b29e3d..0000000
--- a/p11-kit/docs.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-/* This header is not used by anything, and merely to help gtk-doc be sane */
-
-#define P11_KIT_MODULE_UNMANAGED 1
-#define P11_KIT_MODULE_CRITICAL 1
diff --git a/p11-kit/fixtures/package-modules/four.module b/p11-kit/fixtures/package-modules/four.module
deleted file mode 100644
index 933af2b..0000000
--- a/p11-kit/fixtures/package-modules/four.module
+++ /dev/null
@@ -1,5 +0,0 @@
-
-module: mock-four.so
-disable-in: test-disable, test-other
-priority: 4
-trust-policy: no \ No newline at end of file
diff --git a/p11-kit/fixtures/package-modules/win32/four.module b/p11-kit/fixtures/package-modules/win32/four.module
deleted file mode 100644
index 6dc87c9..0000000
--- a/p11-kit/fixtures/package-modules/win32/four.module
+++ /dev/null
@@ -1,4 +0,0 @@
-
-module: mock-four.dll
-disable-in: test-disable, test-other
-priority: 4 \ No newline at end of file
diff --git a/p11-kit/fixtures/system-modules/one.module b/p11-kit/fixtures/system-modules/one.module
deleted file mode 100644
index 5f49a8f..0000000
--- a/p11-kit/fixtures/system-modules/one.module
+++ /dev/null
@@ -1,5 +0,0 @@
-
-module: mock-one.so
-setting: system1
-trust-policy: yes
-number: 18
diff --git a/p11-kit/fixtures/system-modules/two-duplicate.module b/p11-kit/fixtures/system-modules/two-duplicate.module
deleted file mode 100644
index 756af69..0000000
--- a/p11-kit/fixtures/system-modules/two-duplicate.module
+++ /dev/null
@@ -1,4 +0,0 @@
-
-# This is a duplicate of the 'two' module
-module: mock-two.so
-# no priority, use name \ No newline at end of file
diff --git a/p11-kit/fixtures/system-modules/two.badname b/p11-kit/fixtures/system-modules/two.badname
deleted file mode 100644
index eec3af0..0000000
--- a/p11-kit/fixtures/system-modules/two.badname
+++ /dev/null
@@ -1,6 +0,0 @@
-# This module doesn't have a .module extension, but p11-kit doesn't yet
-# enforce the naming, just warns, so it should still be loaded
-
-module: mock-two.so
-setting: system2
-# no priority, use name \ No newline at end of file
diff --git a/p11-kit/fixtures/system-modules/win32/one.module b/p11-kit/fixtures/system-modules/win32/one.module
deleted file mode 100644
index d153ce5..0000000
--- a/p11-kit/fixtures/system-modules/win32/one.module
+++ /dev/null
@@ -1,4 +0,0 @@
-
-module: mock-one.dll
-setting: system1
-# no order, use name \ No newline at end of file
diff --git a/p11-kit/fixtures/system-modules/win32/two-duplicate.module b/p11-kit/fixtures/system-modules/win32/two-duplicate.module
deleted file mode 100644
index 54ef1cc..0000000
--- a/p11-kit/fixtures/system-modules/win32/two-duplicate.module
+++ /dev/null
@@ -1,4 +0,0 @@
-
-# This is a duplicate of the 'two' module
-module: mock-two.dll
-# no order, use name \ No newline at end of file
diff --git a/p11-kit/fixtures/system-modules/win32/two.badname b/p11-kit/fixtures/system-modules/win32/two.badname
deleted file mode 100644
index af63cf9..0000000
--- a/p11-kit/fixtures/system-modules/win32/two.badname
+++ /dev/null
@@ -1,6 +0,0 @@
-# This module doesn't have a .module extension, but p11-kit doesn't yet
-# enforce the naming, just warns, so it should still be loaded
-
-module: mock-two.dll
-setting: system2
-# no order, use name \ No newline at end of file
diff --git a/p11-kit/fixtures/system-pkcs11.conf b/p11-kit/fixtures/system-pkcs11.conf
deleted file mode 100644
index a3aa273..0000000
--- a/p11-kit/fixtures/system-pkcs11.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-
-# Merge in user config
-user-config: merge
-
-# Another option
-new: world \ No newline at end of file
diff --git a/p11-kit/fixtures/test-1.conf b/p11-kit/fixtures/test-1.conf
deleted file mode 100644
index d4ae0a1..0000000
--- a/p11-kit/fixtures/test-1.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-key1:value1
-with-whitespace : value-with-whitespace
-with-colon: value-of-colon
-
-# A comment
-embedded-comment: this is # not a comment
diff --git a/p11-kit/fixtures/test-pinfile b/p11-kit/fixtures/test-pinfile
deleted file mode 100644
index f646f3d..0000000
--- a/p11-kit/fixtures/test-pinfile
+++ /dev/null
@@ -1 +0,0 @@
-yogabbagabba \ No newline at end of file
diff --git a/p11-kit/fixtures/test-pinfile-large b/p11-kit/fixtures/test-pinfile-large
deleted file mode 100644
index 506668d..0000000
--- a/p11-kit/fixtures/test-pinfile-large
+++ /dev/null
@@ -1,53 +0,0 @@
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba yogabbagabba
-yogabbagabba yogabbagabba yogabbagabba yo \ No newline at end of file
diff --git a/p11-kit/fixtures/test-system-invalid.conf b/p11-kit/fixtures/test-system-invalid.conf
deleted file mode 100644
index 344ee96..0000000
--- a/p11-kit/fixtures/test-system-invalid.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-
-# Invalid user-config setting
-user-config: bad
diff --git a/p11-kit/fixtures/test-system-merge.conf b/p11-kit/fixtures/test-system-merge.conf
deleted file mode 100644
index 978427d..0000000
--- a/p11-kit/fixtures/test-system-merge.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-
-# Merge in user config
-user-config: merge
-
-key1: system1
-key2: system2
-key3: system3 \ No newline at end of file
diff --git a/p11-kit/fixtures/test-system-none.conf b/p11-kit/fixtures/test-system-none.conf
deleted file mode 100644
index 2d43fa7..0000000
--- a/p11-kit/fixtures/test-system-none.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-
-# Only user config
-user-config: none
-
-# These values will not be overridden
-key1: system1
-key2: system2
-key3: system3 \ No newline at end of file
diff --git a/p11-kit/fixtures/test-system-only.conf b/p11-kit/fixtures/test-system-only.conf
deleted file mode 100644
index 589f1c7..0000000
--- a/p11-kit/fixtures/test-system-only.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-
-# Only user config
-user-config: only
-
-# This stuff will be ignored
-key1: system1
-key2: system2
-key3: system3 \ No newline at end of file
diff --git a/p11-kit/fixtures/test-user-invalid.conf b/p11-kit/fixtures/test-user-invalid.conf
deleted file mode 100644
index 344ee96..0000000
--- a/p11-kit/fixtures/test-user-invalid.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-
-# Invalid user-config setting
-user-config: bad
diff --git a/p11-kit/fixtures/test-user-only.conf b/p11-kit/fixtures/test-user-only.conf
deleted file mode 100644
index 3224c01..0000000
--- a/p11-kit/fixtures/test-user-only.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-
-user-config: only
-key2: user2
-key3: user3 \ No newline at end of file
diff --git a/p11-kit/fixtures/test-user.conf b/p11-kit/fixtures/test-user.conf
deleted file mode 100644
index 369544a..0000000
--- a/p11-kit/fixtures/test-user.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-
-key2: user2
-key3: user3 \ No newline at end of file
diff --git a/p11-kit/fixtures/user-modules/one.module b/p11-kit/fixtures/user-modules/one.module
deleted file mode 100644
index 5197daf..0000000
--- a/p11-kit/fixtures/user-modules/one.module
+++ /dev/null
@@ -1,4 +0,0 @@
-
-setting: user1
-managed: yes
-number: 33
diff --git a/p11-kit/fixtures/user-modules/three.module b/p11-kit/fixtures/user-modules/three.module
deleted file mode 100644
index 3a2366d..0000000
--- a/p11-kit/fixtures/user-modules/three.module
+++ /dev/null
@@ -1,6 +0,0 @@
-
-module: mock-three.so
-setting: user3
-
-enable-in: test-enable
-priority: 3 \ No newline at end of file
diff --git a/p11-kit/fixtures/user-modules/win32/one.module b/p11-kit/fixtures/user-modules/win32/one.module
deleted file mode 100644
index c371e4a..0000000
--- a/p11-kit/fixtures/user-modules/win32/one.module
+++ /dev/null
@@ -1,2 +0,0 @@
-
-setting: user1 \ No newline at end of file
diff --git a/p11-kit/fixtures/user-modules/win32/three.module b/p11-kit/fixtures/user-modules/win32/three.module
deleted file mode 100644
index 30a3b63..0000000
--- a/p11-kit/fixtures/user-modules/win32/three.module
+++ /dev/null
@@ -1,6 +0,0 @@
-
-module: mock-three.dll
-setting: user3
-
-enable-in: test-enable
-priority: 3 \ No newline at end of file
diff --git a/p11-kit/frob-setuid.c b/p11-kit/frob-setuid.c
deleted file mode 100644
index e546ece..0000000
--- a/p11-kit/frob-setuid.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "compat.h"
-#include "p11-kit.h"
-
-int
-main (void)
-{
- CK_FUNCTION_LIST **modules;
- CK_FUNCTION_LIST *module;
- char *field;
- char *name;
- int ret;
- int i;
-
- /*
- * Use 'chmod ug+s frob-setuid' to change this program
- * and test the output with/without setuid or setgid.
- */
-
- putenv ("P11_KIT_STRICT=1");
-
- modules = p11_kit_modules_load_and_initialize (0);
- assert (modules != NULL);
-
- /* This is a system configured module */
- module = p11_kit_module_for_name (modules, "one");
- assert (module != NULL);
-
- field = p11_kit_config_option (module, "setting");
- printf ("'setting' on module 'one': %s\n", field ? field : "(null)");
-
- assert (field != NULL);
- if (getauxval (AT_SECURE))
- assert (strcmp (field, "system1") == 0);
- else
- assert (strcmp (field, "user1") == 0);
-
- free (field);
-
- for (i = 0; modules[i] != NULL; i++) {
- name = p11_kit_module_get_name (modules[i]);
- printf ("%s\n", name);
- free (name);
- }
-
- field = p11_kit_config_option (module, "number");
- printf ("'number' on module 'one': %s\n", field ? field : "(null)");
-
- ret = atoi (field ? field : "0");
- assert (ret != 0);
- free (field);
-
- p11_kit_modules_finalize_and_release (modules);
- return ret;
-}
diff --git a/p11-kit/iter.c b/p11-kit/iter.c
deleted file mode 100644
index 4caf5d7..0000000
--- a/p11-kit/iter.c
+++ /dev/null
@@ -1,983 +0,0 @@
-/*
- * Copyright (C) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "array.h"
-#include "attrs.h"
-#include "debug.h"
-#include "iter.h"
-#include "pin.h"
-#include "private.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
-typedef struct _Callback {
- p11_kit_iter_callback func;
- void *callback_data;
- p11_kit_destroyer destroyer;
- struct _Callback *next;
-} Callback;
-
-/**
- * P11KitIter:
- *
- * Used to iterate over PKCS\#11 objects.
- */
-struct p11_kit_iter {
-
- /* Iterator matching data */
- CK_INFO match_module;
- CK_SLOT_INFO match_slot;
- CK_TOKEN_INFO match_token;
- CK_ATTRIBUTE *match_attrs;
- CK_SLOT_ID match_slot_id;
- Callback *callbacks;
-
- /* The input modules */
- p11_array *modules;
-
- /* The results of C_GetSlotList */
- CK_SLOT_ID *slots;
- CK_ULONG num_slots;
- CK_ULONG saw_slots;
-
- /* The results of C_FindObjects */
- CK_OBJECT_HANDLE *objects;
- CK_ULONG max_objects;
- CK_ULONG num_objects;
- CK_ULONG saw_objects;
-
- /* The current iteration */
- CK_FUNCTION_LIST_PTR module;
- CK_SLOT_ID slot;
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE object;
- CK_SLOT_INFO slot_info;
- CK_TOKEN_INFO token_info;
-
- /* And various flags */
- unsigned int searching : 1;
- unsigned int searched : 1;
- unsigned int iterating : 1;
- unsigned int match_nothing : 1;
- unsigned int keep_session : 1;
- unsigned int preload_results : 1;
- unsigned int want_writable : 1;
-};
-
-/**
- * P11KitIterBehavior:
- * @P11_KIT_ITER_BUSY_SESSIONS: Allow the iterator's sessions to be
- * in a busy state when the iterator returns an object.
- * @P11_KIT_ITER_WANT_WRITABLE: Try to open read-write sessions when
- * iterating over obojects.
- *
- * Various flags controlling the behavior of the iterator.
- */
-
-/**
- * p11_kit_iter_new:
- * @uri: (allow-none): a PKCS\#11 URI to filter on, or %NULL
- * @behavior: various behavior flags for iterator
- *
- * Create a new PKCS\#11 iterator for iterating over objects. Only
- * objects that match the @uri will be returned by the iterator.
- * Relevant information in @uri is copied, and you need not keep
- * @uri around.
- *
- * If no @uri is specified then the iterator will iterate over all
- * objects, unless otherwise filtered.
- *
- * Returns: (transfer full): a new iterator, which should be freed
- * with p11_kit_iter_free()
- */
-P11KitIter *
-p11_kit_iter_new (P11KitUri *uri,
- P11KitIterBehavior behavior)
-{
- P11KitIter *iter;
-
- iter = calloc (1, sizeof (P11KitIter));
- return_val_if_fail (iter != NULL, NULL);
-
- iter->modules = p11_array_new (NULL);
- return_val_if_fail (iter->modules != NULL, NULL);
-
- iter->want_writable = !!(behavior & P11_KIT_ITER_WANT_WRITABLE);
- iter->preload_results = !(behavior & P11_KIT_ITER_BUSY_SESSIONS);
-
- p11_kit_iter_set_uri (iter, uri);
- return iter;
-}
-
-/**
- * p11_kit_iter_set_uri:
- * @iter: the iterator
- * @uri: (allow-none): a PKCS\#11 URI to filter on, or %NULL
- *
- * Set the PKCS\#11 uri for iterator. Only
- * objects that match the @uri will be returned by the iterator.
- * Relevant information in @uri is copied, and you need not keep
- * @uri around.
- *
- * If no @uri is specified then the iterator will iterate over all
- * objects, unless otherwise filtered.
- *
- * This function should be called at most once, and should be
- * called before iterating begins.
- *
- */
-void
-p11_kit_iter_set_uri (P11KitIter *iter,
- P11KitUri *uri)
-{
- CK_ATTRIBUTE *attrs;
- CK_TOKEN_INFO *tinfo;
- CK_SLOT_INFO *sinfo;
- CK_INFO *minfo;
- CK_ULONG count;
-
- return_if_fail (iter != NULL);
-
- if (uri != NULL) {
-
- if (p11_kit_uri_any_unrecognized (uri)) {
- iter->match_nothing = 1;
-
- } else {
- attrs = p11_kit_uri_get_attributes (uri, &count);
- iter->match_attrs = p11_attrs_buildn (NULL, attrs, count);
-
- iter->match_slot_id = p11_kit_uri_get_slot_id (uri);
-
- minfo = p11_kit_uri_get_module_info (uri);
- if (minfo != NULL)
- memcpy (&iter->match_module, minfo, sizeof (CK_INFO));
-
- sinfo = p11_kit_uri_get_slot_info (uri);
- if (sinfo != NULL)
- memcpy (&iter->match_slot, sinfo, sizeof (CK_SLOT_INFO));
-
- tinfo = p11_kit_uri_get_token_info (uri);
- if (tinfo != NULL)
- memcpy (&iter->match_token, tinfo, sizeof (CK_TOKEN_INFO));
- }
- } else {
- /* Match any module version number and slot ID */
- memset (&iter->match_module, 0, sizeof (iter->match_module));
- iter->match_module.libraryVersion.major = (CK_BYTE)-1;
- iter->match_module.libraryVersion.minor = (CK_BYTE)-1;
- iter->match_slot_id = (CK_SLOT_ID)-1;
- }
-}
-
-/**
- * p11_kit_destroyer:
- * @data: data to destroy
- *
- * A callback called to free a resource.
- */
-
-/**
- * p11_kit_iter_callback:
- * @iter: the iterator
- * @matches: (out): whether to match the current object
- * @data: callback data
- *
- * A callback setup with p11_kit_iter_add_callback(). This callback is
- * called for each object iterated.
- *
- * If the callback sets @matches to CK_FALSE, then this object is
- * skipped and not matched by p11_kit_iter_next(). If you return
- * anything but CKR_OK, then the iteration is stopped, and
- * p11_kit_iter_next() returns the result code.
- *
- * Returns: CKR_OK to continue iterating, CKR_CANCEL to stop, or
- * anything else to fail
- */
-
-/**
- * p11_kit_iter_add_callback:
- * @iter: the iterator
- * @callback: a function to call for each iteration
- * @callback_data: (allow-none): data to pass to the function
- * @callback_destroy: (allow-none): used to cleanup the data
- *
- * Adds a callback to the iterator which will be called each time
- * that an object is iterated.
- *
- * These callbacks can also perform filtering. If any callback
- * indicates through it's <literal>matches</literal> argument that
- * the object should not match, then that object will not be iterated
- * as far as p11_kit_iter_next() is concerned.
- *
- * The callbacks will be called with the <literal>matches</literal>
- * set to <literal>CK_TRUE</literal> and it's up to filters to change
- * it to <literal>CK_FALSE</literal> when necessary.
- */
-void
-p11_kit_iter_add_callback (P11KitIter *iter,
- p11_kit_iter_callback callback,
- void *callback_data,
- p11_kit_destroyer callback_destroy)
-{
- Callback *cb;
-
- return_if_fail (iter != NULL);
- return_if_fail (callback != NULL);
-
- cb = calloc (1, sizeof (Callback));
- return_if_fail (cb != NULL);
-
- cb->func = callback;
- cb->destroyer = callback_destroy;
- cb->callback_data = callback_data;
- cb->next = iter->callbacks;
- iter->callbacks = cb;
-}
-
-/**
- * p11_kit_iter_add_filter:
- * @iter: the iterator
- * @matching: (array length=count): the attributes that the objects should match
- * @count: the number of attributes
- *
- * Add a filter to limit the objects that the iterator iterates over.
- *
- * Only objects matching the passed in attributes will be iterated.
- * This function can be called multiple times.
- *
- * The @matching attributes are copied.
- */
-void
-p11_kit_iter_add_filter (P11KitIter *iter,
- CK_ATTRIBUTE *matching,
- CK_ULONG count)
-{
- return_if_fail (iter != NULL);
- return_if_fail (!iter->iterating);
-
- iter->match_attrs = p11_attrs_buildn (iter->match_attrs, matching, count);
- return_if_fail (iter->match_attrs != NULL);
-}
-
-static void
-finish_object (P11KitIter *iter)
-{
- iter->object = 0;
-}
-
-static void
-finish_slot (P11KitIter *iter)
-{
- if (iter->session && !iter->keep_session) {
- assert (iter->module != NULL);
- (iter->module->C_CloseSession) (iter->session);
- }
-
- iter->keep_session = 0;
- iter->session = 0;
- iter->searched = 0;
- iter->searching = 0;
- iter->slot = 0;
-}
-
-static void
-finish_module (P11KitIter *iter)
-{
- iter->num_slots = 0;
- iter->saw_slots = 0;
- iter->module = NULL;
-}
-
-static CK_RV
-finish_iterating (P11KitIter *iter,
- CK_RV rv)
-{
- finish_object (iter);
- finish_slot (iter);
- finish_module (iter);
- p11_array_clear (iter->modules);
-
- iter->iterating = 0;
- return rv;
-}
-
-/**
- * p11_kit_iter_begin:
- * @iter: the iterator
- * @modules: (array zero-terminated=1): null-terminated list of
- * modules to iterate over
- *
- * Begin iterating PKCS\#11 objects in the given @modules.
- *
- * The @modules arguments should be a null-terminated list of
- * pointers to the modules' PKCS\#11 function pointers.
- *
- * For each module, all initialized slots will be iterated over,
- * having sessions opened for each of them in turn, and searched
- * for objects matching the search criteria.
- */
-void
-p11_kit_iter_begin (P11KitIter *iter,
- CK_FUNCTION_LIST_PTR *modules)
-{
- int i;
-
- return_if_fail (modules != NULL);
-
- finish_iterating (iter, CKR_OK);
-
- /* Use this module */
- for (i = 0; modules[i] != NULL; i++) {
- if (!p11_array_push (iter->modules, modules[i]))
- return_if_reached ();
- }
-
- iter->iterating = 1;
- iter->searched = 1;
-}
-
-/**
- * p11_kit_iter_begin_with:
- * @iter: the iterator
- * @module: the module to iterate over
- * @slot: (allow-none): the slot to iterate objects in, or zero
- * @session: (allow-none): the session to search for objects on, or zero
- *
- * Begin iterating PKCS\#11 objects in the given @module.
- *
- * If @slot is non-zero then the iteration will be limited to that
- * slot.
- *
- * If @session is non-zero then the iteration will be limited to
- * objects visible through that session, which implies that they
- * are also limited to the slot which the session was opened for.
- */
-void
-p11_kit_iter_begin_with (P11KitIter *iter,
- CK_FUNCTION_LIST_PTR module,
- CK_SLOT_ID slot,
- CK_SESSION_HANDLE session)
-{
- CK_SESSION_INFO info;
- CK_RV rv;
-
- finish_iterating (iter, CKR_OK);
-
- return_if_fail (module != NULL);
-
- if (session != 0) {
- /*
- * A currently active session. Initialize as if we're ready
- * to search using this session.
- */
-
- /* If we have a session, but no slot, then look it up */
- if (slot == 0) {
- assert (module != NULL);
- rv = (module->C_GetSessionInfo) (session, &info);
- if (rv == CKR_OK)
- slot = info.slotID;
- }
-
- /* So initialize as if we're ready to search */
- iter->session = session;
- iter->slot = slot;
- iter->module = module;
- iter->keep_session = 1;
-
- } else if (slot != 0) {
-
- /*
- * Limit to this slot. Initialize as if we're ready to use the
- * slot from the slots list.
- */
-
- iter->module = module;
- iter->slots = realloc (iter->slots, sizeof (CK_SLOT_ID));
- return_if_fail (iter->slots != NULL);
- iter->slots[0] = slot;
- iter->num_slots = 1;
- iter->searched = 1;
-
- } else {
-
- /*
- * Limit to this module. Initialize as if we're ready to use
- * the module from the modules array.
- */
-
- assert (module != NULL);
- p11_array_push (iter->modules, module);
- iter->session = 0;
- iter->slot = 0;
- iter->searched = 1;
- }
-
- iter->iterating = 1;
-}
-
-static CK_RV
-call_all_filters (P11KitIter *iter,
- CK_BBOOL *matches)
-{
- Callback *cb;
- CK_RV rv;
-
- *matches = CK_TRUE;
-
- for (cb = iter->callbacks; cb != NULL; cb = cb->next) {
- rv = (cb->func) (iter, matches, cb->callback_data);
- if (rv != CKR_OK || !*matches)
- return rv;
- }
-
- return CKR_OK;
-}
-
-static CK_RV
-move_next_session (P11KitIter *iter)
-{
- CK_ULONG session_flags;
- CK_ULONG num_slots;
- CK_INFO minfo;
- CK_RV rv;
-
- finish_slot (iter);
-
- /* If we have no more slots, then move to next module */
- while (iter->saw_slots >= iter->num_slots) {
- finish_module (iter);
-
- /* Iter is finished */
- if (iter->modules->num == 0)
- return finish_iterating (iter, CKR_CANCEL);
-
- iter->module = iter->modules->elem[0];
- p11_array_remove (iter->modules, 0);
-
- /* Skip module if it doesn't match uri */
- assert (iter->module != NULL);
- rv = (iter->module->C_GetInfo) (&minfo);
- if (rv != CKR_OK || !p11_match_uri_module_info (&iter->match_module, &minfo))
- continue;
-
- rv = (iter->module->C_GetSlotList) (CK_TRUE, NULL, &num_slots);
- if (rv != CKR_OK)
- return finish_iterating (iter, rv);
-
- iter->slots = realloc (iter->slots, sizeof (CK_SLOT_ID) * (num_slots + 1));
- return_val_if_fail (iter->slots != NULL, CKR_HOST_MEMORY);
-
- rv = (iter->module->C_GetSlotList) (CK_TRUE, iter->slots, &num_slots);
- if (rv != CKR_OK)
- return finish_iterating (iter, rv);
-
- iter->num_slots = num_slots;
- assert (iter->saw_slots == 0);
- }
-
- /* Move to the next slot, and open a session on it */
- while (iter->saw_slots < iter->num_slots) {
- iter->slot = iter->slots[iter->saw_slots++];
-
- assert (iter->module != NULL);
- if (iter->match_slot_id != (CK_SLOT_ID)-1 && iter->slot != iter->match_slot_id)
- continue;
- rv = (iter->module->C_GetSlotInfo) (iter->slot, &iter->slot_info);
- if (rv != CKR_OK || !p11_match_uri_slot_info (&iter->match_slot, &iter->slot_info))
- continue;
- rv = (iter->module->C_GetTokenInfo) (iter->slot, &iter->token_info);
- if (rv != CKR_OK || !p11_match_uri_token_info (&iter->match_token, &iter->token_info))
- continue;
-
- session_flags = CKF_SERIAL_SESSION;
-
- /* Skip if the read/write on a read-only token */
- if (iter->want_writable && (iter->token_info.flags & CKF_WRITE_PROTECTED) == 0)
- session_flags |= CKF_RW_SESSION;
-
- rv = (iter->module->C_OpenSession) (iter->slot, session_flags,
- NULL, NULL, &iter->session);
- if (rv != CKR_OK)
- return finish_iterating (iter, rv);
-
- if (iter->session != 0)
- return CKR_OK;
- }
-
- /* Otherwise try again */
- return move_next_session (iter);
-}
-
-/**
- * p11_kit_iter_next:
- * @iter: the iterator
- *
- * Iterate to the next matching object.
- *
- * To access the object, session and so on, use the p11_kit_iter_get_object(),
- * p11_kit_iter_get_session(), and p11_kit_iter_get_module() functions.
- *
- * This call must only be called after either p11_kit_iter_begin()
- * or p11_kit_iter_begin_with() have been called.
- *
- * Objects which are skipped by callbacks will not be returned here
- * as matching objects.
- *
- * Returns: CKR_OK if an object matched, CKR_CANCEL if no more objects, or another error
- */
-CK_RV
-p11_kit_iter_next (P11KitIter *iter)
-{
- CK_ULONG batch;
- CK_ULONG count;
- CK_BBOOL matches;
- CK_RV rv;
-
- return_val_if_fail (iter->iterating, CKR_OPERATION_NOT_INITIALIZED);
-
- iter->object = 0;
-
- if (iter->match_nothing)
- return finish_iterating (iter, CKR_CANCEL);
-
- /*
- * If we have outstanding objects, then iterate one through those
- * Note that we pass each object through the filters, and only
- * assume it's iterated if it matches
- */
- while (iter->saw_objects < iter->num_objects) {
- iter->object = iter->objects[iter->saw_objects++];
-
- rv = call_all_filters (iter, &matches);
- if (rv != CKR_OK)
- return finish_iterating (iter, rv);
-
- if (matches)
- return CKR_OK;
- }
-
- /* If we have finished searching then move to next session */
- if (iter->searched) {
- rv = move_next_session (iter);
- if (rv != CKR_OK)
- return finish_iterating (iter, rv);
- }
-
- /* Ready to start searching */
- if (!iter->searching && !iter->searched) {
- count = p11_attrs_count (iter->match_attrs);
- rv = (iter->module->C_FindObjectsInit) (iter->session, iter->match_attrs, count);
- if (rv != CKR_OK)
- return finish_iterating (iter, rv);
- iter->searching = 1;
- iter->searched = 0;
- }
-
- /* If we have searched on this session then try to continue */
- if (iter->searching) {
- assert (iter->module != NULL);
- assert (iter->session != 0);
- iter->num_objects = 0;
- iter->saw_objects = 0;
-
- for (;;) {
- if (iter->max_objects - iter->num_objects == 0) {
- iter->max_objects = iter->max_objects ? iter->max_objects * 2 : 64;
- iter->objects = realloc (iter->objects, iter->max_objects * sizeof (CK_ULONG));
- return_val_if_fail (iter->objects != NULL, CKR_HOST_MEMORY);
- }
-
- batch = iter->max_objects - iter->num_objects;
- rv = (iter->module->C_FindObjects) (iter->session,
- iter->objects + iter->num_objects,
- batch, &count);
- if (rv != CKR_OK)
- return finish_iterating (iter, rv);
-
- iter->num_objects += count;
-
- /*
- * Done searching on this session, although there are still
- * objects outstanding, which will be returned on next
- * iterations.
- */
- if (batch != count) {
- iter->searching = 0;
- iter->searched = 1;
- (iter->module->C_FindObjectsFinal) (iter->session);
- break;
- }
-
- if (!iter->preload_results)
- break;
- }
- }
-
- /* Try again */
- return p11_kit_iter_next (iter);
-}
-
-/**
- * p11_kit_iter_get_module:
- * @iter: the iterator
- *
- * Get the module function pointers for the current matching object.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * Returns: the module which the current matching object is in
- */
-CK_FUNCTION_LIST_PTR
-p11_kit_iter_get_module (P11KitIter *iter)
-{
- return_val_if_fail (iter != NULL, NULL);
- return_val_if_fail (iter->iterating, 0);
- return iter->module;
-}
-
-/**
- * p11_kit_iter_get_slot:
- * @iter: the iterator
- *
- * Get the slot which the current matching object is on.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * Returns: the slot of the current matching object
- */
-CK_SLOT_ID
-p11_kit_iter_get_slot (P11KitIter *iter)
-{
- return_val_if_fail (iter != NULL, 0);
- return_val_if_fail (iter->iterating, 0);
- return iter->slot;
-}
-
-/**
- * p11_kit_iter_get_slot_info:
- * @iter: the iterator
- *
- * Get the slot info for the slot which the current matching object is on.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * Returns: the slot of the current matching object.
- */
-CK_SLOT_INFO *
-p11_kit_iter_get_slot_info (P11KitIter *iter)
-{
- return_val_if_fail (iter != NULL, NULL);
- return &iter->slot_info;
-}
-
-/**
- * p11_kit_iter_get_token:
- * @iter: the iterator
- *
- * Get the token info for the token which the current matching object is on.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * Returns: the slot of the current matching object.
- */
-CK_TOKEN_INFO *
-p11_kit_iter_get_token (P11KitIter *iter)
-{
- return_val_if_fail (iter != NULL, NULL);
- return &iter->token_info;
-}
-
-/**
- * p11_kit_iter_get_session:
- * @iter: the iterator
- *
- * Get the session which the current matching object is acessible
- * through.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * The session may be closed after the next p11_kit_iter_next() call
- * unless p11_kit_iter_keep_session() is called.
- *
- * Returns: the session used to find the current matching object
- */
-CK_SESSION_HANDLE
-p11_kit_iter_get_session (P11KitIter *iter)
-{
- return_val_if_fail (iter != NULL, 0);
- return_val_if_fail (iter->iterating, 0);
- return iter->session;
-}
-
-/**
- * p11_kit_iter_get_object:
- * @iter: the iterator
- *
- * Get the current matching object.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * Returns: the current matching object
- */
-CK_OBJECT_HANDLE
-p11_kit_iter_get_object (P11KitIter *iter)
-{
- return_val_if_fail (iter != NULL, 0);
- return iter->object;
-}
-
-/**
- * p11_kit_iter_destroy_object:
- * @iter: the iterator
- *
- * Destroy the current matching object.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * Returns: CKR_OK or a failure code
- */
-CK_RV
-p11_kit_iter_destroy_object (P11KitIter *iter)
-{
- return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR);
- return (iter->module->C_DestroyObject) (iter->session, iter->object);
-}
-
-/**
- * p11_kit_iter_get_attributes:
- * @iter: the iterator
- * @template: (array length=count) (inout): the attributes to get
- * @count: the number of attributes
- *
- * Get attributes for the current matching object.
- *
- * This calls <literal>C_GetAttributeValue</literal> for the object
- * currently iterated to. Return value and attribute memory behavior
- * is identical to the PKCS\#11 <literal>C_GetAttributeValue</literal>
- * function.
- *
- * You might choose to use p11_kit_iter_load_attributes() for a more
- * helpful variant.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * Returns: The result from <literal>C_GetAttributeValue</literal>.
- */
-CK_RV
-p11_kit_iter_get_attributes (P11KitIter *iter,
- CK_ATTRIBUTE *template,
- CK_ULONG count)
-{
- return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR);
- return_val_if_fail (iter->module != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (iter->session != 0, CKR_GENERAL_ERROR);
- return_val_if_fail (iter->object != 0, CKR_GENERAL_ERROR);
-
- return (iter->module->C_GetAttributeValue) (iter->session, iter->object,
- template, count);
-}
-
-/**
- * p11_kit_iter_load_attributes:
- * @iter: the iterator
- * @template: (array length=count) (inout): the attributes to load
- * @count: the number of attributes
- *
- * Retrieve attributes for the current matching object.
- *
- * Each attribute in the array will be filled in with the value
- * of that attribute retrieved from the object. After use the
- * attribute value memory pointed to by the <literal>pValue</literal>
- * of each attribute should be freed with the <literal>free<!-- -->()</literal>
- * function.
- *
- * If the <literal>pValue</literal> of an attribute is not %NULL passed
- * to this function, then it will be passed to
- * <literal>realloc<!-- -->()</literal> to allocate the correct amount
- * of space for the attribute value.
- *
- * If any attribute is not present on the object, or is sensitive and
- * cannot be retrieved, then the <literal>pValue</literal> will be NULL.
- * If <literal>pValue</literal> was not %NULL when passed to this function
- * then it will be freed with <literal>free<!-- -->()</literal>. In these
- * cases <literal>CKR_OK</literal> is returned.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * Returns: CKR_OK or a failure code
- */
-CK_RV
-p11_kit_iter_load_attributes (P11KitIter *iter,
- CK_ATTRIBUTE *template,
- CK_ULONG count)
-{
- CK_ATTRIBUTE *original = NULL;
- CK_ULONG i;
- CK_RV rv;
-
- return_val_if_fail (iter != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (iter->iterating, CKR_GENERAL_ERROR);
- return_val_if_fail (iter->module != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (iter->session != 0, CKR_GENERAL_ERROR);
- return_val_if_fail (iter->object != 0, CKR_GENERAL_ERROR);
-
- if (count == 0)
- return CKR_OK;
-
- original = memdup (template, count * sizeof (CK_ATTRIBUTE));
- return_val_if_fail (original != NULL, CKR_HOST_MEMORY);
-
- for (i = 0; i < count; i++)
- template[i].pValue = NULL;
-
- rv = (iter->module->C_GetAttributeValue) (iter->session, iter->object, template, count);
-
- switch (rv) {
- case CKR_OK:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_BUFFER_TOO_SMALL:
- break;
- default:
- free (original);
- return rv;
- }
-
- for (i = 0; i < count; i++) {
- if (template[i].ulValueLen == (CK_ULONG)-1 ||
- template[i].ulValueLen == 0) {
- free (original[i].pValue);
-
- } else if (original[i].pValue != NULL &&
- template[i].ulValueLen == original[i].ulValueLen) {
- template[i].pValue = original[i].pValue;
-
- } else {
- template[i].pValue = realloc (original[i].pValue, template[i].ulValueLen);
- return_val_if_fail (template[i].pValue != NULL, CKR_HOST_MEMORY);
- }
- }
-
- free (original);
-
- rv = (iter->module->C_GetAttributeValue) (iter->session, iter->object, template, count);
-
- switch (rv) {
- case CKR_OK:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_ATTRIBUTE_SENSITIVE:
- rv = CKR_OK;
- break;
- default:
- return_val_if_fail (rv != CKR_BUFFER_TOO_SMALL, rv);
- return rv;
- }
-
- for (i = 0; i < count; i++) {
- if (template[i].ulValueLen == (CK_ULONG)-1 ||
- template[i].ulValueLen == 0) {
- free (template[i].pValue);
- template[i].pValue = NULL;
- }
- }
-
- return rv;
-}
-
-/**
- * p11_kit_iter_keep_session:
- * @iter: the iterator
- *
- * After calling this function the session open for iterating
- * the current object will not be automatically closed by
- * the iterator after later calls to p11_kit_iter_next() or
- * p11_kit_iter_free().
- *
- * It is the callers responsibility to close this session,
- * after the iterator has been freed. The session may still be
- * used by the iterator if further iterations are performed.
- *
- * This can only be called after p11_kit_iter_next() succeeds.
- *
- * Returns: the current session
- */
-CK_SESSION_HANDLE
-p11_kit_iter_keep_session (P11KitIter *iter)
-{
- return_val_if_fail (iter != NULL, 0);
- return_val_if_fail (iter->iterating, 0);
- return_val_if_fail (iter->session != 0, 0);
-
- iter->keep_session = 1;
- return iter->session;
-}
-
-/**
- * p11_kit_iter_free:
- * @iter: the iterator
- *
- * Frees the iterator and all resources, such as sessions
- * or callbacks held by the iterator.
- */
-void
-p11_kit_iter_free (P11KitIter *iter)
-{
- Callback *cb, *next;
-
- if (iter == NULL)
- return;
-
- finish_iterating (iter, CKR_OK);
- p11_array_free (iter->modules);
- p11_attrs_free (iter->match_attrs);
- free (iter->objects);
- free (iter->slots);
-
- for (cb = iter->callbacks; cb != NULL; cb = next) {
- next = cb->next;
- if (cb->destroyer)
- (cb->destroyer) (cb->callback_data);
- free (cb);
- }
-
- free (iter);
-}
diff --git a/p11-kit/iter.h b/p11-kit/iter.h
deleted file mode 100644
index 3f51041..0000000
--- a/p11-kit/iter.h
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat, Inc
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_KIT_ITER_H
-#define P11_KIT_ITER_H
-
-#include "p11-kit/p11-kit.h"
-#include "p11-kit/pkcs11.h"
-#include "p11-kit/uri.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef P11_KIT_FUTURE_UNSTABLE_API
-
-typedef struct p11_kit_iter P11KitIter;
-typedef P11KitIter p11_kit_iter;
-
-typedef enum {
- P11_KIT_ITER_BUSY_SESSIONS = 1 << 1,
- P11_KIT_ITER_WANT_WRITABLE = 1 << 2,
-} P11KitIterBehavior;
-
-typedef CK_RV (* p11_kit_iter_callback) (P11KitIter *iter,
- CK_BBOOL *matches,
- void *data);
-
-P11KitIter * p11_kit_iter_new (P11KitUri *uri,
- P11KitIterBehavior behavior);
-
-void p11_kit_iter_free (P11KitIter *iter);
-
-void p11_kit_iter_add_callback (P11KitIter *iter,
- p11_kit_iter_callback callback,
- void *callback_data,
- p11_kit_destroyer callback_destroy);
-
-void p11_kit_iter_add_filter (P11KitIter *iter,
- CK_ATTRIBUTE *matching,
- CK_ULONG count);
-
-void p11_kit_iter_set_uri (P11KitIter *iter,
- P11KitUri *uri);
-
-void p11_kit_iter_begin (P11KitIter *iter,
- CK_FUNCTION_LIST_PTR *modules);
-
-void p11_kit_iter_begin_with (P11KitIter *iter,
- CK_FUNCTION_LIST_PTR module,
- CK_SLOT_ID slot,
- CK_SESSION_HANDLE session);
-
-CK_RV p11_kit_iter_next (P11KitIter *iter);
-
-CK_FUNCTION_LIST_PTR p11_kit_iter_get_module (P11KitIter *iter);
-
-CK_SLOT_ID p11_kit_iter_get_slot (P11KitIter *iter);
-
-CK_SLOT_INFO * p11_kit_iter_get_slot_info (P11KitIter *iter);
-
-CK_TOKEN_INFO * p11_kit_iter_get_token (P11KitIter *iter);
-
-CK_SESSION_HANDLE p11_kit_iter_get_session (P11KitIter *iter);
-
-CK_OBJECT_HANDLE p11_kit_iter_get_object (P11KitIter *iter);
-
-CK_RV p11_kit_iter_get_attributes (P11KitIter *iter,
- CK_ATTRIBUTE *template,
- CK_ULONG count);
-
-CK_RV p11_kit_iter_load_attributes (P11KitIter *iter,
- CK_ATTRIBUTE *template,
- CK_ULONG count);
-
-CK_SESSION_HANDLE p11_kit_iter_keep_session (P11KitIter *iter);
-
-CK_RV p11_kit_iter_destroy_object (P11KitIter *iter);
-
-#endif /* P11_KIT_FUTURE_UNSTABLE_API */
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* P11_KIT_ITER_H */
diff --git a/p11-kit/lists.c b/p11-kit/lists.c
deleted file mode 100644
index 5804be2..0000000
--- a/p11-kit/lists.c
+++ /dev/null
@@ -1,290 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#include "debug.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "message.h"
-#include "p11-kit.h"
-#include "tool.h"
-#include "uri.h"
-
-int p11_kit_list_modules (int argc,
- char *argv[]);
-
-bool verbose = false;
-
-static const char HEXC_LOWER[] = "0123456789abcdef";
-
-static char *
-hex_encode (const unsigned char *data,
- size_t n_data)
-{
- char *result;
- size_t i;
- size_t o;
-
- result = malloc (n_data * 3 + 1);
- if (result == NULL)
- return NULL;
-
- for (i = 0, o = 0; i < n_data; i++) {
- if (i > 0)
- result[o++] = ':';
- result[o++] = HEXC_LOWER[data[i] >> 4 & 0xf];
- result[o++] = HEXC_LOWER[data[i] & 0xf];
- }
-
- result[o] = 0;
- return result;
-}
-
-static bool
-is_ascii_string (const unsigned char *data,
- size_t n_data)
-{
- size_t i;
-
- for (i = 0; i < n_data; i++) {
- if (!isascii (data[i]) &&
- (data[i] < 0x20 && !isspace (data[i])))
- return false;
- }
-
- return true;
-}
-
-static void
-print_token_info (CK_FUNCTION_LIST_PTR module, CK_SLOT_ID slot_id)
-{
- CK_TOKEN_INFO info;
- char *value;
- CK_RV rv;
-
- rv = (module->C_GetTokenInfo) (slot_id, &info);
- if (rv != CKR_OK) {
- p11_message ("couldn't load module info: %s", p11_kit_strerror (rv));
- return;
- }
-
- value = p11_kit_space_strdup (info.label, sizeof (info.label));
- printf (" token: %s\n", value);
- free (value);
-
- value = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID));
- printf (" manufacturer: %s\n", value);
- free (value);
-
- value = p11_kit_space_strdup (info.model, sizeof (info.model));
- printf (" model: %s\n", value);
- free (value);
-
- if (is_ascii_string (info.serialNumber, sizeof (info.serialNumber)))
- value = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber));
- else
- value = hex_encode (info.serialNumber, sizeof (info.serialNumber));
- printf (" serial-number: %s\n", value);
- free (value);
-
- if (info.hardwareVersion.major || info.hardwareVersion.minor)
- printf (" hardware-version: %d.%d\n",
- info.hardwareVersion.major,
- info.hardwareVersion.minor);
-
- if (info.firmwareVersion.major || info.firmwareVersion.minor)
- printf (" firmware-version: %d.%d\n",
- info.firmwareVersion.major,
- info.firmwareVersion.minor);
-
- printf (" flags:\n");
- #define X(x, y) if (info.flags & (x)) printf (" %s\n", (y))
- X(CKF_RNG, "rng");
- X(CKF_WRITE_PROTECTED, "write-protected");
- X(CKF_LOGIN_REQUIRED, "login-required");
- X(CKF_USER_PIN_INITIALIZED, "user-pin-initialized");
- X(CKF_RESTORE_KEY_NOT_NEEDED, "restore-key-not-needed");
- X(CKF_CLOCK_ON_TOKEN, "clock-on-token");
- X(CKF_PROTECTED_AUTHENTICATION_PATH, "protected-authentication-path");
- X(CKF_DUAL_CRYPTO_OPERATIONS, "dual-crypto-operations");
- X(CKF_TOKEN_INITIALIZED, "token-initialized");
- X(CKF_SECONDARY_AUTHENTICATION, "secondary-authentication");
- X(CKF_USER_PIN_COUNT_LOW, "user-pin-count-low");
- X(CKF_USER_PIN_FINAL_TRY, "user-pin-final-try");
- X(CKF_USER_PIN_LOCKED, "user-pin-locked");
- X(CKF_USER_PIN_TO_BE_CHANGED, "user-pin-to-be-changed");
- X(CKF_SO_PIN_COUNT_LOW, "so-pin-count-low");
- X(CKF_SO_PIN_FINAL_TRY, "so-pin-final-try");
- X(CKF_SO_PIN_LOCKED, "so-pin-locked");
- X(CKF_SO_PIN_TO_BE_CHANGED, "so-pin-to-be-changed");
- #undef X
-}
-
-static void
-print_module_info (CK_FUNCTION_LIST_PTR module)
-{
- CK_SLOT_ID slot_list[256];
- CK_ULONG i, count;
- CK_INFO info;
- char *value;
- CK_RV rv;
-
- rv = (module->C_GetInfo) (&info);
- if (rv != CKR_OK) {
- p11_message ("couldn't load module info: %s", p11_kit_strerror (rv));
- return;
- }
-
- value = p11_kit_space_strdup (info.libraryDescription,
- sizeof (info.libraryDescription));
- printf (" library-description: %s\n", value);
- free (value);
-
- value = p11_kit_space_strdup (info.manufacturerID,
- sizeof (info.manufacturerID));
- printf (" library-manufacturer: %s\n", value);
- free (value);
-
- printf (" library-version: %d.%d\n",
- info.libraryVersion.major,
- info.libraryVersion.minor);
-
- count = sizeof (slot_list) / sizeof (slot_list[0]);
- rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count);
- if (rv != CKR_OK) {
- p11_message ("couldn't load module info: %s", p11_kit_strerror (rv));
- return;
- }
-
- for (i = 0; i < count; i++)
- print_token_info (module, slot_list[i]);
-}
-
-static int
-print_modules (void)
-{
- CK_FUNCTION_LIST_PTR *module_list;
- char *name;
- char *path;
- int i;
-
- module_list = p11_kit_modules_load_and_initialize (0);
- if (!module_list)
- return 1;
-
- for (i = 0; module_list[i]; i++) {
- name = p11_kit_module_get_name (module_list[i]);
- path = p11_kit_config_option (module_list[i], "module");
-
- printf ("%s: %s\n",
- name ? name : "(null)",
- path ? path : "(null)");
- print_module_info (module_list[i]);
-
- free (name);
- free (path);
- }
-
- p11_kit_modules_finalize_and_release (module_list);
- return 0;
-}
-
-int
-p11_kit_list_modules (int argc,
- char *argv[])
-{
- int opt;
-
- enum {
- opt_verbose = 'v',
- opt_quiet = 'q',
- opt_list = 'l',
- opt_help = 'h',
- };
-
- struct option options[] = {
- { "verbose", no_argument, NULL, opt_verbose },
- { "quiet", no_argument, NULL, opt_quiet },
- { "list", no_argument, NULL, opt_list },
- { "help", no_argument, NULL, opt_help },
- { 0 },
- };
-
- p11_tool_desc usages[] = {
- { 0, "usage: p11-kit list" },
- { opt_verbose, "show verbose debug output", },
- { opt_quiet, "suppress command output", },
- { 0 },
- };
-
- while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
- switch (opt) {
-
- case opt_verbose:
- p11_kit_be_loud ();
- break;
-
- case opt_quiet:
- p11_kit_be_quiet ();
- break;
-
- case opt_list:
- break;
-
- case opt_help:
- p11_tool_usage (usages, options);
- return 0;
- case '?':
- return 2;
- default:
- assert_not_reached ();
- break;
- }
- }
-
- if (argc - optind != 0) {
- p11_message ("extra arguments specified");
- return 2;
- }
-
- return print_modules ();
-}
diff --git a/p11-kit/log.c b/p11-kit/log.c
deleted file mode 100644
index 19377b2..0000000
--- a/p11-kit/log.c
+++ /dev/null
@@ -1,2022 +0,0 @@
-/*
- * Copyright (c) 2007, Stefan Walter
- * Copyright (c) 2013, Red Hat Inc.
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stef@memberwebs.com>
- */
-
-#include "config.h"
-
-#include "attrs.h"
-#include "buffer.h"
-#include "constants.h"
-#include "debug.h"
-#include "log.h"
-#include "p11-kit.h"
-#include "virtual.h"
-
-#include <sys/types.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdarg.h>
-
-bool p11_log_force = false;
-bool p11_log_output = true;
-
-typedef struct {
- p11_virtual virt;
- CK_X_FUNCTION_LIST *lower;
- p11_destroyer destroyer;
-} LogData;
-
-#define LOG_FLAG(buf, flags, had, flag) \
- if ((flags & flag) == flag) { \
- p11_buffer_add (buf, had ? " | " : " = ", 3); \
- p11_buffer_add (buf, #flag, -1); \
- had++; \
- }
-
-static void
-log_CKM (p11_buffer *buf,
- CK_MECHANISM_TYPE v)
-{
- char temp[32];
- const char *string;
-
- string = p11_constant_name (p11_constant_mechanisms, v);
- if (string == NULL) {
- snprintf (temp, sizeof (temp), "CKM_0x%08lX", v);
- p11_buffer_add (buf, temp, -1);
- } else {
- p11_buffer_add (buf, string, -1);
- }
-}
-
-static void
-log_CKS (p11_buffer *buf,
- CK_STATE v)
-{
- char temp[32];
- const char *string;
-
- string = p11_constant_name (p11_constant_states, v);
- if (string == NULL) {
- snprintf (temp, sizeof (temp), "CKS_0x%08lX", v);
- p11_buffer_add (buf, temp, -1);
- } else {
- p11_buffer_add (buf, string, -1);
- }
-}
-
-static void
-log_CKU (p11_buffer *buf,
- CK_USER_TYPE v)
-{
- char temp[32];
- const char *string;
-
- string = p11_constant_name (p11_constant_users, v);
- if (string == NULL) {
- snprintf (temp, sizeof (temp), "CKU_0x%08lX", v);
- p11_buffer_add (buf, temp, -1);
- } else {
- p11_buffer_add (buf, string, -1);
- }
-}
-
-static void
-log_CKR (p11_buffer *buf,
- CK_RV v)
-{
- char temp[32];
- const char *string;
-
- string = p11_constant_name (p11_constant_returns, v);
- if (string == NULL) {
- snprintf (temp, sizeof (temp), "CKR_0x%08lX", v);
- p11_buffer_add (buf, temp, -1);
- } else {
- p11_buffer_add (buf, string, -1);
- }
-}
-
-static void
-log_some_bytes (p11_buffer *buf,
- CK_BYTE_PTR arr,
- CK_ULONG num)
-{
- CK_ULONG i;
- char temp[128];
- char *p, *e;
- CK_BYTE ch;
-
- if(!arr) {
- p11_buffer_add (buf, "NULL", 4);
- return;
- } else if (num == (CK_ULONG)-1) {
- p11_buffer_add (buf, "????", 4);
- return;
- }
-
- temp[0] = '\"';
- p = temp + 1;
- e = temp + (sizeof (temp) - 8);
-
- for(i = 0; i < num && p < e; ++i, ++p) {
- ch = arr[i];
- if (ch == '\t') {
- p[0] = '\\'; p[1] = 't';
- ++p;
- } else if (ch == '\n') {
- p[0] = '\\'; p[1] = 'n';
- ++p;
- } else if (ch == '\r') {
- p[0] = '\\'; p[1] = 'r';
- ++p;
- } else if (ch >= 32 && ch < 127) {
- *p = ch;
- } else {
- p[0] = '\\';
- p[1] = 'x';
- sprintf(p + 2, "%02X", ch);
- p += 3;
- }
- }
-
- *p = 0;
- if (p >= e)
- strcpy (e, "...");
- strcat (p, "\"");
- p11_buffer_add (buf, temp, -1);
-}
-
-static void
-log_pointer (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_VOID_PTR val,
- CK_RV status)
-{
- char temp[32];
-
- if (status != CKR_OK)
- return;
-
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- if (val == NULL) {
- p11_buffer_add (buf, "NULL\n", 5);
- } else {
- snprintf (temp, sizeof (temp), "0x%08lX\n", (unsigned long)(size_t)val);
- p11_buffer_add (buf, temp, -1);
- }
-}
-
-static void
-log_attribute_types (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_ATTRIBUTE_PTR arr,
- CK_ULONG num,
- CK_RV status)
-{
- const char *string;
- char temp[32];
- CK_ULONG i;
-
- if (status == CKR_BUFFER_TOO_SMALL) {
- arr = NULL;
- status = CKR_OK;
- }
- if (status != CKR_OK)
- return;
-
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- if (arr == NULL) {
- snprintf (temp, sizeof (temp), "(%lu) NONE\n", num);
- p11_buffer_add (buf, temp, -1);
- } else {
- snprintf (temp, sizeof (temp), "(%lu) [ ", num);
- p11_buffer_add (buf, temp, -1);
- for (i = 0; i < num; i++) {
- if (i > 0)
- p11_buffer_add (buf, ", ", 2);
- string = p11_constant_name (p11_constant_types, arr[i].type);
- if (string != NULL) {
- p11_buffer_add (buf, string, -1);
- } else {
- snprintf (temp, sizeof (temp), "CKA_0x%08lX", arr[i].type);
- p11_buffer_add (buf, temp, -1);
- }
- }
-
- p11_buffer_add (buf, " ]\n", 3);
- }
-}
-
-static void
-log_attribute_array (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_ATTRIBUTE_PTR arr,
- CK_ULONG num,
- CK_RV status)
-{
- char temp[32];
-
- if (status == CKR_BUFFER_TOO_SMALL) {
- arr = NULL;
- status = CKR_OK;
- }
- if (status != CKR_OK)
- return;
-
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- if (arr == NULL) {
- snprintf (temp, sizeof (temp), "(%lu) NONE\n", num);
- p11_buffer_add (buf, temp, -1);
- } else {
- p11_attrs_format (buf, arr, num);
- p11_buffer_add (buf, "\n", 1);
- }
-}
-
-static void
-log_bool (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_BBOOL val,
- CK_RV status)
-{
- if (status == CKR_OK) {
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- p11_buffer_add (buf, val ? "CK_TRUE" : "CK_FALSE", -1);
- p11_buffer_add (buf, "\n", 1);
- }
-}
-
-static void
-log_byte_array (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_BYTE_PTR arr,
- CK_ULONG_PTR num,
- CK_RV status)
-{
- char temp[32];
-
- if (status == CKR_BUFFER_TOO_SMALL) {
- arr = NULL;
- status = CKR_OK;
- }
-
- if (status != CKR_OK)
- return;
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- if (num == NULL) {
- p11_buffer_add (buf, "(?) NOTHING\n", -1);
- } else if (arr == NULL) {
- snprintf (temp, sizeof (temp), "(%lu) NOTHING\n", *num);
- p11_buffer_add (buf, temp, -1);
- } else {
- snprintf (temp, sizeof (temp), "(%lu) ", *num);
- p11_buffer_add (buf, temp, -1);
- log_some_bytes (buf, arr, *num);
- p11_buffer_add (buf, "\n", 1);
- }
-}
-
-static void
-log_info (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_INFO_PTR info,
- CK_RV status)
-{
- char temp[32];
-
- if (status != CKR_OK)
- return;
- if (info == NULL) {
- log_pointer (buf, pref, name, info, status);
- } else {
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = {\n", 5);
- p11_buffer_add (buf, "\tcryptokiVersion: ", -1);
- snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->cryptokiVersion.major,
- (unsigned int)info->cryptokiVersion.minor);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tmanufacturerID: \"", -1);
- p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID)));
- p11_buffer_add (buf, "\"\n\tflags: ", -1);
- snprintf (temp, sizeof (temp), "%lX", info->flags);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tlibraryDescription: \"", -1);
- p11_buffer_add (buf, info->libraryDescription, p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription)));
- p11_buffer_add (buf, "\"\n\tlibraryVersion: ", -1);
- snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->libraryVersion.major,
- (unsigned int)info->libraryVersion.minor);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n }\n", -1);
- }
-}
-
-static void
-log_pInitArgs (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_VOID_PTR pInitArgs,
- CK_RV status)
-{
- char temp[32];
- int had = 0;
-
- if (status != CKR_OK)
- return;
- if (pInitArgs == NULL)
- log_pointer (buf, pref, name, pInitArgs, status);
- else {
- CK_C_INITIALIZE_ARGS *args = (CK_C_INITIALIZE_ARGS*)pInitArgs;
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = {\n", 5);
- p11_buffer_add (buf, "\tCreateMutex: ", -1);
- snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->CreateMutex);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tDestroyMutex: ", -1);
- snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->DestroyMutex);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tLockMutex: ", -1);
- snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->LockMutex);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tUnlockMutex: ", -1);
- snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->UnlockMutex);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tflags: ", -1);
- snprintf (temp, sizeof (temp), "%lX", args->flags);
- LOG_FLAG (buf, args->flags, had, CKF_OS_LOCKING_OK);
- p11_buffer_add (buf, "\n\treserved: ", -1);
- snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->pReserved);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n }\n", -1);
- }
-}
-
-static void
-log_mechanism_info (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_MECHANISM_INFO_PTR info,
- CK_RV status)
-{
- char temp[32];
- int had = 0;
-
- if (status != CKR_OK)
- return;
- if (info == NULL) {
- log_pointer (buf, pref, name, info, status);
- } else {
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = {\n", 5);
- p11_buffer_add (buf, "\tulMinKeySize: ", -1);
- snprintf (temp, sizeof (temp), "%lu", info->ulMinKeySize);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tulMaxKeySize: ", -1);
- snprintf (temp, sizeof (temp), "%lu", info->ulMaxKeySize);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tflags: ", -1);
- snprintf (temp, sizeof (temp), "%lX", info->flags);
- p11_buffer_add (buf, temp, -1);
- LOG_FLAG (buf, info->flags, had, CKF_HW);
- LOG_FLAG (buf, info->flags, had, CKF_ENCRYPT);
- LOG_FLAG (buf, info->flags, had, CKF_DECRYPT);
- LOG_FLAG (buf, info->flags, had, CKF_DIGEST);
- LOG_FLAG (buf, info->flags, had, CKF_SIGN);
- LOG_FLAG (buf, info->flags, had, CKF_SIGN_RECOVER);
- LOG_FLAG (buf, info->flags, had, CKF_VERIFY);
- LOG_FLAG (buf, info->flags, had, CKF_VERIFY_RECOVER);
- LOG_FLAG (buf, info->flags, had, CKF_GENERATE);
- LOG_FLAG (buf, info->flags, had, CKF_GENERATE_KEY_PAIR);
- LOG_FLAG (buf, info->flags, had, CKF_WRAP);
- LOG_FLAG (buf, info->flags, had, CKF_UNWRAP);
- LOG_FLAG (buf, info->flags, had, CKF_DERIVE);
- LOG_FLAG (buf, info->flags, had, CKF_EXTENSION);
- p11_buffer_add (buf, "\n }\n", -1);
- }
-}
-
-static void
-log_mechanism (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_MECHANISM_PTR mech,
- CK_RV status)
-{
- char temp[32];
-
- if (status != CKR_OK)
- return;
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = {\n", 5);
- p11_buffer_add (buf, "\tmechanism: ", -1);
- log_CKM (buf, mech->mechanism);
- p11_buffer_add (buf, "\n\tpParameter: ", -1);
- snprintf (temp, sizeof (temp), "(%lu) ", mech->ulParameterLen);
- p11_buffer_add (buf, temp, -1);
- log_some_bytes (buf, mech->pParameter, mech->ulParameterLen);
- p11_buffer_add (buf, "\n }\n", -1);
-}
-
-static void
-log_mechanism_type (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_MECHANISM_TYPE val,
- CK_RV status)
-{
- if (status != CKR_OK)
- return;
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- log_CKM (buf, val);
- p11_buffer_add (buf, "\n", 1);
-}
-
-static void
-log_mechanism_type_array (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_MECHANISM_TYPE_PTR arr,
- CK_ULONG_PTR num,
- CK_RV status)
-{
- char temp[32];
- CK_ULONG i;
-
- if (status == CKR_BUFFER_TOO_SMALL) {
- arr = NULL;
- status = CKR_OK;
- }
- if (status != CKR_OK)
- return;
-
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- if (num == NULL) {
- p11_buffer_add (buf, "(?) NO-VALUES\n", -1);
- } else if (arr == NULL) {
- snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num);
- p11_buffer_add (buf, temp, -1);
- } else {
- snprintf (temp, sizeof (temp), "(%lu) [ ", *num);
- p11_buffer_add (buf, temp, -1);
- for(i = 0; i < *num; ++i) {
- if (i > 0)
- p11_buffer_add (buf, ", ", 2);
- log_CKM (buf, arr[i]);
- }
- p11_buffer_add (buf, " ]\n", 3);
- }
-}
-
-static void
-log_session_info (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_SESSION_INFO_PTR info,
- CK_RV status)
-{
- char temp[32];
- int had = 0;
-
- if (status != CKR_OK)
- return;
- if (info == NULL) {
- log_pointer (buf, pref, name, info, status);
- } else {
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = {\n", 5);
- p11_buffer_add (buf, "\tslotID: ", -1);
- snprintf (temp, sizeof (temp), "SL%lu", info->slotID);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tstate: ", -1);
- log_CKS (buf, info->state);
- p11_buffer_add (buf, "\n\tflags: ", -1);
- snprintf (temp, sizeof (temp), "%lX", info->flags);
- p11_buffer_add (buf, temp, -1);
- LOG_FLAG (buf, info->flags, had, CKF_SERIAL_SESSION);
- LOG_FLAG (buf, info->flags, had, CKF_RW_SESSION);
- p11_buffer_add (buf, "\n\tulDeviceError: ", -1);
- snprintf (temp, sizeof (temp), "%lu", info->ulDeviceError);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n }\n", -1);
- }
-}
-
-static void
-log_slot_info (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_SLOT_INFO_PTR info,
- CK_RV status)
-{
- char temp[32];
- int had = 0;
-
- if (status != CKR_OK)
- return;
- if (info == NULL) {
- log_pointer (buf, pref, name, info, status);
- } else {
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = {\n", 5);
- p11_buffer_add (buf, "\tslotDescription: \"", -1);
- p11_buffer_add (buf, info->slotDescription, p11_kit_space_strlen (info->slotDescription, sizeof (info->slotDescription)));
- p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1);
- p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID)));
- p11_buffer_add (buf, "\"\n\tflags: ", -1);
- snprintf (temp, sizeof (temp), "%lu", info->flags);
- p11_buffer_add (buf, temp, -1);
- LOG_FLAG (buf, info->flags, had, CKF_TOKEN_PRESENT);
- LOG_FLAG (buf, info->flags, had, CKF_REMOVABLE_DEVICE);
- LOG_FLAG (buf, info->flags, had, CKF_HW_SLOT);
- p11_buffer_add (buf, "\n\thardwareVersion: ", -1);
- snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major,
- (unsigned int)info->hardwareVersion.minor);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1);
- snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major,
- (unsigned int)info->firmwareVersion.minor);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n }\n", -1);
- }
-}
-
-static void
-log_string (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_UTF8CHAR_PTR str,
- const CK_RV status)
-{
- if (status != CKR_OK)
- return;
- if (str == NULL) {
- log_pointer (buf, pref, name, str, status);
- } else {
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = \"", 4);
- p11_buffer_add (buf, str, -1);
- p11_buffer_add (buf, "\"\n", 2);
- }
-}
-
-static void
-log_token_number (p11_buffer *buf,
- CK_ULONG number)
-{
- char temp[32];
-
- if (number == 0) {
- p11_buffer_add (buf, "CK_UNAVAILABLE_INFORMATION", -1);
- } else if (number == (CK_ULONG)-1) {
- p11_buffer_add (buf, "CK_EFFECTIVELY_INFINITE", -1);
- } else {
- snprintf (temp, sizeof (temp), "%lu", number);
- p11_buffer_add (buf, temp, -1);
- }
-}
-
-static void
-log_token_info (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_TOKEN_INFO_PTR info,
- CK_RV status)
-{
- char temp[32];
- int had = 0;
-
- if (status != CKR_OK)
- return;
- if (info == NULL) {
- log_pointer (buf, pref, name, info, status);
- } else {
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = {\n", 5);
- p11_buffer_add (buf, "\tlabel: \"", -1);
- p11_buffer_add (buf, info->label, p11_kit_space_strlen (info->label, sizeof (info->label)));
- p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1);
- p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID)));
- p11_buffer_add (buf, "\"\n\tmodel: \"", -1);
- p11_buffer_add (buf, info->model, p11_kit_space_strlen (info->model, sizeof (info->model)));
- p11_buffer_add (buf, "\"\n\tserialNumber: \"", -1);
- p11_buffer_add (buf, info->serialNumber, p11_kit_space_strlen (info->serialNumber, sizeof (info->serialNumber)));
- p11_buffer_add (buf, "\"\n\tflags: ", -1);
- snprintf (temp, sizeof (temp), "%lu", info->flags);
- p11_buffer_add (buf, temp, -1);
- LOG_FLAG (buf, info->flags, had, CKF_RNG);
- LOG_FLAG (buf, info->flags, had, CKF_WRITE_PROTECTED);
- LOG_FLAG (buf, info->flags, had, CKF_LOGIN_REQUIRED);
- LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_INITIALIZED);
- LOG_FLAG (buf, info->flags, had, CKF_RESTORE_KEY_NOT_NEEDED);
- LOG_FLAG (buf, info->flags, had, CKF_CLOCK_ON_TOKEN);
- LOG_FLAG (buf, info->flags, had, CKF_PROTECTED_AUTHENTICATION_PATH);
- LOG_FLAG (buf, info->flags, had, CKF_DUAL_CRYPTO_OPERATIONS);
- LOG_FLAG (buf, info->flags, had, CKF_TOKEN_INITIALIZED);
- LOG_FLAG (buf, info->flags, had, CKF_SECONDARY_AUTHENTICATION);
- LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_COUNT_LOW);
- LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_FINAL_TRY);
- LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_LOCKED);
- LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_TO_BE_CHANGED);
- LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_COUNT_LOW);
- LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_FINAL_TRY);
- LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_LOCKED);
- LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_TO_BE_CHANGED);
- if (!had) {
- snprintf (temp, sizeof (temp), "%lu", info->flags);
- p11_buffer_add (buf, temp, -1);
- }
-
- p11_buffer_add (buf, "\n\tulMaxSessionCount: ", -1);
- log_token_number (buf, info->ulMaxSessionCount);
- p11_buffer_add (buf, "\n\tulSessionCount: ", -1);
- snprintf (temp, sizeof (temp), "%lu", info->ulSessionCount);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tulMaxRwSessionCount: ", -1);
- log_token_number (buf, info->ulMaxSessionCount);
- p11_buffer_add (buf, "\n\tulRwSessionCount: ", -1);
- snprintf (temp, sizeof (temp), "%lu", info->ulRwSessionCount);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tulMaxPinLen: ", -1);
- snprintf (temp, sizeof (temp), "%lu", info->ulMaxPinLen);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tulMinPinLen: ", -1);
- snprintf (temp, sizeof (temp), "%lu", info->ulMinPinLen);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tulTotalPublicMemory: ", -1);
- log_token_number (buf, info->ulMaxSessionCount);
- p11_buffer_add (buf, "\n\tulFreePublicMemory: ", -1);
- log_token_number (buf, info->ulMaxSessionCount);
- p11_buffer_add (buf, "\n\tulTotalPrivateMemory: ", -1);
- log_token_number (buf, info->ulMaxSessionCount);
- p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1);
- log_token_number (buf, info->ulMaxSessionCount);
- p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1);
- log_token_number (buf, info->ulMaxSessionCount);
- p11_buffer_add (buf, "\n\thardwareVersion: ", -1);
- snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major,
- (unsigned int)info->hardwareVersion.minor);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1);
- snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major,
- (unsigned int)info->firmwareVersion.minor);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n\tutcTime: ", -1);
- p11_buffer_add (buf, (info->flags & CKF_CLOCK_ON_TOKEN) ? (const char*)info->utcTime : "", -1);
- p11_buffer_add (buf, "\n }\n", -1);
- }
-}
-
-static void
-log_ulong (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_ULONG val,
- const char* npref,
- CK_RV status)
-{
- char temp[32];
-
- if (!npref)
- npref = "";
- if (status == CKR_OK) {
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- p11_buffer_add (buf, npref, -1);
- snprintf (temp, sizeof (temp), "%lu", val);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n", 1);
- }
-}
-
-static void
-log_ulong_array (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_ULONG_PTR arr,
- CK_ULONG_PTR num,
- const char *npref,
- CK_RV status)
-{
- char temp[32];
- CK_ULONG i;
-
- if (status == CKR_BUFFER_TOO_SMALL) {
- arr = NULL;
- status = CKR_OK;
- }
-
- if (status != CKR_OK)
- return;
- if (npref == NULL)
- npref = "";
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- if (num == NULL) {
- p11_buffer_add (buf, "(?) NO-VALUES\n", -1);
- } else if (arr == NULL) {
- snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num);
- p11_buffer_add (buf, temp, -1);
- } else {
- snprintf (temp, sizeof (temp), "(%lu) [ ", *num);
- p11_buffer_add (buf, temp, -1);
- for (i = 0; i < *num; ++i) {
- if (i > 0)
- p11_buffer_add (buf, ", ", 2);
- p11_buffer_add (buf, npref, -1);
- snprintf (temp, sizeof (temp), "%lu", arr[i]);
- p11_buffer_add (buf, temp, -1);
- }
- p11_buffer_add (buf, " ]\n", 3);
- }
-}
-
-static void
-log_ulong_pointer (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_ULONG_PTR val,
- const char *npref,
- CK_RV status)
-{
- char temp[32];
-
- if (status != CKR_OK)
- return;
- if (npref == NULL)
- npref = "";
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- if (val == NULL) {
- p11_buffer_add (buf, "NULL\n", 5);
- } else {
- snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)val);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, " = ", 3);
- p11_buffer_add (buf, npref, -1);
- snprintf (temp, sizeof (temp), "%lu", *val);
- p11_buffer_add (buf, temp, -1);
- p11_buffer_add (buf, "\n", 1);
- }
-}
-
-static void
-log_user_type (p11_buffer *buf,
- const char *pref,
- const char *name,
- CK_USER_TYPE val,
- CK_RV status)
-{
- if (status != CKR_OK)
- return;
- p11_buffer_add (buf, pref, -1);
- p11_buffer_add (buf, name, -1);
- p11_buffer_add (buf, " = ", 3);
- log_CKU (buf, val);
- p11_buffer_add (buf, "\n", 1);
-}
-
-static void
-flush_buffer (p11_buffer *buf)
-{
- if (p11_log_output) {
- fwrite (buf->data, 1, buf->len, stderr);
- fflush (stderr);
- }
- p11_buffer_reset (buf, 128);
-}
-
-#define BEGIN_CALL(name) \
- { \
- LogData *_log = (LogData *)self; \
- const char* _name = "C_" #name; \
- p11_buffer _buf; \
- CK_X_##name _func = _log->lower->C_##name; \
- CK_RV _ret = CKR_OK; \
- p11_buffer_init_null (&_buf, 128); \
- return_val_if_fail (_func != NULL, CKR_DEVICE_ERROR); \
- p11_buffer_add (&_buf, _name, -1); \
- p11_buffer_add (&_buf, "\n", 1); \
- self = _log->lower;
-
-#define PROCESS_CALL(args) \
- flush_buffer (&_buf); \
- _ret = (_func) args;
-
-#define DONE_CALL \
- p11_buffer_add (&_buf, _name, -1); \
- p11_buffer_add (&_buf, " = ", 3); \
- log_CKR (&_buf, _ret); \
- p11_buffer_add (&_buf, "\n", 1); \
- flush_buffer (&_buf); \
- p11_buffer_uninit (&_buf); \
- return _ret; \
- }
-
-#define LIN " IN: "
-#define LOUT " OUT: "
-
-#define IN_ATTRIBUTE_ARRAY(a, n) \
- log_attribute_types (&_buf, LIN, #a, a, n, CKR_OK);
-
-#define IN_BOOL(a) \
- log_bool (&_buf, LIN, #a, a, CKR_OK);
-
-#define IN_BYTE_ARRAY(a, n) \
- log_byte_array (&_buf, LIN, #a, a, &n, CKR_OK);
-
-#define IN_HANDLE(a) \
- log_ulong (&_buf, LIN, #a, a, "H", CKR_OK);
-
-#define IN_INIT_ARGS(a) \
- log_pInitArgs (&_buf, LIN, #a, a, CKR_OK);
-
-#define IN_POINTER(a) \
- log_pointer (&_buf, LIN, #a, a, CKR_OK);
-
-#define IN_MECHANISM(a) \
- log_mechanism (&_buf, LIN, #a, a, CKR_OK);
-
-#define IN_MECHANISM_TYPE(a) \
- log_mechanism_type (&_buf, LIN, #a, a, CKR_OK);
-
-#define IN_SESSION(a) \
- log_ulong (&_buf, LIN, #a, a, "S", CKR_OK);
-
-#define IN_SLOT_ID(a) \
- log_ulong (&_buf, LIN, #a, a, "SL", CKR_OK);
-
-#define IN_STRING(a) \
- log_string (&_buf, LIN, #a, a, CKR_OK);
-
-#define IN_ULONG(a) \
- log_ulong (&_buf, LIN, #a, a, NULL, CKR_OK);
-
-#define IN_ULONG_PTR(a) \
- log_ulong_pointer (&_buf, LIN, #a, a, NULL, CKR_OK);
-
-#define IN_USER_TYPE(a) \
- log_user_type (&_buf, LIN, #a, a, CKR_OK);
-
-#define OUT_ATTRIBUTE_ARRAY(a, n) \
- log_attribute_array (&_buf, LOUT, #a, a, n, _ret);
-
-#define OUT_BYTE_ARRAY(a, n) \
- log_byte_array(&_buf, LOUT, #a, a, n, _ret);
-
-#define OUT_HANDLE(a) \
- log_ulong_pointer (&_buf, LOUT, #a, a, "H", _ret);
-
-#define OUT_HANDLE_ARRAY(a, n) \
- log_ulong_array (&_buf, LOUT, #a, a, n, "H", _ret);
-
-#define OUT_INFO(a) \
- log_info (&_buf, LOUT, #a, a, _ret);
-
-#define OUT_MECHANISM_INFO(a) \
- log_mechanism_info (&_buf, LOUT, #a, a, _ret);
-
-#define OUT_MECHANISM_TYPE_ARRAY(a, n) \
- log_mechanism_type_array (&_buf, LOUT, #a, a, n, _ret);
-
-#define OUT_POINTER(a) \
- log_pointer (&_buf, LOUT, #a, a, _ret);
-
-#define OUT_SESSION(a) \
- log_ulong_pointer (&_buf, LOUT, #a, a, "S", _ret);
-
-#define OUT_SESSION_INFO(a) \
- log_session_info (&_buf, LOUT, #a, a, _ret);
-
-#define OUT_SLOT_ID_ARRAY(a, n) \
- log_ulong_array (&_buf, LOUT, #a, a, n, "SL", _ret);
-
-#define OUT_SLOT_ID(a) \
- log_ulong_pointer (&_buf, LOUT, #a, a, "SL", _ret);
-
-#define OUT_SLOT_INFO(a) \
- log_slot_info (&_buf, LOUT, #a, a, _ret);
-
-#define OUT_TOKEN_INFO(a) \
- log_token_info (&_buf, LOUT, #a, a, _ret);
-
-#define OUT_ULONG(a) \
- log_ulong_pointer (&_buf, LOUT, #a, a, NULL, _ret);
-
-#define OUT_ULONG_ARRAY(a, n) \
- log_ulong_array (&_buf, LOUT, #a, a, n, NULL, _ret);
-
-
-
-/* ---------------------------------------------------------------- */
-
-static CK_RV
-log_C_Initialize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR pInitArgs)
-{
- BEGIN_CALL (Initialize)
- IN_INIT_ARGS (pInitArgs)
- PROCESS_CALL ((self, pInitArgs))
- DONE_CALL
-}
-
-static CK_RV
-log_C_Finalize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR pReserved)
-{
- BEGIN_CALL (Finalize)
- IN_POINTER (pReserved)
- PROCESS_CALL ((self, pReserved))
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetInfo (CK_X_FUNCTION_LIST *self,
- CK_INFO_PTR pInfo)
-{
- BEGIN_CALL (GetInfo)
- PROCESS_CALL ((self, pInfo))
- OUT_INFO (pInfo)
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetSlotList (CK_X_FUNCTION_LIST *self,
- CK_BBOOL tokenPresent,
- CK_SLOT_ID_PTR pSlotList,
- CK_ULONG_PTR pulCount)
-{
- BEGIN_CALL (GetSlotList)
- IN_BOOL (tokenPresent)
- IN_ULONG_PTR (pulCount)
- PROCESS_CALL ((self, tokenPresent, pSlotList, pulCount))
- OUT_SLOT_ID_ARRAY (pSlotList, pulCount)
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slotID,
- CK_SLOT_INFO_PTR pInfo)
-{
- BEGIN_CALL (GetSlotInfo)
- IN_SLOT_ID (slotID)
- PROCESS_CALL ((self, slotID, pInfo))
- OUT_SLOT_INFO (pInfo)
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slotID,
- CK_TOKEN_INFO_PTR pInfo)
-{
- BEGIN_CALL (GetTokenInfo)
- IN_SLOT_ID (slotID)
- PROCESS_CALL ((self, slotID, pInfo))
- OUT_TOKEN_INFO (pInfo)
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE_PTR pMechanismList,
- CK_ULONG_PTR pulCount)
-{
- BEGIN_CALL (GetMechanismList)
- IN_SLOT_ID (slotID)
- IN_ULONG_PTR (pulCount)
- PROCESS_CALL ((self, slotID, pMechanismList, pulCount))
- OUT_MECHANISM_TYPE_ARRAY (pMechanismList, pulCount)
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slotID,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR pInfo)
-{
- BEGIN_CALL (GetMechanismInfo)
- IN_SLOT_ID (slotID)
- IN_MECHANISM_TYPE (type)
- PROCESS_CALL ((self, slotID, type, pInfo))
- OUT_MECHANISM_INFO (pInfo)
- DONE_CALL
-}
-
-static CK_RV
-log_C_InitToken (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slotID,
- CK_UTF8CHAR_PTR pPin,
- CK_ULONG ulPinLen,
- CK_UTF8CHAR_PTR pLabel)
-{
- BEGIN_CALL (InitToken)
- IN_SLOT_ID (slotID)
- IN_BYTE_ARRAY (pPin, ulPinLen)
- IN_STRING (pLabel)
- PROCESS_CALL ((self, slotID, pPin, ulPinLen, pLabel))
- DONE_CALL
-}
-
-static CK_RV
-log_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR pSlot,
- CK_VOID_PTR pReserved)
-{
- char temp[32];
- int had = 0;
-
- BEGIN_CALL (WaitForSlotEvent)
- p11_buffer_add (&_buf, " IN: flags = ", -1);
- snprintf (temp, sizeof (temp), "%lu", flags);
- p11_buffer_add (&_buf, temp, -1);
- LOG_FLAG (&_buf, flags, had, CKF_DONT_BLOCK);
- p11_buffer_add (&_buf, "\n", 1);
- PROCESS_CALL ((self, flags, pSlot, pReserved))
- OUT_SLOT_ID (pSlot)
- OUT_POINTER (pReserved)
- DONE_CALL
-}
-
-static CK_RV
-log_C_OpenSession (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slotID,
- CK_FLAGS flags,
- CK_VOID_PTR pApplication,
- CK_NOTIFY Notify,
- CK_SESSION_HANDLE_PTR phSession)
-{
- char temp[32];
- int had = 0;
-
- BEGIN_CALL (OpenSession)
- IN_SLOT_ID (slotID)
- p11_buffer_add (&_buf, " IN: flags = ", -1);
- snprintf (temp, sizeof (temp), "%lu", flags);
- p11_buffer_add (&_buf, temp, -1);
- LOG_FLAG (&_buf, flags, had, CKF_SERIAL_SESSION);
- LOG_FLAG (&_buf, flags, had, CKF_RW_SESSION);
- p11_buffer_add (&_buf, "\n", 1);
- IN_POINTER (pApplication);
- IN_POINTER (Notify);
- PROCESS_CALL ((self, slotID, flags, pApplication, Notify, phSession));
- OUT_SESSION (phSession)
- DONE_CALL
-}
-
-static CK_RV
-log_C_CloseSession (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession)
-{
- BEGIN_CALL (CloseSession)
- IN_SESSION (hSession)
- PROCESS_CALL ((self, hSession))
- DONE_CALL
-}
-
-static CK_RV
-log_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slotID)
-{
- BEGIN_CALL (CloseAllSessions)
- IN_SLOT_ID (slotID)
- PROCESS_CALL ((self, slotID))
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_SESSION_INFO_PTR pInfo)
-{
- BEGIN_CALL (GetSessionInfo)
- IN_SESSION (hSession)
- PROCESS_CALL ((self, hSession, pInfo))
- OUT_SESSION_INFO (pInfo)
- DONE_CALL
-}
-
-static CK_RV
-log_C_InitPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_UTF8CHAR_PTR pPin,
- CK_ULONG ulPinLen)
-{
- BEGIN_CALL (InitPIN)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pPin, ulPinLen)
- PROCESS_CALL ((self, hSession, pPin, ulPinLen))
- DONE_CALL
-}
-
-static CK_RV
-log_C_SetPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_UTF8CHAR_PTR pOldPin,
- CK_ULONG ulOldLen,
- CK_UTF8CHAR_PTR pNewPin,
- CK_ULONG ulNewLen)
-{
- BEGIN_CALL (SetPIN)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pOldPin, ulOldLen)
- IN_BYTE_ARRAY (pNewPin, ulNewLen);
- PROCESS_CALL ((self, hSession, pOldPin, ulOldLen, pNewPin, ulNewLen))
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG_PTR pulOperationStateLen)
-{
- BEGIN_CALL (GetOperationState)
- IN_SESSION (hSession)
- IN_ULONG_PTR (pulOperationStateLen)
- PROCESS_CALL ((self, hSession, pOperationState, pulOperationStateLen))
- OUT_BYTE_ARRAY (pOperationState, pulOperationStateLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_SetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pOperationState,
- CK_ULONG ulOperationStateLen,
- CK_OBJECT_HANDLE hEncryptionKey,
- CK_OBJECT_HANDLE hAuthenticationKey)
-{
- BEGIN_CALL (SetOperationState)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pOperationState, ulOperationStateLen)
- IN_HANDLE (hEncryptionKey)
- IN_HANDLE (hAuthenticationKey)
- PROCESS_CALL ((self, hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey))
- DONE_CALL
-}
-
-static CK_RV
-log_C_Login (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_USER_TYPE userType,
- CK_UTF8CHAR_PTR pPin,
- CK_ULONG ulPinLen)
-{
- BEGIN_CALL (Login)
- IN_SESSION (hSession)
- IN_USER_TYPE (userType)
- IN_BYTE_ARRAY (pPin, ulPinLen);
- PROCESS_CALL ((self, hSession, userType, pPin, ulPinLen))
- DONE_CALL
-}
-
-static CK_RV
-log_C_Logout (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession)
-{
- BEGIN_CALL (Logout)
- IN_SESSION (hSession)
- PROCESS_CALL ((self, hSession))
- DONE_CALL
-}
-
-static CK_RV
-log_C_CreateObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phObject)
-{
- BEGIN_CALL (CreateObject)
- IN_SESSION (hSession)
- IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
- PROCESS_CALL ((self, hSession, pTemplate, ulCount, phObject))
- OUT_HANDLE (phObject)
- DONE_CALL
-}
-
-static CK_RV
-log_C_CopyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phNewObject)
-{
- BEGIN_CALL (CopyObject)
- IN_SESSION (hSession)
- IN_HANDLE (hObject)
- IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
- PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount, phNewObject))
- OUT_HANDLE (phNewObject)
- DONE_CALL
-}
-
-
-static CK_RV
-log_C_DestroyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject)
-{
- BEGIN_CALL (DestroyObject);
- IN_SESSION (hSession)
- IN_HANDLE (hObject)
- PROCESS_CALL ((self, hSession, hObject))
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ULONG_PTR size)
-{
- BEGIN_CALL (GetObjectSize);
- IN_SESSION (hSession)
- IN_HANDLE (hObject)
- PROCESS_CALL ((self, hSession, hObject, size))
- OUT_ULONG (size)
- DONE_CALL
-}
-
-static CK_RV
-log_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount)
-{
- BEGIN_CALL (GetAttributeValue)
- IN_SESSION (hSession)
- IN_HANDLE (hObject)
- IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
- PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount))
- OUT_ATTRIBUTE_ARRAY (pTemplate, ulCount)
- DONE_CALL
-}
-
-static CK_RV
-log_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount)
-{
- BEGIN_CALL (SetAttributeValue)
- IN_SESSION (hSession)
- IN_HANDLE (hObject)
- IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
- PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount))
- DONE_CALL
-}
-
-static CK_RV
-log_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount)
-{
- BEGIN_CALL (FindObjectsInit)
- IN_SESSION (hSession)
- IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
- PROCESS_CALL ((self, hSession, pTemplate, ulCount))
- DONE_CALL
-}
-
-static CK_RV
-log_C_FindObjects (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE_PTR object,
- CK_ULONG max_object_count,
- CK_ULONG_PTR object_count)
-{
- BEGIN_CALL (FindObjects)
- IN_SESSION (hSession)
- IN_ULONG (max_object_count)
- PROCESS_CALL ((self, hSession, object, max_object_count, object_count))
- OUT_HANDLE_ARRAY (object, object_count)
- DONE_CALL
-}
-
-static CK_RV
-log_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession)
-{
- BEGIN_CALL (FindObjectsFinal)
- IN_SESSION (hSession)
- PROCESS_CALL ((self, hSession))
- DONE_CALL
-}
-
-static CK_RV
-log_C_EncryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- BEGIN_CALL (EncryptInit)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_HANDLE (hKey)
- PROCESS_CALL ((self, hSession, pMechanism, hKey))
- DONE_CALL
-}
-
-static CK_RV
-log_C_Encrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG_PTR pulEncryptedDataLen)
-{
- BEGIN_CALL (Encrypt)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pData, ulDataLen)
- PROCESS_CALL ((self, hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen))
- OUT_BYTE_ARRAY (pEncryptedData, pulEncryptedDataLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen)
-{
- BEGIN_CALL (EncryptUpdate)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pPart, ulPartLen)
- PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen))
- OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastEncryptedPart,
- CK_ULONG_PTR pulLastEncryptedPartLen)
-{
- BEGIN_CALL (EncryptFinal)
- IN_SESSION (hSession)
- PROCESS_CALL ((self, hSession, pLastEncryptedPart, pulLastEncryptedPartLen))
- OUT_BYTE_ARRAY (pLastEncryptedPart, pulLastEncryptedPartLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_DecryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- BEGIN_CALL (DecryptInit)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_HANDLE (hKey)
- PROCESS_CALL ((self, hSession, pMechanism, hKey))
- DONE_CALL
-}
-
-static CK_RV
-log_C_Decrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedData,
- CK_ULONG ulEncryptedDataLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen)
-{
- BEGIN_CALL (Decrypt)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pEncryptedData, ulEncryptedDataLen)
- PROCESS_CALL ((self, hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen))
- OUT_BYTE_ARRAY (pData, pulDataLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen)
-{
- BEGIN_CALL (DecryptUpdate)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen)
- PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen))
- OUT_BYTE_ARRAY (pPart, pulPartLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pLastPart,
- CK_ULONG_PTR pulLastPartLen)
-{
- BEGIN_CALL (DecryptFinal)
- IN_SESSION (hSession)
- PROCESS_CALL ((self, hSession, pLastPart, pulLastPartLen))
- OUT_BYTE_ARRAY (pLastPart, pulLastPartLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_DigestInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism)
-{
- BEGIN_CALL (DigestInit)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- PROCESS_CALL ((self, hSession, pMechanism))
- DONE_CALL
-}
-
-static CK_RV
-log_C_Digest (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen)
-{
- BEGIN_CALL (Digest)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pData, ulDataLen)
- PROCESS_CALL ((self, hSession, pData, ulDataLen, pDigest, pulDigestLen))
- OUT_BYTE_ARRAY (pDigest, pulDigestLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen)
-{
- BEGIN_CALL (DigestUpdate)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pPart, ulPartLen)
- PROCESS_CALL ((self, hSession, pPart, ulPartLen))
- DONE_CALL
-}
-
-static CK_RV
-log_C_DigestKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hKey)
-{
- BEGIN_CALL (DigestKey)
- IN_SESSION (hSession)
- IN_HANDLE (hKey)
- PROCESS_CALL ((self, hSession, hKey))
- DONE_CALL
-}
-
-static CK_RV
-log_C_DigestFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pDigest,
- CK_ULONG_PTR pulDigestLen)
-{
- BEGIN_CALL (DigestFinal)
- IN_SESSION (hSession)
- PROCESS_CALL ((self, hSession, pDigest, pulDigestLen))
- OUT_BYTE_ARRAY (pDigest, pulDigestLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_SignInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- BEGIN_CALL (SignInit)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_HANDLE (hKey)
- PROCESS_CALL ((self, hSession, pMechanism, hKey))
- DONE_CALL
-}
-
-static CK_RV
-log_C_Sign (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen)
-{
- BEGIN_CALL (Sign)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pData, ulDataLen)
- PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen))
- OUT_BYTE_ARRAY (pSignature, pulSignatureLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_SignUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen)
-{
- BEGIN_CALL (SignUpdate)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pPart, ulPartLen)
- PROCESS_CALL ((self, hSession, pPart, ulPartLen))
- DONE_CALL
-}
-
-static CK_RV
-log_C_SignFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen)
-{
- BEGIN_CALL (SignFinal)
- IN_SESSION (hSession)
- PROCESS_CALL ((self, hSession, pSignature, pulSignatureLen))
- OUT_BYTE_ARRAY (pSignature, pulSignatureLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- BEGIN_CALL (SignRecoverInit)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_HANDLE (hKey)
- PROCESS_CALL ((self, hSession, pMechanism, hKey))
- DONE_CALL
-}
-
-static CK_RV
-log_C_SignRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG_PTR pulSignatureLen)
-{
- BEGIN_CALL (SignRecover)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pData, ulDataLen)
- PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen))
- OUT_BYTE_ARRAY (pSignature, pulSignatureLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_VerifyInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- BEGIN_CALL (VerifyInit);
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_HANDLE (hKey)
- PROCESS_CALL ((self, hSession, pMechanism, hKey))
- DONE_CALL
-}
-
-static CK_RV
-log_C_Verify (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pData,
- CK_ULONG ulDataLen,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen)
-{
- BEGIN_CALL (Verify)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pData, ulDataLen)
- IN_BYTE_ARRAY (pSignature, ulSignatureLen)
- PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, ulSignatureLen))
- DONE_CALL
-}
-
-static CK_RV
-log_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen)
-{
- BEGIN_CALL (VerifyUpdate)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pPart, ulPartLen)
- PROCESS_CALL ((self, hSession, pPart, ulPartLen))
- DONE_CALL
-}
-
-static CK_RV
-log_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen)
-{
- BEGIN_CALL (VerifyFinal)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pSignature, ulSignatureLen);
- PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen))
- DONE_CALL
-}
-
-static CK_RV
-log_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hKey)
-{
- BEGIN_CALL (VerifyRecoverInit)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_HANDLE (hKey)
- PROCESS_CALL ((self, hSession, pMechanism, hKey))
- DONE_CALL
-}
-
-static CK_RV
-log_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSignature,
- CK_ULONG ulSignatureLen,
- CK_BYTE_PTR pData,
- CK_ULONG_PTR pulDataLen)
-{
- BEGIN_CALL (VerifyRecover)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pSignature, ulSignatureLen)
- PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen, pData, pulDataLen))
- OUT_BYTE_ARRAY (pData, pulDataLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen)
-{
- BEGIN_CALL (DigestEncryptUpdate);
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pPart, ulPartLen)
- PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen))
- OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen)
-{
- BEGIN_CALL (DecryptDigestUpdate)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen)
- PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen))
- OUT_BYTE_ARRAY (pPart, pulPartLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pPart,
- CK_ULONG ulPartLen,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG_PTR pulEncryptedPartLen)
-{
- BEGIN_CALL (SignEncryptUpdate)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pPart, ulPartLen)
- PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen))
- OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pEncryptedPart,
- CK_ULONG ulEncryptedPartLen,
- CK_BYTE_PTR pPart,
- CK_ULONG_PTR pulPartLen)
-{
- BEGIN_CALL (DecryptVerifyUpdate)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen)
- PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen))
- OUT_BYTE_ARRAY (pPart, pulPartLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_GenerateKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulCount,
- CK_OBJECT_HANDLE_PTR phKey)
-{
- BEGIN_CALL (GenerateKey)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
- PROCESS_CALL ((self, hSession, pMechanism, pTemplate, ulCount, phKey))
- OUT_HANDLE (phKey)
- DONE_CALL
-}
-
-static CK_RV
-log_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_ATTRIBUTE_PTR pPublicKeyTemplate,
- CK_ULONG ulPublicKeyAttributeCount,
- CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
- CK_ULONG ulPrivateKeyAttributeCount,
- CK_OBJECT_HANDLE_PTR phPublicKey,
- CK_OBJECT_HANDLE_PTR phPrivateKey)
-{
- BEGIN_CALL (GenerateKeyPair)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_ATTRIBUTE_ARRAY (pPublicKeyTemplate, ulPublicKeyAttributeCount)
- IN_ATTRIBUTE_ARRAY (pPrivateKeyTemplate, ulPrivateKeyAttributeCount)
- PROCESS_CALL ((self, hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount,
- pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey))
- OUT_HANDLE (phPublicKey)
- OUT_HANDLE (phPrivateKey)
- DONE_CALL
-}
-
-static CK_RV
-log_C_WrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hWrappingKey,
- CK_OBJECT_HANDLE hKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG_PTR pulWrappedKeyLen)
-{
- BEGIN_CALL (WrapKey)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_HANDLE (hWrappingKey)
- IN_HANDLE (hKey)
- PROCESS_CALL ((self, hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen))
- OUT_BYTE_ARRAY (pWrappedKey, pulWrappedKeyLen)
- DONE_CALL
-}
-
-static CK_RV
-log_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hUnwrappingKey,
- CK_BYTE_PTR pWrappedKey,
- CK_ULONG ulWrappedKeyLen,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phKey)
-{
- BEGIN_CALL (UnwrapKey)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_HANDLE (hUnwrappingKey)
- IN_BYTE_ARRAY (pWrappedKey, ulWrappedKeyLen)
- IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount)
- PROCESS_CALL ((self, hSession, pMechanism, hUnwrappingKey, pWrappedKey,
- ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey))
- OUT_HANDLE (phKey)
- DONE_CALL
-}
-
-static CK_RV
-log_C_DeriveKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_MECHANISM_PTR pMechanism,
- CK_OBJECT_HANDLE hBaseKey,
- CK_ATTRIBUTE_PTR pTemplate,
- CK_ULONG ulAttributeCount,
- CK_OBJECT_HANDLE_PTR phObject)
-{
- BEGIN_CALL (DeriveKey)
- IN_SESSION (hSession)
- IN_MECHANISM (pMechanism)
- IN_HANDLE (hBaseKey)
- IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount)
- PROCESS_CALL ((self, hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phObject))
- OUT_HANDLE (phObject)
- DONE_CALL
-}
-
-static CK_RV
-log_C_SeedRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pSeed,
- CK_ULONG ulSeedLen)
-{
- BEGIN_CALL (SeedRandom)
- IN_SESSION (hSession)
- IN_BYTE_ARRAY (pSeed, ulSeedLen);
- PROCESS_CALL ((self, hSession, pSeed, ulSeedLen))
- DONE_CALL
-}
-
-static CK_RV
-log_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE hSession,
- CK_BYTE_PTR pRandomData,
- CK_ULONG ulRandomLen)
-{
- BEGIN_CALL (GenerateRandom)
- IN_SESSION (hSession)
- IN_ULONG (ulRandomLen)
- PROCESS_CALL ((self, hSession, pRandomData, ulRandomLen))
- OUT_BYTE_ARRAY (pRandomData, &ulRandomLen)
- DONE_CALL
-}
-
-static CK_X_FUNCTION_LIST log_functions = {
- { -1, -1 },
- log_C_Initialize,
- log_C_Finalize,
- log_C_GetInfo,
- log_C_GetSlotList,
- log_C_GetSlotInfo,
- log_C_GetTokenInfo,
- log_C_GetMechanismList,
- log_C_GetMechanismInfo,
- log_C_InitToken,
- log_C_InitPIN,
- log_C_SetPIN,
- log_C_OpenSession,
- log_C_CloseSession,
- log_C_CloseAllSessions,
- log_C_GetSessionInfo,
- log_C_GetOperationState,
- log_C_SetOperationState,
- log_C_Login,
- log_C_Logout,
- log_C_CreateObject,
- log_C_CopyObject,
- log_C_DestroyObject,
- log_C_GetObjectSize,
- log_C_GetAttributeValue,
- log_C_SetAttributeValue,
- log_C_FindObjectsInit,
- log_C_FindObjects,
- log_C_FindObjectsFinal,
- log_C_EncryptInit,
- log_C_Encrypt,
- log_C_EncryptUpdate,
- log_C_EncryptFinal,
- log_C_DecryptInit,
- log_C_Decrypt,
- log_C_DecryptUpdate,
- log_C_DecryptFinal,
- log_C_DigestInit,
- log_C_Digest,
- log_C_DigestUpdate,
- log_C_DigestKey,
- log_C_DigestFinal,
- log_C_SignInit,
- log_C_Sign,
- log_C_SignUpdate,
- log_C_SignFinal,
- log_C_SignRecoverInit,
- log_C_SignRecover,
- log_C_VerifyInit,
- log_C_Verify,
- log_C_VerifyUpdate,
- log_C_VerifyFinal,
- log_C_VerifyRecoverInit,
- log_C_VerifyRecover,
- log_C_DigestEncryptUpdate,
- log_C_DecryptDigestUpdate,
- log_C_SignEncryptUpdate,
- log_C_DecryptVerifyUpdate,
- log_C_GenerateKey,
- log_C_GenerateKeyPair,
- log_C_WrapKey,
- log_C_UnwrapKey,
- log_C_DeriveKey,
- log_C_SeedRandom,
- log_C_GenerateRandom,
- log_C_WaitForSlotEvent,
-};
-
-void
-p11_log_release (void *data)
-{
- LogData *log = (LogData *)data;
-
- return_if_fail (data != NULL);
- p11_virtual_uninit (&log->virt);
- free (log);
-}
-
-p11_virtual *
-p11_log_subclass (p11_virtual *lower,
- p11_destroyer destroyer)
-{
- LogData *log;
-
- log = calloc (1, sizeof (LogData));
- return_val_if_fail (log != NULL, NULL);
-
- p11_virtual_init (&log->virt, &log_functions, lower, destroyer);
- log->lower = &lower->funcs;
- return &log->virt;
-}
diff --git a/p11-kit/log.h b/p11-kit/log.h
deleted file mode 100644
index d8169e8..0000000
--- a/p11-kit/log.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stef@thewalter.net>
- */
-
-#ifndef P11_LOG_H_
-#define P11_LOG_H_
-
-#include "virtual.h"
-
-p11_virtual * p11_log_subclass (p11_virtual *lower,
- p11_destroyer destroyer);
-
-void p11_log_release (void *logger);
-
-extern bool p11_log_force;
-
-extern bool p11_log_output;
-
-#endif /* P11_LOG_H_ */
diff --git a/p11-kit/messages.c b/p11-kit/messages.c
deleted file mode 100644
index 3190fce..0000000
--- a/p11-kit/messages.c
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Copyright (C) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "pkcs11.h"
-#include "p11-kit.h"
-
-/**
- * SECTION:p11-kit-util
- * @title: Utilities
- * @short_description: PKCS\#11 utilities
- *
- * Utility functions for working with PKCS\#11.
- */
-
-#ifdef ENABLE_NLS
-#include <libintl.h>
-#define _(x) dgettext(PACKAGE_NAME, x)
-#else
-#define _(x) x
-#endif
-
-/**
- * p11_kit_strerror:
- * @rv: The code to get a message for.
- *
- * Get a message for a PKCS\#11 return value or error code. Do not
- * pass CKR_OK or other such non errors to this function.
- *
- * Returns: The user readable and localized message.
- **/
-const char*
-p11_kit_strerror (CK_RV rv)
-{
- switch (rv) {
-
- /* These are not really errors, or not current */
- case CKR_OK:
- case CKR_NO_EVENT:
- case CKR_FUNCTION_NOT_PARALLEL:
- case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
- return "";
-
- case CKR_CANCEL:
- case CKR_FUNCTION_CANCELED:
- return _("The operation was cancelled");
-
- case CKR_HOST_MEMORY:
- return _("Insufficient memory available");
- case CKR_SLOT_ID_INVALID:
- return _("The specified slot ID is not valid");
- case CKR_GENERAL_ERROR:
- return _("Internal error");
- case CKR_FUNCTION_FAILED:
- return _("The operation failed");
- case CKR_ARGUMENTS_BAD:
- return _("Invalid arguments");
- case CKR_NEED_TO_CREATE_THREADS:
- return _("The module cannot create needed threads");
- case CKR_CANT_LOCK:
- return _("The module cannot lock data properly");
- case CKR_ATTRIBUTE_READ_ONLY:
- return _("The field is read-only");
- case CKR_ATTRIBUTE_SENSITIVE:
- return _("The field is sensitive and cannot be revealed");
- case CKR_ATTRIBUTE_TYPE_INVALID:
- return _("The field is invalid or does not exist");
- case CKR_ATTRIBUTE_VALUE_INVALID:
- return _("Invalid value for field");
- case CKR_DATA_INVALID:
- return _("The data is not valid or unrecognized");
- case CKR_DATA_LEN_RANGE:
- return _("The data is too long");
- case CKR_DEVICE_ERROR:
- return _("An error occurred on the device");
- case CKR_DEVICE_MEMORY:
- return _("Insufficient memory available on the device");
- case CKR_DEVICE_REMOVED:
- return _("The device was removed or unplugged");
- case CKR_ENCRYPTED_DATA_INVALID:
- return _("The encrypted data is not valid or unrecognized");
- case CKR_ENCRYPTED_DATA_LEN_RANGE:
- return _("The encrypted data is too long");
- case CKR_FUNCTION_NOT_SUPPORTED:
- return _("This operation is not supported");
- case CKR_KEY_HANDLE_INVALID:
- return _("The key is missing or invalid");
- case CKR_KEY_SIZE_RANGE:
- return _("The key is the wrong size");
- case CKR_KEY_TYPE_INCONSISTENT:
- return _("The key is of the wrong type");
- case CKR_KEY_NOT_NEEDED:
- return _("No key is needed");
- case CKR_KEY_CHANGED:
- return _("The key is different than before");
- case CKR_KEY_NEEDED:
- return _("A key is needed");
- case CKR_KEY_INDIGESTIBLE:
- return _("Cannot include the key in the digest");
- case CKR_KEY_FUNCTION_NOT_PERMITTED:
- return _("This operation cannot be done with this key");
- case CKR_KEY_NOT_WRAPPABLE:
- return _("The key cannot be wrapped");
- case CKR_KEY_UNEXTRACTABLE:
- return _("Cannot export this key");
- case CKR_MECHANISM_INVALID:
- return _("The crypto mechanism is invalid or unrecognized");
- case CKR_MECHANISM_PARAM_INVALID:
- return _("The crypto mechanism has an invalid argument");
- case CKR_OBJECT_HANDLE_INVALID:
- return _("The object is missing or invalid");
- case CKR_OPERATION_ACTIVE:
- return _("Another operation is already taking place");
- case CKR_OPERATION_NOT_INITIALIZED:
- return _("No operation is taking place");
- case CKR_PIN_INCORRECT:
- return _("The password or PIN is incorrect");
- case CKR_PIN_INVALID:
- return _("The password or PIN is invalid");
- case CKR_PIN_LEN_RANGE:
- return _("The password or PIN is of an invalid length");
- case CKR_PIN_EXPIRED:
- return _("The password or PIN has expired");
- case CKR_PIN_LOCKED:
- return _("The password or PIN is locked");
- case CKR_SESSION_CLOSED:
- return _("The session is closed");
- case CKR_SESSION_COUNT:
- return _("Too many sessions are active");
- case CKR_SESSION_HANDLE_INVALID:
- return _("The session is invalid");
- case CKR_SESSION_READ_ONLY:
- return _("The session is read-only");
- case CKR_SESSION_EXISTS:
- return _("An open session exists");
- case CKR_SESSION_READ_ONLY_EXISTS:
- return _("A read-only session exists");
- case CKR_SESSION_READ_WRITE_SO_EXISTS:
- return _("An administrator session exists");
- case CKR_SIGNATURE_INVALID:
- return _("The signature is bad or corrupted");
- case CKR_SIGNATURE_LEN_RANGE:
- return _("The signature is unrecognized or corrupted");
- case CKR_TEMPLATE_INCOMPLETE:
- return _("Certain required fields are missing");
- case CKR_TEMPLATE_INCONSISTENT:
- return _("Certain fields have invalid values");
- case CKR_TOKEN_NOT_PRESENT:
- return _("The device is not present or unplugged");
- case CKR_TOKEN_NOT_RECOGNIZED:
- return _("The device is invalid or unrecognizable");
- case CKR_TOKEN_WRITE_PROTECTED:
- return _("The device is write protected");
- case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
- return _("Cannot import because the key is invalid");
- case CKR_UNWRAPPING_KEY_SIZE_RANGE:
- return _("Cannot import because the key is of the wrong size");
- case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
- return _("Cannot import because the key is of the wrong type");
- case CKR_USER_ALREADY_LOGGED_IN:
- return _("You are already logged in");
- case CKR_USER_NOT_LOGGED_IN:
- return _("No user has logged in");
- case CKR_USER_PIN_NOT_INITIALIZED:
- return _("The user's password or PIN is not set");
- case CKR_USER_TYPE_INVALID:
- return _("The user is of an invalid type");
- case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
- return _("Another user is already logged in");
- case CKR_USER_TOO_MANY_TYPES:
- return _("Too many users of different types are logged in");
- case CKR_WRAPPED_KEY_INVALID:
- return _("Cannot import an invalid key");
- case CKR_WRAPPED_KEY_LEN_RANGE:
- return _("Cannot import a key of the wrong size");
- case CKR_WRAPPING_KEY_HANDLE_INVALID:
- return _("Cannot export because the key is invalid");
- case CKR_WRAPPING_KEY_SIZE_RANGE:
- return _("Cannot export because the key is of the wrong size");
- case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
- return _("Cannot export because the key is of the wrong type");
- case CKR_RANDOM_SEED_NOT_SUPPORTED:
- return _("Unable to initialize the random number generator");
- case CKR_RANDOM_NO_RNG:
- return _("No random number generator available");
- case CKR_DOMAIN_PARAMS_INVALID:
- return _("The crypto mechanism has an invalid parameter");
- case CKR_BUFFER_TOO_SMALL:
- return _("Not enough space to store the result");
- case CKR_SAVED_STATE_INVALID:
- return _("The saved state is invalid");
- case CKR_INFORMATION_SENSITIVE:
- return _("The information is sensitive and cannot be revealed");
- case CKR_STATE_UNSAVEABLE:
- return _("The state cannot be saved");
- case CKR_CRYPTOKI_NOT_INITIALIZED:
- return _("The module has not been initialized");
- case CKR_CRYPTOKI_ALREADY_INITIALIZED:
- return _("The module has already been initialized");
- case CKR_MUTEX_BAD:
- return _("Cannot lock data");
- case CKR_MUTEX_NOT_LOCKED:
- return _("The data cannot be locked");
- case CKR_FUNCTION_REJECTED:
- return _("The request was rejected by the user");
-
- default:
- return _("Unknown error");
- }
-}
diff --git a/p11-kit/mock-module-ep.c b/p11-kit/mock-module-ep.c
deleted file mode 100644
index 9ba739a..0000000
--- a/p11-kit/mock-module-ep.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 2012 Stefan Walter
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-
-#define CRYPTOKI_EXPORTS 1
-#include "pkcs11.h"
-
-#include "mock.h"
-
-#ifdef OS_WIN32
-__declspec(dllexport)
-#endif
-CK_RV
-C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
- mock_module_init ();
- mock_module_no_slots.C_GetFunctionList = C_GetFunctionList;
- if (list == NULL)
- return CKR_ARGUMENTS_BAD;
- *list = &mock_module;
- return CKR_OK;
-}
diff --git a/p11-kit/mock-module-ep2.c b/p11-kit/mock-module-ep2.c
deleted file mode 100644
index ee71711..0000000
--- a/p11-kit/mock-module-ep2.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 2012 Stefan Walter
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-
-#define CRYPTOKI_EXPORTS 1
-#include "pkcs11.h"
-
-#include "mock.h"
-
-#include <stdio.h>
-
-#ifdef OS_WIN32
-__declspec(dllexport)
-#endif
-CK_RV
-C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
- mock_module_init ();
- mock_module.C_GetFunctionList = C_GetFunctionList;
- if (list == NULL)
- return CKR_ARGUMENTS_BAD;
- *list = &mock_module;
- return CKR_OK;
-}
diff --git a/p11-kit/mock-module-ep3.c b/p11-kit/mock-module-ep3.c
deleted file mode 100644
index 4bf403c..0000000
--- a/p11-kit/mock-module-ep3.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 2012 Stefan Walter
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-
-#define CRYPTOKI_EXPORTS 1
-#include "pkcs11.h"
-
-#include "mock.h"
-#include "test.h"
-
-#include <stdio.h>
-
-static CK_RV
-override_initialize (CK_VOID_PTR init_args)
-{
- CK_C_INITIALIZE_ARGS_PTR args = init_args;
-
- assert_str_eq ("initialize-arg", args->pReserved);
-
- return mock_C_Initialize (init_args);
-}
-
-#ifdef OS_WIN32
-__declspec(dllexport)
-#endif
-CK_RV
-C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
- mock_module_init ();
- mock_module.C_GetFunctionList = C_GetFunctionList;
- if (list == NULL)
- return CKR_ARGUMENTS_BAD;
- mock_module.C_Initialize = override_initialize;
- *list = &mock_module;
- return CKR_OK;
-}
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
deleted file mode 100644
index 6e15c1d..0000000
--- a/p11-kit/modules.c
+++ /dev/null
@@ -1,2704 +0,0 @@
-/*
- * Copyright (C) 2008 Stefan Walter
- * Copyright (C) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-/* We use and define deprecated functions here */
-#define P11_KIT_NO_DEPRECATIONS
-#define P11_DEBUG_FLAG P11_DEBUG_LIB
-
-#include "conf.h"
-#include "debug.h"
-#include "dict.h"
-#include "library.h"
-#include "log.h"
-#include "message.h"
-#include "modules.h"
-#include "path.h"
-#include "pkcs11.h"
-#include "p11-kit.h"
-#include "private.h"
-#include "proxy.h"
-#include "rpc.h"
-#include "virtual.h"
-
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include <assert.h>
-#include <ctype.h>
-#include <dirent.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdarg.h>
-#include <stddef.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-/**
- * SECTION:p11-kit
- * @title: Modules
- * @short_description: Module loading and initializing
- *
- * PKCS\#11 modules are used by crypto libraries and applications to access
- * crypto objects (like keys and certificates) and to perform crypto operations.
- *
- * In order for applications to behave consistently with regard to the user's
- * installed PKCS\#11 modules, each module must be configured so that applications
- * or libraries know that they should load it.
- *
- * When multiple consumers of a module (such as libraries or applications) are
- * in the same process, coordination of the initialization and finalization
- * of PKCS\#11 modules is required. To do this modules are managed by p11-kit.
- * This means that various unsafe methods are coordinated between callers. Unmanaged
- * modules are simply the raw PKCS\#11 module pointers without p11-kit getting in the
- * way. It is highly recommended that the default managed behavior is used.
- *
- * The functions here provide support for initializing configured modules. The
- * p11_kit_modules_load() function should be used to load and initialize
- * the configured modules. When done, the p11_kit_modules_release() function
- * should be used to release those modules and associated resources.
- *
- * In addition p11_kit_config_option() can be used to access other parts
- * of the module configuration.
- *
- * If a consumer wishes to load an arbitrary PKCS\#11 module that's not
- * configured use p11_kit_module_load() to do so. And use p11_kit_module_release()
- * to later release it.
- *
- * Modules are represented by a pointer to their <code>CK_FUNCTION_LIST</code>
- * entry points.
- */
-
-/**
- * SECTION:p11-kit-deprecated
- * @title: Deprecated
- * @short_description: Deprecated functions
- *
- * These functions have been deprecated from p11-kit and are not recommended for
- * general usage. In large part they were deprecated because they did not adequately
- * insulate multiple callers of a PKCS\#11 module from another, and could not
- * support the 'managed' mode needed to do this.
- */
-
-/**
- * P11_KIT_MODULE_UNMANAGED:
- *
- * Module is loaded in non 'managed' mode. This is not recommended,
- * disables many features, and prevents coordination between multiple
- * callers of the same module.
- */
-
-/**
- * P11_KIT_MODULE_CRITICAL:
- *
- * Flag to load a module in 'critical' mode. Failure to load a critical module
- * will prevent all other modules from loading. A failure when loading a
- * non-critical module skips that module.
- */
-
-typedef struct _Module {
- /*
- * When using managed modules, this forms the base of the
- * virtual stack into which all the other modules call. This is also
- * the first field in this structure so we can cast between them.
- */
- p11_virtual virt;
-
- /* The initialize args built from configuration */
- CK_C_INITIALIZE_ARGS init_args;
- int ref_count;
- int init_count;
-
- /* Registered modules */
- char *name;
- char *filename;
- p11_dict *config;
- bool critical;
-
- /*
- * This is a pointer to the actual dl shared module, or perhaps
- * the RPC client context.
- */
- void *loaded_module;
- p11_kit_destroyer loaded_destroy;
-
- /* Initialization, mutex must be held */
- p11_mutex_t initialize_mutex;
- unsigned int initialize_called;
- p11_thread_id_t initialize_thread;
-} Module;
-
-/*
- * Shared data between threads, protected by the mutex, a structure so
- * we can audit thread safety easier.
- */
-static struct _Shared {
- p11_dict *modules;
- p11_dict *unmanaged_by_funcs;
- p11_dict *managed_by_closure;
- p11_dict *config;
-} gl = { NULL, NULL };
-
-/* These are global variables to be overridden in tests */
-const char *p11_config_system_file = P11_SYSTEM_CONFIG_FILE;
-const char *p11_config_user_file = P11_USER_CONFIG_FILE;
-const char *p11_config_package_modules = P11_PACKAGE_CONFIG_MODULES;
-const char *p11_config_system_modules = P11_SYSTEM_CONFIG_MODULES;
-const char *p11_config_user_modules = P11_USER_CONFIG_MODULES;
-
-/* -----------------------------------------------------------------------------
- * P11-KIT FUNCTIONALITY
- */
-
-static CK_RV
-create_mutex (CK_VOID_PTR_PTR mut)
-{
- p11_mutex_t *pmutex;
-
- return_val_if_fail (mut != NULL, CKR_ARGUMENTS_BAD);
-
- pmutex = malloc (sizeof (p11_mutex_t));
- return_val_if_fail (pmutex != NULL, CKR_HOST_MEMORY);
-
- p11_mutex_init (pmutex);
- *mut = pmutex;
- return CKR_OK;
-}
-
-static CK_RV
-destroy_mutex (CK_VOID_PTR mut)
-{
- p11_mutex_t *pmutex = mut;
-
- return_val_if_fail (mut != NULL, CKR_MUTEX_BAD);
-
- p11_mutex_uninit (pmutex);
- free (pmutex);
- return CKR_OK;
-}
-
-static CK_RV
-lock_mutex (CK_VOID_PTR mut)
-{
- p11_mutex_t *pmutex = mut;
-
- return_val_if_fail (mut != NULL, CKR_MUTEX_BAD);
-
- p11_mutex_lock (pmutex);
- return CKR_OK;
-}
-
-static CK_RV
-unlock_mutex (CK_VOID_PTR mut)
-{
- p11_mutex_t *pmutex = mut;
-
- return_val_if_fail (mut != NULL, CKR_MUTEX_BAD);
-
- p11_mutex_unlock (pmutex);
- return CKR_OK;
-}
-
-static void
-free_module_unlocked (void *data)
-{
- Module *mod = data;
-
- assert (mod != NULL);
-
- /* Module must have no outstanding references */
- assert (mod->ref_count == 0);
-
- if (mod->init_count > 0) {
- p11_debug_precond ("module unloaded without C_Finalize having been "
- "called for each C_Initialize");
- } else {
- assert (mod->initialize_thread == 0);
- }
-
- if (mod->loaded_destroy)
- mod->loaded_destroy (mod->loaded_module);
-
- p11_mutex_uninit (&mod->initialize_mutex);
- p11_dict_free (mod->config);
- free (mod->name);
- free (mod->filename);
- free (mod);
-}
-
-static Module *
-alloc_module_unlocked (void)
-{
- Module *mod;
-
- mod = calloc (1, sizeof (Module));
- return_val_if_fail (mod != NULL, NULL);
-
- mod->init_args.CreateMutex = create_mutex;
- mod->init_args.DestroyMutex = destroy_mutex;
- mod->init_args.LockMutex = lock_mutex;
- mod->init_args.UnlockMutex = unlock_mutex;
- mod->init_args.flags = CKF_OS_LOCKING_OK;
- p11_mutex_init (&mod->initialize_mutex);
-
- /*
- * The default for configured modules is non-critical, but for
- * modules loaded explicitly, and not from config, we treat them
- * as critical. So this gets overridden for configured modules
- * later when the config is loaded.
- */
- mod->critical = true;
-
- return mod;
-}
-
-static CK_RV
-dlopen_and_get_function_list (Module *mod,
- const char *path,
- CK_FUNCTION_LIST **funcs)
-{
- CK_C_GetFunctionList gfl;
- dl_module_t dl;
- char *error;
- CK_RV rv;
-
- assert (mod != NULL);
- assert (path != NULL);
- assert (funcs != NULL);
-
- dl = p11_dl_open (path);
- if (dl == NULL) {
- error = p11_dl_error ();
- p11_message ("couldn't load module: %s: %s", path, error);
- free (error);
- return CKR_GENERAL_ERROR;
- }
-
- /* When the Module goes away, dlclose the loaded module */
- mod->loaded_destroy = (p11_kit_destroyer)p11_dl_close;
- mod->loaded_module = dl;
-
- gfl = p11_dl_symbol (dl, "C_GetFunctionList");
- if (!gfl) {
- error = p11_dl_error ();
- p11_message ("couldn't find C_GetFunctionList entry point in module: %s: %s",
- path, error);
- free (error);
- return CKR_GENERAL_ERROR;
- }
-
- rv = gfl (funcs);
- if (rv != CKR_OK) {
- p11_message ("call to C_GetFunctiontList failed in module: %s: %s",
- path, p11_kit_strerror (rv));
- return rv;
- }
-
- if (p11_proxy_module_check (*funcs)) {
- p11_message ("refusing to load the p11-kit-proxy.so module as a registered module");
- return CKR_FUNCTION_FAILED;
- }
-
- p11_virtual_init (&mod->virt, &p11_virtual_base, *funcs, NULL);
- p11_debug ("opened module: %s", path);
- return CKR_OK;
-}
-
-static CK_RV
-load_module_from_file_inlock (const char *name,
- const char *path,
- Module **result)
-{
- CK_FUNCTION_LIST *funcs;
- char *expand = NULL;
- Module *mod;
- Module *prev;
- CK_RV rv;
-
- assert (path != NULL);
- assert (result != NULL);
-
- mod = alloc_module_unlocked ();
- return_val_if_fail (mod != NULL, CKR_HOST_MEMORY);
-
- if (!p11_path_absolute (path)) {
- p11_debug ("module path is relative, loading from: %s", P11_MODULE_PATH);
- path = expand = p11_path_build (P11_MODULE_PATH, path, NULL);
- return_val_if_fail (path != NULL, CKR_HOST_MEMORY);
- }
-
- p11_debug ("loading module %s%sfrom path: %s",
- name ? name : "", name ? " " : "", path);
-
- mod->filename = strdup (path);
-
- rv = dlopen_and_get_function_list (mod, path, &funcs);
- free (expand);
-
- if (rv != CKR_OK) {
- free_module_unlocked (mod);
- return rv;
- }
-
- /* Do we have a previous one like this, if so ignore load */
- prev = p11_dict_get (gl.unmanaged_by_funcs, funcs);
-
- /* If same module was loaded previously, just take over config */
- if (prev != NULL) {
- if (!name || prev->name || prev->config)
- p11_debug ("duplicate module %s, using previous", name);
- free_module_unlocked (mod);
- mod = prev;
-
- /* This takes ownership of the module */
- } else if (!p11_dict_set (gl.modules, mod, mod) ||
- !p11_dict_set (gl.unmanaged_by_funcs, funcs, mod)) {
- return_val_if_reached (CKR_HOST_MEMORY);
- }
-
- *result= mod;
- return CKR_OK;
-}
-
-static CK_RV
-setup_module_for_remote_inlock (const char *name,
- const char *remote,
- Module **result)
-{
- p11_rpc_transport *rpc;
- Module *mod;
-
- p11_debug ("remoting module %s using: %s", name, remote);
-
- mod = alloc_module_unlocked ();
- return_val_if_fail (mod != NULL, CKR_HOST_MEMORY);
-
- rpc = p11_rpc_transport_new (&mod->virt, remote, name);
- if (rpc == NULL) {
- free_module_unlocked (mod);
- return CKR_DEVICE_ERROR;
- }
-
- mod->filename = NULL;
- mod->loaded_module = rpc;
- mod->loaded_destroy = p11_rpc_transport_free;
-
- /* This takes ownership of the module */
- if (!p11_dict_set (gl.modules, mod, mod))
- return_val_if_reached (CKR_HOST_MEMORY);
-
- *result = mod;
- return CKR_OK;
-}
-
-static int
-is_list_delimiter (char ch)
-{
- return ch == ',' || isspace (ch);
-}
-
-static bool
-is_string_in_list (const char *list,
- const char *string)
-{
- const char *where;
-
- where = strstr (list, string);
- if (where == NULL)
- return false;
-
- /* Has to be at beginning/end of string, and delimiter before/after */
- if (where != list && !is_list_delimiter (*(where - 1)))
- return false;
-
- where += strlen (string);
- return (*where == '\0' || is_list_delimiter (*where));
-}
-
-static bool
-is_module_enabled_unlocked (const char *name,
- p11_dict *config)
-{
- const char *progname;
- const char *enable_in;
- const char *disable_in;
- bool enable = false;
-
- enable_in = p11_dict_get (config, "enable-in");
- disable_in = p11_dict_get (config, "disable-in");
-
- /* Defaults to enabled if neither of these are set */
- if (!enable_in && !disable_in)
- return true;
-
- progname = _p11_get_progname_unlocked ();
- if (enable_in && disable_in)
- p11_message ("module '%s' has both enable-in and disable-in options", name);
- if (enable_in)
- enable = (progname != NULL && is_string_in_list (enable_in, progname));
- else if (disable_in)
- enable = (progname == NULL || !is_string_in_list (disable_in, progname));
-
- p11_debug ("%s module '%s' running in '%s'",
- enable ? "enabled" : "disabled",
- name,
- progname ? progname : "(null)");
- return enable;
-}
-
-static CK_RV
-take_config_and_load_module_inlock (char **name,
- p11_dict **config,
- bool critical)
-{
- const char *filename = NULL;
- const char *remote = NULL;
- CK_RV rv = CKR_OK;
- Module *mod;
-
- assert (name);
- assert (*name);
- assert (config);
- assert (*config);
-
- if (!is_module_enabled_unlocked (*name, *config))
- goto out;
-
- remote = p11_dict_get (*config, "remote");
- if (remote == NULL) {
- filename = p11_dict_get (*config, "module");
- if (filename == NULL) {
- p11_debug ("no module path for module, skipping: %s", *name);
- goto out;
- }
- }
-
- if (remote != NULL) {
- rv = setup_module_for_remote_inlock (*name, remote, &mod);
- if (rv != CKR_OK)
- goto out;
-
- } else {
-
- rv = load_module_from_file_inlock (*name, filename, &mod);
- if (rv != CKR_OK)
- goto out;
- }
-
- /*
- * We support setting of CK_C_INITIALIZE_ARGS.pReserved from
- * 'x-init-reserved' setting in the config. This only works with specific
- * PKCS#11 modules, and is non-standard use of that field.
- */
- mod->init_args.pReserved = p11_dict_get (*config, "x-init-reserved");
-
- /* Take ownership of thes evariables */
- p11_dict_free (mod->config);
- mod->config = *config;
- *config = NULL;
- free (mod->name);
- mod->name = *name;
- *name = NULL;
- mod->critical = critical;
-
-out:
- return rv;
-}
-
-static CK_RV
-load_registered_modules_unlocked (void)
-{
- p11_dictiter iter;
- p11_dict *configs;
- void *key;
- char *name;
- p11_dict *config;
- int mode;
- CK_RV rv;
- bool critical;
-
- if (gl.config)
- return CKR_OK;
-
- /* Load the global configuration files */
- config = _p11_conf_load_globals (p11_config_system_file, p11_config_user_file, &mode);
- if (config == NULL)
- return CKR_GENERAL_ERROR;
-
- assert (mode != CONF_USER_INVALID);
-
- configs = _p11_conf_load_modules (mode,
- p11_config_package_modules,
- p11_config_system_modules,
- p11_config_user_modules);
- if (configs == NULL) {
- rv = CKR_GENERAL_ERROR;
- p11_dict_free (config);
- return rv;
- }
-
- assert (gl.config == NULL);
- gl.config = config;
-
- /*
- * Now go through each config and turn it into a module. As we iterate
- * we steal the values of the config.
- */
- p11_dict_iterate (configs, &iter);
- while (p11_dict_next (&iter, &key, NULL)) {
- if (!p11_dict_steal (configs, key, (void**)&name, (void**)&config))
- assert_not_reached ();
-
- /* Is this a critical module, should abort loading of others? */
- critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false);
- rv = take_config_and_load_module_inlock (&name, &config, critical);
-
- /*
- * These variables will be cleared if ownership is transeferred
- * by the above function call.
- */
- p11_dict_free (config);
-
- if (critical && rv != CKR_OK) {
- p11_message ("aborting initialization because module '%s' was marked as critical",
- name);
- p11_dict_free (configs);
- free (name);
- return rv;
- }
-
- free (name);
- }
-
- p11_dict_free (configs);
- return CKR_OK;
-}
-
-static CK_RV
-initialize_module_inlock_reentrant (Module *mod, CK_C_INITIALIZE_ARGS *init_args)
-{
- CK_RV rv = CKR_OK;
- p11_thread_id_t self;
-
- assert (mod);
-
- self = p11_thread_id_self ();
-
- if (mod->initialize_thread == self) {
- p11_message ("p11-kit initialization called recursively");
- return CKR_FUNCTION_FAILED;
- }
-
- /*
- * Increase ref first, so module doesn't get freed out from
- * underneath us when the mutex is unlocked below.
- */
- ++mod->ref_count;
- mod->initialize_thread = self;
-
- /* Change over to the module specific mutex */
- p11_unlock ();
- p11_mutex_lock (&mod->initialize_mutex);
-
- if (mod->initialize_called != p11_forkid) {
- p11_debug ("C_Initialize: calling");
-
- /* The init_args argument takes precedence over mod->init_args */
- if (init_args == NULL)
- init_args = &mod->init_args;
-
- rv = mod->virt.funcs.C_Initialize (&mod->virt.funcs,
- init_args);
-
- p11_debug ("C_Initialize: result: %lu", rv);
-
- /* Module was initialized and C_Finalize should be called */
- if (rv == CKR_OK)
- mod->initialize_called = p11_forkid;
- else
- mod->initialize_called = 0;
-
- /* Module was already initialized, we don't call C_Finalize */
- if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED)
- rv = CKR_OK;
- }
-
- p11_mutex_unlock (&mod->initialize_mutex);
- p11_lock ();
-
- if (rv == CKR_OK) {
- /* Matches the ref count in finalize_module_inlock_reentrant() */
- if (mod->init_count == 0)
- mod->ref_count++;
- mod->init_count++;
- }
-
- mod->ref_count--;
- mod->initialize_thread = 0;
- return rv;
-}
-
-static CK_RV
-init_globals_unlocked (void)
-{
- static bool once = false;
-
- if (!gl.modules) {
- gl.modules = p11_dict_new (p11_dict_direct_hash,
- p11_dict_direct_equal,
- free_module_unlocked, NULL);
- return_val_if_fail (gl.modules != NULL, CKR_HOST_MEMORY);
- }
-
- if (!gl.unmanaged_by_funcs) {
- gl.unmanaged_by_funcs = p11_dict_new (p11_dict_direct_hash,
- p11_dict_direct_equal,
- NULL, NULL);
- return_val_if_fail (gl.unmanaged_by_funcs != NULL, CKR_HOST_MEMORY);
- }
-
- if (!gl.managed_by_closure) {
- gl.managed_by_closure = p11_dict_new (p11_dict_direct_hash,
- p11_dict_direct_equal,
- NULL, NULL);
- return_val_if_fail (gl.managed_by_closure != NULL, CKR_HOST_MEMORY);
- }
-
- if (once)
- return CKR_OK;
-
- once = true;
-
- return CKR_OK;
-}
-
-static void
-free_modules_when_no_refs_unlocked (void)
-{
- Module *mod;
- p11_dictiter iter;
-
- /* Check if any modules have a ref count */
- p11_dict_iterate (gl.modules, &iter);
- while (p11_dict_next (&iter, (void **)&mod, NULL)) {
- if (mod->ref_count)
- return;
- }
-
- p11_dict_free (gl.unmanaged_by_funcs);
- gl.unmanaged_by_funcs = NULL;
-
- p11_dict_free (gl.managed_by_closure);
- gl.managed_by_closure = NULL;
-
- p11_dict_free (gl.modules);
- gl.modules = NULL;
-
- p11_dict_free (gl.config);
- gl.config = NULL;
-}
-
-static CK_RV
-finalize_module_inlock_reentrant (Module *mod)
-{
- assert (mod);
-
- /*
- * We leave module info around until all are finalized
- * so we can encounter these zombie Module structures.
- */
- if (mod->ref_count == 0)
- return CKR_ARGUMENTS_BAD;
-
- if (--mod->init_count > 0)
- return CKR_OK;
-
- /*
- * Because of the mutex unlock below, we temporarily increase
- * the ref count. This prevents module from being freed out
- * from ounder us.
- */
-
- p11_unlock ();
- p11_mutex_lock (&mod->initialize_mutex);
-
- if (mod->initialize_called == p11_forkid) {
- mod->virt.funcs.C_Finalize (&mod->virt.funcs, NULL);
- mod->initialize_called = 0;
- }
-
- p11_mutex_unlock (&mod->initialize_mutex);
- p11_lock ();
-
- /* Match the ref increment in initialize_module_inlock_reentrant() */
- mod->ref_count--;
-
- free_modules_when_no_refs_unlocked ();
- return CKR_OK;
-}
-
-static CK_RV
-initialize_registered_inlock_reentrant (void)
-{
- p11_dictiter iter;
- Module *mod;
- CK_RV rv;
-
- /*
- * This is only called by deprecated code. The caller expects all
- * configured and enabled modules to be initialized.
- */
-
- rv = init_globals_unlocked ();
- if (rv != CKR_OK)
- return rv;
-
- rv = load_registered_modules_unlocked ();
- if (rv == CKR_OK) {
- p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
- while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) {
-
- /* Skip all modules that aren't registered or enabled */
- if (mod->name == NULL || !is_module_enabled_unlocked (mod->name, mod->config))
- continue;
-
- rv = initialize_module_inlock_reentrant (mod, NULL);
- if (rv != CKR_OK) {
- if (mod->critical) {
- p11_message ("initialization of critical module '%s' failed: %s",
- mod->name, p11_kit_strerror (rv));
- } else {
- p11_message ("skipping module '%s' whose initialization failed: %s",
- mod->name, p11_kit_strerror (rv));
- rv = CKR_OK;
- }
- }
- }
- }
-
- return rv;
-}
-
-static Module *
-module_for_functions_inlock (CK_FUNCTION_LIST *funcs)
-{
- if (p11_virtual_is_wrapper (funcs))
- return p11_dict_get (gl.managed_by_closure, funcs);
- else
- return p11_dict_get (gl.unmanaged_by_funcs, funcs);
-}
-
-static CK_FUNCTION_LIST *
-unmanaged_for_module_inlock (Module *mod)
-{
- CK_FUNCTION_LIST *funcs;
-
- funcs = mod->virt.lower_module;
- if (p11_dict_get (gl.unmanaged_by_funcs, funcs) == mod)
- return funcs;
-
- return NULL;
-}
-
-/**
- * p11_kit_initialize_registered:
- *
- * Initialize all the registered PKCS\#11 modules.
- *
- * If this is the first time this function is called multiple times
- * consecutively within a single process, then it merely increments an
- * initialization reference count for each of these modules.
- *
- * Use p11_kit_finalize_registered() to finalize these registered modules once
- * the caller is done with them.
- *
- * If this function fails, then an error message will be available via the
- * p11_kit_message() function.
- *
- * Deprecated: Since: 0.19.0: Use p11_kit_modules_load() instead.
- *
- * Returns: CKR_OK if the initialization succeeded, or an error code.
- */
-CK_RV
-p11_kit_initialize_registered (void)
-{
- CK_RV rv;
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant */
- p11_debug ("in");
-
- p11_lock ();
-
- p11_message_clear ();
-
- /* WARNING: Reentrancy can occur here */
- rv = initialize_registered_inlock_reentrant ();
-
- _p11_kit_default_message (rv);
-
- p11_unlock ();
-
- /* Cleanup any partial initialization */
- if (rv != CKR_OK)
- p11_kit_finalize_registered ();
-
- p11_debug ("out: %lu", rv);
- return rv;
-}
-
-static CK_RV
-finalize_registered_inlock_reentrant (void)
-{
- Module *mod;
- p11_dictiter iter;
- Module **to_finalize;
- int i, count;
-
- /*
- * This is only called from deprecated code. The caller expects all
- * modules initialized earlier to be finalized (once). If non-critical
- * modules failed to initialize, then it is not possible to completely
- * guarantee the internal state.
- */
-
- if (!gl.modules)
- return CKR_CRYPTOKI_NOT_INITIALIZED;
-
- /* WARNING: This function must be reentrant */
-
- to_finalize = calloc (p11_dict_size (gl.unmanaged_by_funcs), sizeof (Module *));
- if (!to_finalize)
- return CKR_HOST_MEMORY;
-
- count = 0;
- p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
- while (p11_dict_next (&iter, NULL, (void **)&mod)) {
-
- /* Skip all modules that aren't registered */
- if (mod->name && mod->init_count)
- to_finalize[count++] = mod;
- }
-
- p11_debug ("finalizing %d modules", count);
-
- for (i = 0; i < count; ++i) {
- /* WARNING: Reentrant calls can occur here */
- finalize_module_inlock_reentrant (to_finalize[i]);
- }
-
- free (to_finalize);
-
- /* In case nothing loaded, free up internal memory */
- if (count == 0)
- free_modules_when_no_refs_unlocked ();
-
- return CKR_OK;
-}
-
-/**
- * p11_kit_finalize_registered:
- *
- * Finalize all the registered PKCS\#11 modules. These should have been
- * initialized with p11_kit_initialize_registered().
- *
- * If p11_kit_initialize_registered() has been called more than once in this
- * process, then this function must be called the same number of times before
- * actual finalization will occur.
- *
- * If this function fails, then an error message will be available via the
- * p11_kit_message() function.
- *
- * Deprecated: Since 0.19.0: Use p11_kit_modules_release() instead.
- *
- * Returns: CKR_OK if the finalization succeeded, or an error code.
- */
-
-CK_RV
-p11_kit_finalize_registered (void)
-{
- CK_RV rv;
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant */
- p11_debug ("in");
-
- p11_lock ();
-
- p11_message_clear ();
-
- /* WARNING: Reentrant calls can occur here */
- rv = finalize_registered_inlock_reentrant ();
-
- _p11_kit_default_message (rv);
-
- p11_unlock ();
-
- p11_debug ("out: %lu", rv);
- return rv;
-}
-
-static int
-compar_priority (const void *one,
- const void *two)
-{
- CK_FUNCTION_LIST_PTR f1 = *((CK_FUNCTION_LIST_PTR *)one);
- CK_FUNCTION_LIST_PTR f2 = *((CK_FUNCTION_LIST_PTR *)two);
- Module *m1, *m2;
- const char *v1, *v2;
- int o1, o2;
-
- m1 = module_for_functions_inlock (f1);
- m2 = module_for_functions_inlock (f2);
- assert (m1 != NULL && m2 != NULL);
-
- v1 = p11_dict_get (m1->config, "priority");
- v2 = p11_dict_get (m2->config, "priority");
-
- o1 = atoi (v1 ? v1 : "0");
- o2 = atoi (v2 ? v2 : "0");
-
- /* Priority is in descending order, highest first */
- if (o1 != o2)
- return o1 > o2 ? -1 : 1;
-
- /*
- * Otherwise use the names alphabetically in ascending order. This
- * is really just to provide consistency between various loads of
- * the configuration.
- */
- if (m1->name == m2->name)
- return 0;
- if (!m1->name)
- return -1;
- if (!m2->name)
- return 1;
- return strcmp (m1->name, m2->name);
-}
-
-static void
-sort_modules_by_priority (CK_FUNCTION_LIST_PTR *modules,
- int count)
-{
- qsort (modules, count, sizeof (CK_FUNCTION_LIST_PTR), compar_priority);
-}
-
-static CK_FUNCTION_LIST **
-list_registered_modules_inlock (void)
-{
- CK_FUNCTION_LIST **result = NULL;
- CK_FUNCTION_LIST *funcs;
- Module *mod;
- p11_dictiter iter;
- int i = 0;
-
- /*
- * This is only called by deprecated code. The caller expects to get
- * a list of all registered enabled modules that have been initialized.
- */
-
- if (gl.unmanaged_by_funcs) {
- result = calloc (p11_dict_size (gl.unmanaged_by_funcs) + 1,
- sizeof (CK_FUNCTION_LIST *));
- return_val_if_fail (result != NULL, NULL);
-
- p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
- while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) {
-
- /*
- * We don't include unreferenced modules. We don't include
- * modules that have been initialized but aren't in the
- * registry. These have a NULL name.
- *
- * In addition we check again that the module isn't disabled
- * using enable-in or disable-in. This is because a caller
- * can change the progname we recognize the process as after
- * having initialized. This is a corner case, but want to make
- * sure to cover it.
- */
- if (mod->ref_count && mod->name && mod->init_count &&
- is_module_enabled_unlocked (mod->name, mod->config)) {
- result[i++] = funcs;
- }
- }
-
- sort_modules_by_priority (result, i);
- }
-
- return result;
-}
-
-/**
- * p11_kit_registered_modules:
- *
- * Get a list of all the registered PKCS\#11 modules. This list will be valid
- * once the p11_kit_initialize_registered() function has been called.
- *
- * The returned value is a <code>NULL</code> terminated array of
- * <code>CK_FUNCTION_LIST_PTR</code> pointers.
- *
- * The returned modules are unmanaged.
- *
- * Deprecated: Since 0.19.0: Use p11_kit_modules_load() instead.
- *
- * Returns: A list of all the registered modules. Use the free() function to
- * free the list.
- */
-CK_FUNCTION_LIST_PTR_PTR
-p11_kit_registered_modules (void)
-{
- CK_FUNCTION_LIST_PTR_PTR result;
-
- p11_library_init_once ();
-
- p11_lock ();
-
- p11_message_clear ();
-
- result = list_registered_modules_inlock ();
-
- p11_unlock ();
-
- return result;
-}
-
-/**
- * p11_kit_registered_module_to_name:
- * @module: pointer to a registered module
- *
- * Get the name of a registered PKCS\#11 module.
- *
- * You can use p11_kit_registered_modules() to get a list of all the registered
- * modules. This name is specified by the registered module configuration.
- *
- * Deprecated: Since 0.19.0: Use p11_kit_module_get_name() instead.
- *
- * Returns: A newly allocated string containing the module name, or
- * <code>NULL</code> if no such registered module exists. Use free() to
- * free this string.
- */
-char*
-p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module)
-{
- return_val_if_fail (module != NULL, NULL);
- return p11_kit_module_get_name (module);
-}
-
-/**
- * p11_kit_module_get_name:
- * @module: pointer to a loaded module
- *
- * Get the configured name of the PKCS\#11 module.
- *
- * Configured modules are loaded by p11_kit_modules_load(). The module
- * passed to this function can be either managed or unmanaged. Non
- * configured modules will return %NULL.
- *
- * Use free() to release the return value when you're done with it.
- *
- * Returns: a newly allocated string containing the module name, or
- * <code>NULL</code> if the module is not a configured module
- */
-char *
-p11_kit_module_get_name (CK_FUNCTION_LIST *module)
-{
- Module *mod;
- char *name = NULL;
-
- return_val_if_fail (module != NULL, NULL);
-
- p11_library_init_once ();
-
- p11_lock ();
-
- p11_message_clear ();
-
- if (gl.modules) {
- mod = module_for_functions_inlock (module);
- if (mod && mod->name)
- name = strdup (mod->name);
- }
-
- p11_unlock ();
-
- return name;
-}
-
-/**
- * p11_kit_module_get_filename:
- * @module: pointer to a loaded module
- *
- * Get the configured name of the PKCS\#11 module.
- *
- * Configured modules are loaded by p11_kit_modules_load(). The module
- * passed to this function can be either managed or unmanaged. Non
- * configured modules will return %NULL.
- *
- * Use free() to release the return value when you're done with it.
- *
- * Returns: a newly allocated string containing the module name, or
- * <code>NULL</code> if the module is not a configured module
- */
-char *
-p11_kit_module_get_filename (CK_FUNCTION_LIST *module)
-{
- Module *mod;
- char *name = NULL;
-
- return_val_if_fail (module != NULL, NULL);
-
- p11_library_init_once ();
-
- p11_lock ();
-
- p11_message_clear ();
-
- if (gl.modules) {
- mod = module_for_functions_inlock (module);
- if (mod && mod->filename)
- name = strdup (mod->filename);
- }
-
- p11_unlock ();
-
- return name;
-}
-
-static const char *
-module_get_option_inlock (Module *mod,
- const char *option)
-{
- p11_dict *config;
-
- if (mod == NULL)
- config = gl.config;
- else
- config = mod->config;
- if (config == NULL)
- return NULL;
- return p11_dict_get (config, option);
-}
-
-/**
- * p11_kit_module_get_flags:
- * @module: the module
- *
- * Get the flags for this module.
- *
- * The %P11_KIT_MODULE_UNMANAGED flag will be set if the module is not
- * managed by p11-kit. It is a raw PKCS\#11 module function list.
- *
- * The %P11_KIT_MODULE_CRITICAL flag will be set if the module is configured
- * to be critical, and not be skipped over if it fails to initialize or
- * load. This flag is also set for modules that are not configured, but have
- * been loaded in another fashion.
- *
- * Returns: the flags for the module
- */
-int
-p11_kit_module_get_flags (CK_FUNCTION_LIST *module)
-{
- const char *trusted;
- Module *mod;
- int flags = 0;
-
- return_val_if_fail (module != NULL, 0);
-
- p11_library_init_once ();
-
- p11_lock ();
-
- p11_message_clear ();
-
- if (gl.modules) {
- if (p11_virtual_is_wrapper (module)) {
- mod = p11_dict_get (gl.managed_by_closure, module);
- } else {
- flags |= P11_KIT_MODULE_UNMANAGED;
- mod = p11_dict_get (gl.unmanaged_by_funcs, module);
- }
- if (!mod || mod->critical)
- flags |= P11_KIT_MODULE_CRITICAL;
- if (mod) {
- trusted = module_get_option_inlock (mod, "trust-policy");
- if (_p11_conf_parse_boolean (trusted, false))
- flags |= P11_KIT_MODULE_TRUSTED;
- }
- }
-
- p11_unlock ();
-
- return flags;
-}
-
-/**
- * p11_kit_registered_name_to_module:
- * @name: name of a registered module
- *
- * Lookup a registered PKCS\#11 module by its name. This name is specified by
- * the registered module configuration.
- *
- * Deprecated: Since 0.19.0: Use p11_kit_module_for_name() instead.
- *
- * Returns: a pointer to a PKCS\#11 module, or <code>NULL</code> if this name was
- * not found.
- */
-CK_FUNCTION_LIST_PTR
-p11_kit_registered_name_to_module (const char *name)
-{
- CK_FUNCTION_LIST_PTR module = NULL;
- CK_FUNCTION_LIST_PTR funcs;
- p11_dictiter iter;
- Module *mod;
-
- return_val_if_fail (name != NULL, NULL);
-
- p11_lock ();
-
- p11_message_clear ();
-
- if (gl.modules) {
-
- assert (name);
-
- p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
- while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) {
- if (mod->ref_count && mod->name && strcmp (name, mod->name) == 0) {
- module = funcs;
- break;
- }
- }
- }
-
- p11_unlock ();
-
- return module;
-}
-
-/**
- * p11_kit_module_for_name:
- * @modules: a list of modules to look through
- * @name: the name of the module to find
- *
- * Look through the list of @modules and return the module whose @name
- * matches.
- *
- * Only configured modules have names. Configured modules are loaded by
- * p11_kit_modules_load(). The module passed to this function can be either
- * managed or unmanaged.
- *
- * The return value is not copied or duplicated in anyway. It is still
- * 'owned' by the @modules list.
- *
- * Returns: the module which matches the name, or %NULL if no match.
- */
-CK_FUNCTION_LIST *
-p11_kit_module_for_name (CK_FUNCTION_LIST **modules,
- const char *name)
-{
- CK_FUNCTION_LIST *ret = NULL;
- Module *mod;
- int i;
-
- return_val_if_fail (name != NULL, NULL);
-
- if (!modules)
- return NULL;
-
- p11_library_init_once ();
-
- p11_lock ();
-
- p11_message_clear ();
-
- for (i = 0; gl.modules && modules[i] != NULL; i++) {
- mod = module_for_functions_inlock (modules[i]);
- if (mod && mod->name && strcmp (mod->name, name) == 0) {
- ret = modules[i];
- break;
- }
- }
-
- p11_unlock ();
-
- return ret;
-}
-
-/**
- * p11_kit_registered_option:
- * @module: a pointer to a registered module
- * @field: the name of the option to lookup.
- *
- * Lookup a configured option for a registered PKCS\#11 module. If a
- * <code>NULL</code> module argument is specified, then this will lookup
- * the configuration option in the global config file.
- *
- * Deprecated: Since 0.19.0: Use p11_kit_config_option() instead.
- *
- * Returns: A newly allocated string containing the option value, or
- * <code>NULL</code> if the registered module or the option were not found.
- * Use free() to free the returned string.
- */
-char*
-p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, const char *field)
-{
- Module *mod = NULL;
- char *option = NULL;
- const char *value;
-
- return_val_if_fail (field != NULL, NULL);
-
- p11_library_init_once ();
-
- p11_lock ();
-
- p11_message_clear ();
-
- if (module == NULL)
- mod = NULL;
- else
- mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL;
-
- value = module_get_option_inlock (mod, field);
- if (value)
- option = strdup (value);
-
- p11_unlock ();
-
- return option;
-}
-
-/**
- * p11_kit_config_option:
- * @module: the module to retrieve the option for, or %NULL for global options
- * @option: the option to retrieve
- *
- * Retrieve the value for a configured option.
- *
- * If @module is %NULL, then the global option with the given name will
- * be retrieved. Otherwise @module should point to a configured loaded module.
- * If no such @option or configured @module exists, then %NULL will be returned.
- *
- * Use free() to release the returned value.
- *
- * Returns: the option value or %NULL
- */
-char *
-p11_kit_config_option (CK_FUNCTION_LIST *module,
- const char *option)
-{
- Module *mod = NULL;
- const char *value = NULL;
- char *ret = NULL;
-
- return_val_if_fail (option != NULL, NULL);
-
- p11_library_init_once ();
-
- p11_lock ();
-
- p11_message_clear ();
-
- if (gl.modules) {
- if (module != NULL) {
- mod = module_for_functions_inlock (module);
- if (mod == NULL)
- goto cleanup;
- }
-
- value = module_get_option_inlock (mod, option);
- if (value)
- ret = strdup (value);
- }
-
-
-cleanup:
- p11_unlock ();
- return ret;
-}
-
-typedef struct {
- p11_virtual virt;
- Module *mod;
- unsigned int initialized;
- p11_dict *sessions;
-} Managed;
-
-static CK_RV
-managed_C_Initialize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR init_args)
-{
- Managed *managed = ((Managed *)self);
- p11_dict *sessions;
- CK_RV rv;
-
- p11_debug ("in");
- p11_lock ();
-
- if (managed->initialized == p11_forkid) {
- rv = CKR_CRYPTOKI_ALREADY_INITIALIZED;
-
- } else {
- sessions = p11_dict_new (p11_dict_ulongptr_hash,
- p11_dict_ulongptr_equal,
- free, free);
- if (!sessions)
- rv = CKR_HOST_MEMORY;
- else
- rv = initialize_module_inlock_reentrant (managed->mod, init_args);
- if (rv == CKR_OK) {
- if (managed->sessions)
- p11_dict_free (managed->sessions);
- managed->sessions = sessions;
- managed->initialized = p11_forkid;
- } else {
- p11_dict_free (sessions);
- }
- }
-
- p11_unlock ();
- p11_debug ("out: %lu", rv);
-
- return rv;
-}
-
-static CK_RV
-managed_track_session_inlock (p11_dict *sessions,
- CK_SLOT_ID slot_id,
- CK_SESSION_HANDLE session)
-{
- void *key;
- void *value;
-
- key = memdup (&session, sizeof (CK_SESSION_HANDLE));
- return_val_if_fail (key != NULL, CKR_HOST_MEMORY);
-
- value = memdup (&slot_id, sizeof (CK_SESSION_HANDLE));
- return_val_if_fail (value != NULL, CKR_HOST_MEMORY);
-
- if (!p11_dict_set (sessions, key, value))
- return_val_if_reached (CKR_HOST_MEMORY);
-
- return CKR_OK;
-}
-
-static void
-managed_untrack_session_inlock (p11_dict *sessions,
- CK_SESSION_HANDLE session)
-{
- p11_dict_remove (sessions, &session);
-}
-
-static CK_SESSION_HANDLE *
-managed_steal_sessions_inlock (p11_dict *sessions,
- bool matching_slot_id,
- CK_SLOT_ID slot_id,
- int *count)
-{
- CK_SESSION_HANDLE *stolen;
- CK_SESSION_HANDLE *key;
- CK_SLOT_ID *value;
- p11_dictiter iter;
- int at, i;
-
- assert (sessions != NULL);
- assert (count != NULL);
-
- stolen = calloc (p11_dict_size (sessions), sizeof (CK_SESSION_HANDLE));
- return_val_if_fail (stolen != NULL, NULL);
-
- at = 0;
- p11_dict_iterate (sessions, &iter);
- while (p11_dict_next (&iter, (void **)&key, (void **)&value)) {
- if (!matching_slot_id || slot_id == *value)
- stolen[at++] = *key;
- }
-
- /* Removed them all, clear the whole array */
- if (at == p11_dict_size (sessions)) {
- p11_dict_clear (sessions);
-
- /* Only removed some, go through and remove those */
- } else {
- for (i = 0; i < at; i++) {
- if (!p11_dict_remove (sessions, stolen + at))
- assert_not_reached ();
- }
- }
-
- *count = at;
- return stolen;
-}
-
-static void
-managed_close_sessions (CK_X_FUNCTION_LIST *funcs,
- CK_SESSION_HANDLE *stolen,
- int count)
-{
- CK_RV rv;
- int i;
-
- for (i = 0; i < count; i++) {
- rv = funcs->C_CloseSession (funcs, stolen[i]);
- if (rv != CKR_OK)
- p11_message ("couldn't close session: %s", p11_kit_strerror (rv));
- }
-}
-
-static CK_RV
-managed_C_Finalize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR reserved)
-{
- Managed *managed = ((Managed *)self);
- CK_SESSION_HANDLE *sessions;
- int count;
- CK_RV rv;
-
- p11_debug ("in");
- p11_lock ();
-
- if (managed->initialized == 0) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- } else if (managed->initialized != p11_forkid) {
- /*
- * In theory we should be returning CKR_CRYPTOKI_NOT_INITIALIZED here
- * but enough callers are not completely aware of their forking.
- * So we just clean up any state we have, rather than forcing callers
- * to initialize just to finalize.
- */
- p11_debug ("finalizing module in wrong process, skipping C_Finalize");
- rv = CKR_OK;
-
- } else {
- sessions = managed_steal_sessions_inlock (managed->sessions, false, 0, &count);
-
- if (sessions && count) {
- /* WARNING: reentrancy can occur here */
- p11_unlock ();
- managed_close_sessions (&managed->mod->virt.funcs, sessions, count);
- p11_lock ();
- }
-
- free (sessions);
-
- /* WARNING: reentrancy can occur here */
- rv = finalize_module_inlock_reentrant (managed->mod);
- }
-
- if (rv == CKR_OK) {
- managed->initialized = 0;
- p11_dict_free (managed->sessions);
- managed->sessions = NULL;
- }
-
- p11_unlock ();
- p11_debug ("out: %lu", rv);
-
- return rv;
-}
-
-static CK_RV
-managed_C_OpenSession (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR application,
- CK_NOTIFY notify,
- CK_SESSION_HANDLE_PTR session)
-{
- Managed *managed = ((Managed *)self);
- CK_RV rv;
-
- return_val_if_fail (session != NULL, CKR_ARGUMENTS_BAD);
-
- self = &managed->mod->virt.funcs;
- rv = self->C_OpenSession (self, slot_id, flags, application, notify, session);
-
- if (rv == CKR_OK) {
- p11_lock ();
- rv = managed_track_session_inlock (managed->sessions, slot_id, *session);
- p11_unlock ();
- }
-
- return rv;
-}
-
-static CK_RV
-managed_C_CloseSession (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- Managed *managed = ((Managed *)self);
- CK_RV rv;
-
- self = &managed->mod->virt.funcs;
- rv = self->C_CloseSession (self, session);
-
- if (rv == CKR_OK) {
- p11_lock ();
- managed_untrack_session_inlock (managed->sessions, session);
- p11_unlock ();
- }
-
- return rv;
-}
-
-static CK_RV
-managed_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id)
-{
- Managed *managed = ((Managed *)self);
- CK_SESSION_HANDLE *stolen;
- int count;
-
- p11_lock ();
- stolen = managed_steal_sessions_inlock (managed->sessions, true, slot_id, &count);
- p11_unlock ();
-
- self = &managed->mod->virt.funcs;
- managed_close_sessions (self, stolen, count);
- if (stolen) {
- free (stolen);
- return CKR_OK;
- } else {
- return CKR_GENERAL_ERROR;
- }
-
-}
-
-static void
-managed_free_inlock (void *data)
-{
- Managed *managed = data;
- managed->mod->ref_count--;
- free (managed);
-}
-
-static p11_virtual *
-managed_create_inlock (Module *mod)
-{
- Managed *managed;
-
- managed = calloc (1, sizeof (Managed));
- return_val_if_fail (managed != NULL, NULL);
-
- p11_virtual_init (&managed->virt, &p11_virtual_stack,
- &mod->virt, NULL);
- managed->virt.funcs.C_Initialize = managed_C_Initialize;
- managed->virt.funcs.C_Finalize = managed_C_Finalize;
- managed->virt.funcs.C_CloseAllSessions = managed_C_CloseAllSessions;
- managed->virt.funcs.C_CloseSession = managed_C_CloseSession;
- managed->virt.funcs.C_OpenSession = managed_C_OpenSession;
- managed->mod = mod;
- mod->ref_count++;
-
- return &managed->virt;
-}
-
-static bool
-lookup_managed_option (Module *mod,
- bool supported,
- const char *option,
- bool def_value)
-{
- const char *string;
- bool value;
-
- string = module_get_option_inlock (NULL, option);
- if (!string)
- string = module_get_option_inlock (mod, option);
- if (!string) {
- if (!supported)
- return false;
- return def_value;
- }
-
- value = _p11_conf_parse_boolean (string, def_value);
-
- if (!supported && value != supported) {
- if (!p11_virtual_can_wrap ()) {
- /*
- * This is because libffi dependency was not built. The libffi dependency
- * is highly recommended and building without it results in a large loss
- * of functionality.
- */
- p11_message ("the '%s' option for module '%s' is not supported on this system",
- option, mod->name);
- } else {
- /*
- * This is because the module is running in unmanaged mode, so turn off the
- */
- p11_message ("the '%s' option for module '%s' is only supported for managed modules",
- option, mod->name);
- }
- return false;
- }
-
- return value;
-}
-
-static CK_RV
-release_module_inlock_rentrant (CK_FUNCTION_LIST *module,
- const char *caller_func)
-{
- Module *mod;
-
- assert (module != NULL);
-
- /* See if a managed module, and finalize if so */
- if (p11_virtual_is_wrapper (module)) {
- mod = p11_dict_get (gl.managed_by_closure, module);
- if (mod != NULL) {
- if (!p11_dict_remove (gl.managed_by_closure, module))
- assert_not_reached ();
- p11_virtual_unwrap (module);
- }
-
- /* If an unmanaged module then caller should have finalized */
- } else {
- mod = p11_dict_get (gl.unmanaged_by_funcs, module);
- }
-
- if (mod == NULL) {
- p11_debug_precond ("invalid module pointer passed to %s", caller_func);
- return CKR_ARGUMENTS_BAD;
- }
-
- /* Matches the ref in prepare_module_inlock_reentrant() */
- mod->ref_count--;
- return CKR_OK;
-}
-
-CK_RV
-p11_modules_release_inlock_reentrant (CK_FUNCTION_LIST **modules)
-{
- CK_RV ret = CKR_OK;
- CK_RV rv;
- int i;
-
- for (i = 0; modules[i] != NULL; i++) {
- rv = release_module_inlock_rentrant (modules[i], __PRETTY_FUNCTION__);
- if (rv != CKR_OK)
- ret = rv;
- }
-
- free (modules);
-
- /* In case nothing loaded, free up internal memory */
- free_modules_when_no_refs_unlocked ();
-
- return ret;
-}
-
-static CK_RV
-prepare_module_inlock_reentrant (Module *mod,
- int flags,
- CK_FUNCTION_LIST **module)
-{
- p11_destroyer destroyer;
- const char *trusted;
- p11_virtual *virt;
- bool is_managed;
- bool with_log;
-
- assert (module != NULL);
-
- if (flags & P11_KIT_MODULE_TRUSTED) {
- trusted = module_get_option_inlock (mod, "trust-policy");
- if (!_p11_conf_parse_boolean (trusted, false))
- return CKR_FUNCTION_NOT_SUPPORTED;
- }
-
- if (flags & P11_KIT_MODULE_UNMANAGED) {
- is_managed = false;
- with_log = false;
- } else {
- is_managed = lookup_managed_option (mod, p11_virtual_can_wrap (), "managed", true);
- with_log = lookup_managed_option (mod, is_managed, "log-calls", false);
- }
-
- if (is_managed) {
- virt = managed_create_inlock (mod);
- return_val_if_fail (virt != NULL, CKR_HOST_MEMORY);
- destroyer = managed_free_inlock;
-
- /* Add the logger if configured */
- if (p11_log_force || with_log) {
- virt = p11_log_subclass (virt, destroyer);
- destroyer = p11_log_release;
- }
-
- *module = p11_virtual_wrap (virt, destroyer);
- return_val_if_fail (*module != NULL, CKR_GENERAL_ERROR);
-
- if (!p11_dict_set (gl.managed_by_closure, *module, mod))
- return_val_if_reached (CKR_HOST_MEMORY);
-
- } else {
- *module = unmanaged_for_module_inlock (mod);
- if (*module == NULL)
- return CKR_FUNCTION_NOT_SUPPORTED;
- }
-
- /* Matches the deref in release_module_inlock_rentrant() */
- mod->ref_count++;
- return CKR_OK;
-}
-
-CK_RV
-p11_modules_load_inlock_reentrant (int flags,
- CK_FUNCTION_LIST ***results)
-{
- CK_FUNCTION_LIST **modules;
- Module *mod;
- p11_dictiter iter;
- CK_RV rv;
- int at;
-
- rv = init_globals_unlocked ();
- if (rv != CKR_OK)
- return rv;
-
- rv = load_registered_modules_unlocked ();
- if (rv != CKR_OK)
- return rv;
-
- modules = calloc (p11_dict_size (gl.modules) + 1, sizeof (CK_FUNCTION_LIST *));
- return_val_if_fail (modules != NULL, CKR_HOST_MEMORY);
-
- at = 0;
- rv = CKR_OK;
-
- p11_dict_iterate (gl.modules, &iter);
- while (p11_dict_next (&iter, NULL, (void **)&mod)) {
-
- /*
- * We don't include unreferenced modules. We don't include
- * modules that have been initialized but aren't in the
- * registry. These have a NULL name.
- *
- * In addition we check again that the module isn't disabled
- * using enable-in or disable-in. This is because a caller
- * can change the progname we recognize the process as after
- * having initialized. This is a corner case, but want to make
- * sure to cover it.
- */
- if (!mod->name || !is_module_enabled_unlocked (mod->name, mod->config))
- continue;
-
- rv = prepare_module_inlock_reentrant (mod, flags, modules + at);
- if (rv == CKR_OK)
- at++;
- else if (rv == CKR_FUNCTION_NOT_SUPPORTED)
- rv = CKR_OK;
- else
- break;
- }
-
- modules[at] = NULL;
-
- if (rv != CKR_OK) {
- p11_modules_release_inlock_reentrant (modules);
- return rv;
- }
-
- sort_modules_by_priority (modules, at);
- *results = modules;
- return CKR_OK;
-}
-
-/**
- * p11_kit_modules_load:
- * @reserved: set to %NULL
- * @flags: flags to use to load the module
- *
- * Load the configured PKCS\#11 modules.
- *
- * If @flags contains the %P11_KIT_MODULE_UNMANAGED flag, then the
- * modules will be not be loaded in 'managed' mode regardless of its
- * configuration. This is not recommended for general usage.
- *
- * If @flags contains the %P11_KIT_MODULE_CRITICAL flag then the
- * modules will all be treated as 'critical', regardless of the module
- * configuration. This means that a failure to load any module will
- * cause this function to fail.
- *
- * For unmanaged modules there is no guarantee to the state of the
- * modules. Other callers may be using the modules. Using unmanaged
- * modules haphazardly is not recommended for this reason. Some
- * modules (such as those configured with RPC) cannot be loaded in
- * unmanaged mode, and will be skipped.
- *
- * Use p11_kit_modules_release() to release the modules returned by
- * this function.
- *
- * If this function fails, then an error message will be available via the
- * p11_kit_message() function.
- *
- * Returns: a null terminated list of modules represented as PKCS\#11
- * function lists, or %NULL on failure
- */
-CK_FUNCTION_LIST **
-p11_kit_modules_load (const char *reserved,
- int flags)
-{
- CK_FUNCTION_LIST **modules;
- CK_RV rv;
-
- /* progname attribute not implemented yet */
- return_val_if_fail (reserved == NULL, NULL);
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant */
- p11_debug ("in");
-
- p11_lock ();
-
- p11_message_clear ();
-
- /* WARNING: Reentrancy can occur here */
- rv = p11_modules_load_inlock_reentrant (flags, &modules);
-
- p11_unlock ();
-
- if (rv != CKR_OK)
- modules = NULL;
-
- p11_debug ("out: %s", modules ? "success" : "fail");
- return modules;
-}
-
-/**
- * p11_kit_modules_initialize:
- * @modules: a %NULL terminated list of modules
- * @failure_callback: called with modules that fail to initialize
- *
- * Initialize all the modules in the @modules list by calling their
- * <literal>C_Initialize</literal> function.
- *
- * For managed modules the <literal>C_Initialize</literal> function
- * is overridden so that multiple callers can initialize the same
- * modules. In addition for managed modules multiple callers can
- * initialize from different threads, and still guarantee consistent
- * thread-safe behavior.
- *
- * For unmanaged modules if multiple callers try to initialize
- * a module, then one of the calls will return
- * <literal>CKR_CRYPTOKI_ALREADY_INITIALIZED</literal> according to the
- * PKCS\#11 specification. In addition there are no guarantees that
- * thread-safe behavior will occur if multiple callers initialize from
- * different threads.
- *
- * When a module fails to initialize it is removed from the @modules list.
- * If the @failure_callback is not %NULL then it is called with the modules that
- * fail to initialize. For example, you may pass p11_kit_module_release()
- * as a @failure_callback if the @modules list was loaded wit p11_kit_modules_load().
- *
- * The return value will return the failure code of the last critical
- * module that failed to initialize. Non-critical module failures do not affect
- * the return value. If no critical modules failed to initialize then the
- * return value will be <literal>CKR_OK</literal>.
- *
- * When modules are removed, the list will be %NULL terminated at the
- * appropriate place so it can continue to be used as a modules list.
- *
- * This function does not accept a <code>CK_C_INITIALIZE_ARGS</code> argument.
- * Custom initialization arguments cannot be supported when multiple consumers
- * load the same module.
- *
- * Returns: <literal>CKR_OK</literal> or the failure code of the last critical
- * module that failed to initialize.
- */
-CK_RV
-p11_kit_modules_initialize (CK_FUNCTION_LIST **modules,
- p11_kit_destroyer failure_callback)
-{
- CK_RV ret = CKR_OK;
- CK_RV rv;
- bool critical;
- char *name;
- int i, out;
-
- return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD);
-
- for (i = 0, out = 0; modules[i] != NULL; i++, out++) {
- rv = modules[i]->C_Initialize (NULL);
- if (rv != CKR_OK) {
- name = p11_kit_module_get_name (modules[i]);
- if (name == NULL)
- name = strdup ("(unknown)");
- return_val_if_fail (name != NULL, CKR_HOST_MEMORY);
- critical = (p11_kit_module_get_flags (modules[i]) & P11_KIT_MODULE_CRITICAL);
- p11_message ("%s: module failed to initialize%s: %s",
- name, critical ? "" : ", skipping", p11_kit_strerror (rv));
- if (critical)
- ret = rv;
- if (failure_callback)
- failure_callback (modules[i]);
- out--;
- free (name);
- } else {
- modules[out] = modules[i];
- }
- }
-
- /* NULL terminate after above changes */
- modules[out] = NULL;
- return ret;
-}
-
-/**
- * p11_kit_modules_load_and_initialize:
- * @flags: flags to use to load the modules
- *
- * Load and initialize configured modules.
- *
- * If a critical module fails to load or initialize then the function will
- * return <literal>NULL</literal>. Non-critical modules will be skipped
- * and not included in the returned module list.
- *
- * Use p11_kit_modules_finalize_and_release() when you're done with the
- * modules returned by this function.
- *
- * Returns: a <literal>NULL</literal> terminated list of modules, or
- * <literal>NULL</literal> on failure
- */
-CK_FUNCTION_LIST **
-p11_kit_modules_load_and_initialize (int flags)
-{
- CK_FUNCTION_LIST **modules;
- CK_RV rv;
-
- modules = p11_kit_modules_load (NULL, flags);
- if (modules == NULL)
- return NULL;
-
- rv = p11_kit_modules_initialize (modules, (p11_destroyer)p11_kit_module_release);
- if (rv != CKR_OK) {
- p11_kit_modules_release (modules);
- modules = NULL;
- }
-
- return modules;
-}
-
-/**
- * p11_kit_modules_finalize:
- * @modules: a <literal>NULL</literal> terminated list of modules
- *
- * Finalize each module in the @modules list by calling its
- * <literal>C_Finalize</literal> function. Regardless of failures, all
- * @modules will have their <literal>C_Finalize</literal> function called.
- *
- * If a module returns a failure from its <literal>C_Finalize</literal>
- * method it will be returned. If multiple modules fail, the last failure
- * will be returned.
- *
- * For managed modules the <literal>C_Finalize</literal> function
- * is overridden so that multiple callers can finalize the same
- * modules. In addition for managed modules multiple callers can
- * finalize from different threads, and still guarantee consistent
- * thread-safe behavior.
- *
- * For unmanaged modules if multiple callers try to finalize
- * a module, then one of the calls will return
- * <literal>CKR_CRYPTOKI_NOT_INITIALIZED</literal> according to the
- * PKCS\#11 specification. In addition there are no guarantees that
- * thread-safe behavior will occur if multiple callers finalize from
- * different threads.
- *
- * Returns: <literal>CKR_OK</literal> or the failure code of the last
- * module that failed to finalize
- */
-CK_RV
-p11_kit_modules_finalize (CK_FUNCTION_LIST **modules)
-{
- CK_RV ret = CKR_OK;
- CK_RV rv;
- char *name;
- int i;
-
- return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD);
-
- for (i = 0; modules[i] != NULL; i++) {
- rv = modules[i]->C_Finalize (NULL);
- if (rv != CKR_OK) {
- name = p11_kit_module_get_name (modules[i]);
- p11_message ("%s: module failed to finalize: %s",
- name ? name : "(unknown)", p11_kit_strerror (rv));
- free (name);
- ret = rv;
- }
- }
-
- return ret;
-}
-
-/**
- * p11_kit_modules_release:
- * @modules: the modules to release
- *
- * Release the a set of loaded PKCS\#11 modules.
- *
- * The modules may be either managed or unmanaged. The array containing
- * the module pointers is also freed by this function.
- *
- * Managed modules will not be actually released until all
- * callers using them have done so. If the modules were initialized, they
- * should have been finalized first.
- */
-void
-p11_kit_modules_release (CK_FUNCTION_LIST **modules)
-{
- p11_library_init_once ();
-
- return_if_fail (modules != NULL);
-
- /* WARNING: This function must be reentrant */
- p11_debug ("in");
-
- p11_lock ();
-
- p11_message_clear ();
- p11_modules_release_inlock_reentrant (modules);
-
- p11_unlock ();
-
- p11_debug ("out");
-}
-
-/**
- * p11_kit_modules_finalize_and_release:
- * @modules: the modules to release
- *
- * Finalize and then release the a set of loaded PKCS\#11 modules.
- *
- * The modules may be either managed or unmanaged. The array containing
- * the module pointers is also freed by this function.
- *
- * Modules are released even if their finalization returns an error code.
- * Managed modules will not be actually finalized or released until all
- * callers using them have done so.
- *
- * For managed modules the <literal>C_Finalize</literal> function
- * is overridden so that multiple callers can finalize the same
- * modules. In addition for managed modules multiple callers can
- * finalize from different threads, and still guarantee consistent
- * thread-safe behavior.
- *
- * For unmanaged modules if multiple callers try to finalize
- * a module, then one of the calls will return
- * <literal>CKR_CRYPTOKI_NOT_INITIALIZED</literal> according to the
- * PKCS\#11 specification. In addition there are no guarantees that
- * thread-safe behavior will occur if multiple callers initialize from
- * different threads.
- */
-void
-p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules)
-{
- return_if_fail (modules != NULL);
- p11_kit_modules_finalize (modules);
- p11_kit_modules_release (modules);
-}
-
-/**
- * p11_kit_initialize_module:
- * @module: loaded module to initialize.
- *
- * Initialize an arbitrary PKCS\#11 module. Normally using the
- * p11_kit_initialize_registered() is preferred.
- *
- * Using this function to initialize modules allows coordination between
- * multiple users of the same module in a single process. It should be called
- * on modules that have been loaded (with dlopen() for example) but not yet
- * initialized. The caller should not yet have called the module's
- * <code>C_Initialize</code> method. This function will call
- * <code>C_Initialize</code> as necessary.
- *
- * Subsequent calls to this function for the same module will result in an
- * initialization count being incremented for the module. It is safe (although
- * usually unnecessary) to use this function on registered modules.
- *
- * The module must be finalized with p11_kit_finalize_module() instead of
- * calling its <code>C_Finalize</code> method directly.
- *
- * This function does not accept a <code>CK_C_INITIALIZE_ARGS</code> argument.
- * Custom initialization arguments cannot be supported when multiple consumers
- * load the same module.
- *
- * If this function fails, then an error message will be available via the
- * p11_kit_message() function.
- *
- * Deprecated: Since 0.19.0: Use p11_kit_module_initialize() instead.
- *
- * Returns: CKR_OK if the initialization was successful.
- */
-CK_RV
-p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module)
-{
- CK_FUNCTION_LIST_PTR result;
- Module *mod;
- int flags;
- CK_RV rv;
-
- return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD);
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant for the same arguments */
- p11_debug ("in");
-
- p11_lock ();
-
- p11_message_clear ();
-
- flags = P11_KIT_MODULE_CRITICAL | P11_KIT_MODULE_UNMANAGED;
- rv = p11_module_load_inlock_reentrant (module, flags, &result);
-
- /* An unmanaged module should return the same pointer */
- assert (rv != CKR_OK || result == module);
-
- if (rv == CKR_OK) {
- mod = p11_dict_get (gl.unmanaged_by_funcs, module);
- assert (mod != NULL);
- rv = initialize_module_inlock_reentrant (mod, NULL);
- if (rv != CKR_OK) {
- p11_message ("module initialization failed: %s", p11_kit_strerror (rv));
- p11_module_release_inlock_reentrant (module);
- }
- }
-
- p11_unlock ();
-
- p11_debug ("out: %lu", rv);
- return rv;
-}
-
-CK_RV
-p11_module_load_inlock_reentrant (CK_FUNCTION_LIST *module,
- int flags,
- CK_FUNCTION_LIST **result)
-{
- Module *allocated = NULL;
- Module *mod;
- CK_RV rv = CKR_OK;
-
- rv = init_globals_unlocked ();
- if (rv == CKR_OK) {
-
- mod = p11_dict_get (gl.unmanaged_by_funcs, module);
- if (mod == NULL) {
- p11_debug ("allocating new module");
- allocated = mod = alloc_module_unlocked ();
- return_val_if_fail (mod != NULL, CKR_HOST_MEMORY);
- p11_virtual_init (&mod->virt, &p11_virtual_base, module, NULL);
- }
-
- /* If this was newly allocated, add it to the list */
- if (allocated) {
- if (!p11_dict_set (gl.modules, allocated, allocated) ||
- !p11_dict_set (gl.unmanaged_by_funcs, module, allocated))
- return_val_if_reached (CKR_HOST_MEMORY);
- allocated = NULL;
- }
-
- /* WARNING: Reentrancy can occur here */
- rv = prepare_module_inlock_reentrant (mod, flags, result);
-
- free (allocated);
- }
-
- /*
- * If initialization failed, we may need to cleanup.
- * If we added this module above, then this will
- * clean things up as expected.
- */
- if (rv != CKR_OK)
- free_modules_when_no_refs_unlocked ();
-
- _p11_kit_default_message (rv);
- return rv;
-}
-
-/**
- * p11_kit_module_load:
- * @module_path: relative or full file path of module library
- * @flags: flags to use when loading the module
- *
- * Load an arbitrary PKCS\#11 module from a dynamic library file, and
- * initialize it. Normally using the p11_kit_modules_load() function
- * is preferred.
- *
- * A full file path or just (path/)filename relative to
- * P11_MODULE_PATH are accepted.
- *
- * Using this function to load modules allows coordination between multiple
- * callers of the same module in a single process. If @flags contains the
- * %P11_KIT_MODULE_UNMANAGED flag, then the modules will be not be loaded
- * in 'managed' mode and not be coordinated. This is not recommended
- * for general usage.
- *
- * Subsequent calls to this function for the same module will result in an
- * initialization count being incremented for the module. It is safe (although
- * usually unnecessary) to use this function on registered modules.
- *
- * The module should be released with p11_kit_module_release().
- *
- * If this function fails, then an error message will be available via the
- * p11_kit_message() function.
- *
- * Returns: the loaded module PKCS\#11 functions or %NULL on failure
- */
-CK_FUNCTION_LIST *
-p11_kit_module_load (const char *module_path,
- int flags)
-{
- CK_FUNCTION_LIST *module = NULL;
- CK_RV rv;
- Module *mod;
-
- return_val_if_fail (module_path != NULL, NULL);
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant for the same arguments */
- p11_debug ("in: %s", module_path);
-
- p11_lock ();
-
- p11_message_clear ();
-
- rv = init_globals_unlocked ();
- if (rv == CKR_OK) {
-
- rv = load_module_from_file_inlock (NULL, module_path, &mod);
- if (rv == CKR_OK) {
- /* WARNING: Reentrancy can occur here */
- rv = prepare_module_inlock_reentrant (mod, flags, &module);
- if (rv != CKR_OK)
- module = NULL;
- }
- }
-
- /*
- * If initialization failed, we may need to cleanup.
- * If we added this module above, then this will
- * clean things up as expected.
- */
- if (rv != CKR_OK)
- free_modules_when_no_refs_unlocked ();
-
- p11_unlock ();
-
- p11_debug ("out: %s", module ? "success" : "fail");
- return module;
-
-}
-
-/**
- * p11_kit_finalize_module:
- * @module: loaded module to finalize.
- *
- * Finalize an arbitrary PKCS\#11 module. The module must have been initialized
- * using p11_kit_initialize_module(). In most cases callers will want to use
- * p11_kit_finalize_registered() instead of this function.
- *
- * Using this function to finalize modules allows coordination between
- * multiple users of the same module in a single process. The caller should not
- * call the module's <code>C_Finalize</code> method. This function will call
- * <code>C_Finalize</code> as necessary.
- *
- * If the module was initialized more than once, then this function will
- * decrement an initialization count for the module. When the count reaches zero
- * the module will be truly finalized. It is safe (although usually unnecessary)
- * to use this function on registered modules if (and only if) they were
- * initialized using p11_kit_initialize_module() for some reason.
- *
- * If this function fails, then an error message will be available via the
- * p11_kit_message() function.
- *
- * Deprecated: Since 0.19.0: Use p11_kit_module_finalize() and
- * p11_kit_module_release() instead.
- *
- * Returns: CKR_OK if the finalization was successful.
- */
-CK_RV
-p11_kit_finalize_module (CK_FUNCTION_LIST *module)
-{
- Module *mod;
- CK_RV rv = CKR_OK;
-
- return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD);
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant for the same arguments */
- p11_debug ("in");
-
- p11_lock ();
-
- p11_message_clear ();
-
- mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL;
- if (mod == NULL) {
- p11_debug ("module not found");
- rv = CKR_ARGUMENTS_BAD;
- } else {
- /* WARNING: Rentrancy can occur here */
- rv = finalize_module_inlock_reentrant (mod);
- }
-
- _p11_kit_default_message (rv);
-
- p11_unlock ();
-
- p11_debug ("out: %lu", rv);
- return rv;
-}
-
-/**
- * p11_kit_module_initialize:
- * @module: the module to initialize
- *
- * Initialize a PKCS\#11 module by calling its <literal>C_Initialize</literal>
- * function.
- *
- * For managed modules the <literal>C_Initialize</literal> function
- * is overridden so that multiple callers can initialize the same
- * modules. In addition for managed modules multiple callers can
- * initialize from different threads, and still guarantee consistent
- * thread-safe behavior.
- *
- * For unmanaged modules if multiple callers try to initialize
- * a module, then one of the calls will return
- * <literal>CKR_CRYPTOKI_ALREADY_INITIALIZED</literal> according to the
- * PKCS\#11 specification. In addition there are no guarantees that
- * thread-safe behavior will occur if multiple callers initialize from
- * different threads.
- *
- * This function does not accept a <code>CK_C_INITIALIZE_ARGS</code> argument.
- * Custom initialization arguments cannot be supported when multiple consumers
- * load the same module.
- *
- * Returns: <literal>CKR_OK</literal> or a failure code
- */
-CK_RV
-p11_kit_module_initialize (CK_FUNCTION_LIST *module)
-{
- char *name;
- CK_RV rv;
-
- return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD);
-
- rv = module->C_Initialize (NULL);
- if (rv != CKR_OK) {
- name = p11_kit_module_get_name (module);
- p11_message ("%s: module failed to initialize: %s",
- name ? name : "(unknown)", p11_kit_strerror (rv));
- free (name);
- }
-
- return rv;
-}
-
-/**
- * p11_kit_module_finalize:
- * @module: the module to finalize
- *
- * Finalize a PKCS\#11 module by calling its <literal>C_Finalize</literal>
- * function.
- *
- * For managed modules the <literal>C_Finalize</literal> function
- * is overridden so that multiple callers can finalize the same
- * modules. In addition for managed modules multiple callers can
- * finalize from different threads, and still guarantee consistent
- * thread-safe behavior.
- *
- * For unmanaged modules if multiple callers try to finalize
- * a module, then one of the calls will return
- * <literal>CKR_CRYPTOKI_NOT_INITIALIZED</literal> according to the
- * PKCS\#11 specification. In addition there are no guarantees that
- * thread-safe behavior will occur if multiple callers finalize from
- * different threads.
- *
- * Returns: <literal>CKR_OK</literal> or a failure code
- */
-CK_RV
-p11_kit_module_finalize (CK_FUNCTION_LIST *module)
-{
- char *name;
- CK_RV rv;
-
- return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD);
-
- rv = module->C_Finalize (NULL);
- if (rv != CKR_OK) {
- name = p11_kit_module_get_name (module);
- p11_message ("%s: module failed to finalize: %s",
- name ? name : "(unknown)", p11_kit_strerror (rv));
- free (name);
- }
-
- return rv;
-
-}
-
-
-/**
- * p11_kit_module_release:
- * @module: the module to release
- *
- * Release the a loaded PKCS\#11 modules.
- *
- * The module may be either managed or unmanaged. The <literal>C_Finalize</literal>
- * function will be called if no other callers are using this module.
- */
-void
-p11_kit_module_release (CK_FUNCTION_LIST *module)
-{
- return_if_fail (module != NULL);
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant for the same arguments */
- p11_debug ("in");
-
- p11_lock ();
-
- p11_message_clear ();
-
- release_module_inlock_rentrant (module, __PRETTY_FUNCTION__);
-
- p11_unlock ();
-
- p11_debug ("out");
-}
-
-CK_RV
-p11_module_release_inlock_reentrant (CK_FUNCTION_LIST *module)
-{
- return release_module_inlock_rentrant (module, __PRETTY_FUNCTION__);
-}
-
-/**
- * p11_kit_load_initialize_module:
- * @module_path: full file path of module library
- * @module: location to place loaded module pointer
- *
- * Load an arbitrary PKCS\#11 module from a dynamic library file, and
- * initialize it. Normally using the p11_kit_initialize_registered() function
- * is preferred.
- *
- * Using this function to load and initialize modules allows coordination between
- * multiple users of the same module in a single process. The caller should not
- * call the module's <code>C_Initialize</code> method. This function will call
- * <code>C_Initialize</code> as necessary.
- *
- * If a module has already been loaded, then use of this function is unnecesasry.
- * Instead use the p11_kit_initialize_module() function to initialize it.
- *
- * Subsequent calls to this function for the same module will result in an
- * initialization count being incremented for the module. It is safe (although
- * usually unnecessary) to use this function on registered modules.
- *
- * The module must be finalized with p11_kit_finalize_module() instead of
- * calling its <code>C_Finalize</code> method directly.
- *
- * This function does not accept a <code>CK_C_INITIALIZE_ARGS</code> argument.
- * Custom initialization arguments cannot be supported when multiple consumers
- * load the same module.
- *
- * If this function fails, then an error message will be available via the
- * p11_kit_message() function.
- *
- * Deprecated: Since 0.19.0: Use p11_kit_module_load() instead.
- *
- * Returns: CKR_OK if the initialization was successful.
- */
-CK_RV
-p11_kit_load_initialize_module (const char *module_path,
- CK_FUNCTION_LIST_PTR_PTR module)
-{
- Module *mod;
- CK_RV rv = CKR_OK;
-
- return_val_if_fail (module_path != NULL, CKR_ARGUMENTS_BAD);
- return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD);
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant for the same arguments */
- p11_debug ("in: %s", module_path);
-
- p11_lock ();
-
- p11_message_clear ();
-
- rv = init_globals_unlocked ();
- if (rv == CKR_OK) {
-
- rv = load_module_from_file_inlock (NULL, module_path, &mod);
- if (rv == CKR_OK) {
-
- /* WARNING: Reentrancy can occur here */
- rv = initialize_module_inlock_reentrant (mod, NULL);
- }
- }
-
- if (rv == CKR_OK && module) {
- *module = unmanaged_for_module_inlock (mod);
- assert (*module != NULL);
- }
-
- /*
- * If initialization failed, we may need to cleanup.
- * If we added this module above, then this will
- * clean things up as expected.
- */
- if (rv != CKR_OK)
- free_modules_when_no_refs_unlocked ();
-
- _p11_kit_default_message (rv);
-
- p11_unlock ();
-
- p11_debug ("out: %lu", rv);
- return rv;
-}
diff --git a/p11-kit/modules.h b/p11-kit/modules.h
deleted file mode 100644
index ca8dac3..0000000
--- a/p11-kit/modules.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef __P11_MODULES_H__
-#define __P11_MODULES_H__
-
-#include "pkcs11.h"
-
-CK_RV p11_modules_load_inlock_reentrant (int flags,
- CK_FUNCTION_LIST_PTR **results);
-
-CK_RV p11_modules_release_inlock_reentrant (CK_FUNCTION_LIST_PTR *modules);
-
-CK_RV p11_module_load_inlock_reentrant (CK_FUNCTION_LIST_PTR module,
- int flags,
- CK_FUNCTION_LIST_PTR *result);
-
-CK_RV p11_module_release_inlock_reentrant (CK_FUNCTION_LIST_PTR module);
-
-#endif /* __P11_MODULES_H__ */
diff --git a/p11-kit/p11-kit-1.pc.in b/p11-kit/p11-kit-1.pc.in
deleted file mode 100644
index d0d378d..0000000
--- a/p11-kit/p11-kit-1.pc.in
+++ /dev/null
@@ -1,22 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-datarootdir=@datarootdir@
-datadir=@datadir@
-pkgdatadir=@datadir@/p11-kit
-sysconfdir=@sysconfdir@
-p11_module_configs=@p11_package_config_modules@
-p11_module_path=@p11_module_path@
-proxy_module=@libdir@/p11-kit-proxy.so
-
-# This is for compatibility. Other packages were using this to determine
-# the directory they should install their module configs to, so override
-# this and redirect them to the new location
-p11_system_config_modules=@p11_package_config_modules@
-
-Name: p11-kit
-Description: Library and proxy module for properly loading and sharing PKCS#11 modules.
-Version: @VERSION@
-Libs: -L${libdir} -lp11-kit
-Cflags: -I${includedir}/p11-kit-1
diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c
deleted file mode 100644
index a7b9212..0000000
--- a/p11-kit/p11-kit.c
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#include "debug.h"
-#include "message.h"
-#include "path.h"
-#include "p11-kit.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <errno.h>
-#include <getopt.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include "tool.h"
-
-int p11_kit_list_modules (int argc,
- char *argv[]);
-
-int p11_kit_trust (int argc,
- char *argv[]);
-
-int p11_kit_external (int argc,
- char *argv[]);
-
-static const p11_tool_command commands[] = {
- { "list-modules", p11_kit_list_modules, "List modules and tokens" },
- { "remote", p11_kit_external, "Run a specific PKCS#11 module remotely" },
- { P11_TOOL_FALLBACK, p11_kit_external, NULL },
- { 0, }
-};
-
-int
-p11_kit_trust (int argc,
- char *argv[])
-{
- char **args;
-
- args = calloc (argc + 2, sizeof (char *));
- return_val_if_fail (args != NULL, 1);
-
- args[0] = BINDIR "/trust";
- memcpy (args + 1, argv, sizeof (char *) * argc);
- args[argc + 1] = NULL;
-
- execv (args[0], args);
-
- /* At this point we have no command */
- p11_message_err (errno, "couldn't run trust tool");
-
- free (args);
- return 2;
-}
-
-int
-p11_kit_external (int argc,
- char *argv[])
-{
- const char *private_dir;
- char *filename;
- char *path;
-
- /* These are trust commands, send them to that tool */
- if (strcmp (argv[0], "extract") == 0) {
- return p11_kit_trust (argc, argv);
- } else if (strcmp (argv[0], "extract-trust") == 0) {
- argv[0] = "extract-compat";
- return p11_kit_trust (argc, argv);
- }
-
- if (asprintf (&filename, "p11-kit-%s", argv[0]) < 0)
- return_val_if_reached (1);
-
- private_dir = secure_getenv ("P11_KIT_PRIVATEDIR");
- if (!private_dir || !private_dir[0])
- private_dir = PRIVATEDIR;
-
- /* Add our libexec directory to the path */
- path = p11_path_build (private_dir, filename, NULL);
- return_val_if_fail (path != NULL, 1);
-
- argv[argc] = NULL;
- execv (path, argv);
-
- /* At this point we have no command */
- p11_message ("'%s' is not a valid command. See 'p11-kit --help'", argv[0]);
-
- free (filename);
- free (path);
- return 2;
-}
-
-int
-main (int argc,
- char *argv[])
-{
- return p11_tool_main (argc, argv, commands);
-}
diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h
deleted file mode 100644
index a266c35..0000000
--- a/p11-kit/p11-kit.h
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __P11_KIT_H__
-#define __P11_KIT_H__
-
-#include "p11-kit/pkcs11.h"
-
-/*
- * If the caller is using the PKCS#11 GNU calling convention, then we cater
- * to that here.
- */
-#ifdef CRYPTOKI_GNU
-typedef ck_rv_t CK_RV;
-typedef struct ck_function_list* CK_FUNCTION_LIST_PTR;
-typedef struct ck_function_list CK_FUNCTION_LIST;
-#endif
-
-#include "p11-kit/deprecated.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-enum {
- P11_KIT_MODULE_UNMANAGED = 1 << 0,
- P11_KIT_MODULE_CRITICAL = 1 << 1,
- P11_KIT_MODULE_TRUSTED = 1 << 2,
-};
-
-typedef void (* p11_kit_destroyer) (void *data);
-
-CK_FUNCTION_LIST ** p11_kit_modules_load (const char *reserved,
- int flags);
-
-CK_RV p11_kit_modules_initialize (CK_FUNCTION_LIST **modules,
- p11_kit_destroyer failure_callback);
-
-CK_FUNCTION_LIST ** p11_kit_modules_load_and_initialize (int flags);
-
-CK_RV p11_kit_modules_finalize (CK_FUNCTION_LIST **modules);
-
-void p11_kit_modules_release (CK_FUNCTION_LIST **modules);
-
-void p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules);
-
-CK_FUNCTION_LIST * p11_kit_module_for_name (CK_FUNCTION_LIST **modules,
- const char *name);
-
-char * p11_kit_module_get_filename (CK_FUNCTION_LIST *module);
-char * p11_kit_module_get_name (CK_FUNCTION_LIST *module);
-
-int p11_kit_module_get_flags (CK_FUNCTION_LIST *module);
-
-CK_FUNCTION_LIST * p11_kit_module_load (const char *module_path,
- int flags);
-
-CK_RV p11_kit_module_initialize (CK_FUNCTION_LIST *module);
-
-CK_RV p11_kit_module_finalize (CK_FUNCTION_LIST *module);
-
-void p11_kit_module_release (CK_FUNCTION_LIST *module);
-
-char * p11_kit_config_option (CK_FUNCTION_LIST *module,
- const char *option);
-
-const char* p11_kit_strerror (CK_RV rv);
-
-size_t p11_kit_space_strlen (const unsigned char *string,
- size_t max_length);
-
-char* p11_kit_space_strdup (const unsigned char *string,
- size_t max_length);
-
-void p11_kit_be_quiet (void);
-
-void p11_kit_be_loud (void);
-
-#ifdef P11_KIT_FUTURE_UNSTABLE_API
-
-void p11_kit_set_progname (const char *progname);
-
-#endif
-
-const char * p11_kit_message (void);
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* __P11_KIT_H__ */
diff --git a/p11-kit/pin.c b/p11-kit/pin.c
deleted file mode 100644
index 2fca6bc..0000000
--- a/p11-kit/pin.c
+++ /dev/null
@@ -1,704 +0,0 @@
-/*
- * Copyright (C) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_PIN
-#include "debug.h"
-#include "dict.h"
-#include "library.h"
-#include "message.h"
-#include "pkcs11.h"
-#include "p11-kit.h"
-#include "pin.h"
-#include "private.h"
-#include "array.h"
-
-#include <assert.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-/**
- * SECTION:p11-kit-pin
- * @title: PIN Callbacks
- * @short_description: PIN Callbacks
- *
- * Applications can register a callback which will be called to provide a
- * password associated with a given pin source.
- *
- * PKCS\#11 URIs can contain a 'pin-source' attribute. The value of this attribute
- * is application dependent, but often references a file containing a PIN to
- * use.
- *
- * Using these functions, an applications or libraries can register a
- * callback with p11_kit_pin_register_callback() to be called when a given
- * 'pin-source' attribute value is requested. The application can then prompt
- * the user or retrieve a PIN for the given context. These registered
- * callbacks are only relevant and valid within the current process.
- *
- * A fallback callback can be registered by passing the %P11_KIT_PIN_FALLBACK
- * value to p11_kit_pin_register_callback(). This fallback callback will be
- * called for every 'pin-source' attribute request for which no callback has been
- * directly registered.
- *
- * To request a PIN for a given 'pin-source' attribute, use the
- * p11_kit_pin_request() function. If this function returns %NULL then either
- * no callbacks were registered or none of them could handle the request.
- *
- * If multiple callbacks are registered for the same PIN source, then they are
- * called in last-registered-first-called order. They are called in turn until
- * one of them can handle the request. Fallback callbacks are not called if
- * a callback was registered specifically for a requested 'pin-source' attribute.
- *
- * PINs themselves are handled inside of P11KitPin structures. These are thread
- * safe and allow the callback to specify how the PIN is stored in memory
- * and freed. A callback can use p11_kit_pin_new_for_string() or related
- * functions to create a PIN to be returned.
- *
- * For example in order to handle the following PKCS\#11 URI with a 'pin-source'
- * attribute
- *
- * <code><literallayout>
- * pkcs11:id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91;pin-source=my-application
- * </literallayout></code>
- *
- * an application could register a callback like this:
- *
- * <informalexample><programlisting>
- * static P11KitPin*
- * my_application_pin_callback (const char *pin_source, P11KitUri *pin_uri,
- * const char *pin_description, P11KitPinFlags pin_flags,
- * void *callback_data)
- * {
- * return p11_kit_pin_new_from_string ("pin-value");
- * }
- *
- * p11_kit_pin_register_callback ("my-application", my_application_pin_callback,
- * NULL, NULL);
- * </programlisting></informalexample>
- */
-
-/**
- * P11KitPinFlags:
- * @P11_KIT_PIN_FLAGS_USER_LOGIN: The PIN is for a PKCS\#11 user type login.
- * @P11_KIT_PIN_FLAGS_SO_LOGIN: The PIN is for a PKCS\#11 security officer type login.
- * @P11_KIT_PIN_FLAGS_CONTEXT_LOGIN: The PIN is for a PKCS\#11 contect specific type login.
- * @P11_KIT_PIN_FLAGS_RETRY: The PIN is being requested again, due to an invalid previous PIN.
- * @P11_KIT_PIN_FLAGS_MANY_TRIES: The PIN has failed too many times, and few tries are left.
- * @P11_KIT_PIN_FLAGS_FINAL_TRY: The PIN has failed too many times, and this is the last try.
- *
- * Flags that are passed to p11_kit_pin_request() and registered callbacks.
- */
-
-/**
- * P11_KIT_PIN_FALLBACK:
- *
- * Used with p11_kit_pin_register_callback() to register a fallback callback.
- * This callback will be called if no other callback is registered for a 'pin-source'.
- */
-
-typedef struct _PinCallback {
- /* Only used/modified within the lock */
- int refs;
-
- /* Readonly after construct */
- p11_kit_pin_callback func;
- void *user_data;
- p11_kit_pin_destroy_func destroy;
-} PinCallback;
-
-/*
- * Shared data between threads, protected by the mutex, a structure so
- * we can audit thread safety easier.
- */
-static struct _Shared {
- p11_dict *pin_sources;
-} gl = { NULL };
-
-static void*
-ref_pin_callback (void *pointer)
-{
- PinCallback *cb = pointer;
- cb->refs++;
- return pointer;
-}
-
-static void
-unref_pin_callback (void *pointer)
-{
- PinCallback *cb = pointer;
- assert (cb->refs >= 1);
-
- cb->refs--;
- if (cb->refs == 0) {
- if (cb->destroy)
- (cb->destroy) (cb->user_data);
- free (cb);
- }
-}
-
-static bool
-register_callback_unlocked (const char *pin_source,
- PinCallback *cb)
-{
- p11_array *callbacks = NULL;
- char *name;
-
- name = strdup (pin_source);
- return_val_if_fail (name != NULL, false);
-
- if (gl.pin_sources == NULL) {
- gl.pin_sources = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal,
- free, (p11_destroyer)p11_array_free);
- return_val_if_fail (gl.pin_sources != NULL, false);
- }
-
- if (gl.pin_sources != NULL)
- callbacks = p11_dict_get (gl.pin_sources, name);
-
- if (callbacks == NULL) {
- callbacks = p11_array_new (unref_pin_callback);
- return_val_if_fail (callbacks != NULL, false);
- if (!p11_dict_set (gl.pin_sources, name, callbacks))
- return_val_if_reached (false);
- name = NULL;
- }
-
- if (!p11_array_push (callbacks, cb))
- return_val_if_reached (false);
-
- free (name);
- return true;
-}
-
-/**
- * p11_kit_pin_register_callback:
- * @pin_source: the 'pin-source' attribute this this callback is for
- * @callback: the callback function
- * @callback_data: data that will be passed to the callback
- * @callback_destroy: a function that will be called with @callback_data when
- * the callback is unregistered.
- *
- * Register a callback to handle PIN requests for a given 'pin-source' attribute.
- * If @pin_source is set to P11_KIT_PIN_FALLBACK then this will be a fallback
- * callback and will be called for requests for which no other callback has
- * been specifically registered.
- *
- * If multiple callbacks are registered for the same @pin_source value, then
- * the last registered callback will be the first to be called.
- *
- * Returns: Returns negative if registering fails.
- */
-int
-p11_kit_pin_register_callback (const char *pin_source,
- p11_kit_pin_callback callback,
- void *callback_data,
- p11_kit_pin_destroy_func callback_destroy)
-{
- PinCallback *cb;
- bool ret;
-
- return_val_if_fail (pin_source != NULL, -1);
- return_val_if_fail (callback != NULL, -1);
-
- cb = calloc (1, sizeof (PinCallback));
- return_val_if_fail (cb != NULL, -1);
-
- cb->refs = 1;
- cb->func = callback;
- cb->user_data = callback_data;
- cb->destroy = callback_destroy;
-
- p11_lock ();
-
- ret = register_callback_unlocked (pin_source, cb);
-
- p11_unlock ();
-
- return ret ? 0 : -1;
-}
-
-/**
- * p11_kit_pin_unregister_callback:
- * @pin_source: the 'pin-source' attribute the callback was registered for
- * @callback: the callback function that was registered
- * @callback_data: data that was registered for the callback
- *
- * Unregister a callback that was previously registered with the
- * p11_kit_pin_register_callback() function. If more than one registered
- * callback matches the given arguments, then only one of those will be
- * removed.
- */
-void
-p11_kit_pin_unregister_callback (const char *pin_source,
- p11_kit_pin_callback callback,
- void *callback_data)
-{
- PinCallback *cb;
- p11_array *callbacks;
- unsigned int i;
-
- return_if_fail (pin_source != NULL);
- return_if_fail (callback != NULL);
-
- p11_lock ();
-
- if (gl.pin_sources) {
- callbacks = p11_dict_get (gl.pin_sources, pin_source);
- if (callbacks) {
- for (i = 0; i < callbacks->num; i++) {
- cb = callbacks->elem[i];
- if (cb->func == callback && cb->user_data == callback_data) {
- p11_array_remove (callbacks, i);
- break;
- }
- }
-
- if (callbacks->num == 0)
- p11_dict_remove (gl.pin_sources, pin_source);
- }
-
- /* When there are no more pin sources, get rid of the hash table */
- if (p11_dict_size (gl.pin_sources) == 0) {
- p11_dict_free (gl.pin_sources);
- gl.pin_sources = NULL;
- }
- }
-
- p11_unlock ();
-}
-
-/**
- * p11_kit_pin_request:
- * @pin_source: the 'pin-source' attribute that is being requested
- * @pin_uri: a PKCS\#11 URI that the PIN is being requested for, optionally %NULL.
- * @pin_description: a description of what the PIN is for, must not be %NULL.
- * @pin_flags: various flags for this request
- *
- * Request a PIN for a given 'pin-source' attribute. The result depends on the
- * registered callbacks.
- *
- * If not %NULL, then the @pin_uri attribute should point to the thing that the
- * PIN is being requested for. In most use cases this should be a PKCS\#11 URI
- * pointing to a token.
- *
- * The @pin_description should always be specified. It is a string describing
- * what the PIN is for. For example this would be the token label, if the PIN
- * is for a token.
- *
- * If more than one callback is registered for the @pin_source, then the latest
- * registered one will be called first. If that callback does not return a
- * PIN, then the next will be called in turn.
- *
- * If no callback is registered for @pin_source, then the fallback callbacks will
- * be invoked in the same way. The fallback callbacks will not be called if any
- * callback has been registered specifically for @pin_source.
- *
- * The PIN returned should be released with p11_kit_pin_unref().
- *
- * Returns: the PIN which should be released with p11_kit_pin_unref(), or %NULL
- * if no callback was registered or could proivde a PIN
- */
-P11KitPin *
-p11_kit_pin_request (const char *pin_source,
- P11KitUri *pin_uri,
- const char *pin_description,
- P11KitPinFlags pin_flags)
-{
- PinCallback **snapshot = NULL;
- unsigned int snapshot_count = 0;
- p11_array *callbacks;
- P11KitPin *pin;
- unsigned int i;
-
- return_val_if_fail (pin_source != NULL, NULL);
-
- p11_lock ();
-
- /* Find and ref the pin source data */
- if (gl.pin_sources) {
- callbacks = p11_dict_get (gl.pin_sources, pin_source);
-
- /* If we didn't find any snapshots try the global ones */
- if (callbacks == NULL)
- callbacks = p11_dict_get (gl.pin_sources, P11_KIT_PIN_FALLBACK);
-
- if (callbacks != NULL && callbacks->num) {
- snapshot = memdup (callbacks->elem, sizeof (void *) * callbacks->num);
- snapshot_count = callbacks->num;
- for (i = 0; snapshot && i < snapshot_count; i++)
- ref_pin_callback (snapshot[i]);
- }
- }
-
- p11_unlock ();
-
- if (snapshot == NULL)
- return NULL;
-
- for (pin = NULL, i = snapshot_count; pin == NULL && i > 0; i--) {
- pin = (snapshot[i - 1]->func) (pin_source, pin_uri, pin_description, pin_flags,
- snapshot[i - 1]->user_data);
- }
-
- p11_lock ();
- for (i = 0; i < snapshot_count; i++)
- unref_pin_callback (snapshot[i]);
- free (snapshot);
- p11_unlock ();
-
- return pin;
-}
-
-/**
- * p11_kit_pin_callback:
- * @pin_source: a 'pin-source' attribute string
- * @pin_uri: a PKCS\#11 URI that the PIN is for, or %NULL
- * @pin_description: a descrption of what the PIN is for
- * @pin_flags: flags describing the PIN request
- * @callback_data: data that was provided when registering this callback
- *
- * Represents a PIN callback function.
- *
- * The various arguments are the same as the ones passed to
- * p11_kit_pin_request(). The @callback_data argument was the one passed to
- * p11_kit_pin_register_callback() when registering this callback.
- *
- * The function should return %NULL if it could not provide a PIN, either
- * because of an error or a user cancellation.
- *
- * If a PIN is returned, it will be unreferenced by the caller. So it should be
- * either newly allocated, or referenced before returning.
- *
- * Returns: A PIN or %NULL
- */
-
-/**
- * p11_kit_pin_destroy_func:
- * @data: the data to destroy
- *
- * A function called to free or cleanup @data.
- */
-
-/**
- * p11_kit_pin_file_callback:
- * @pin_source: a 'pin-source' attribute string
- * @pin_uri: a PKCS\#11 URI that the PIN is for, or %NULL
- * @pin_description: a descrption of what the PIN is for
- * @pin_flags: flags describing the PIN request
- * @callback_data: unused, should be %NULL
- *
- * This is a PIN callback function that looks up the 'pin-source' attribute in
- * a file with that name. This can be used to enable the normal PKCS\#11 URI
- * behavior described in the RFC.
- *
- * If @pin_flags contains the %P11_KIT_PIN_FLAGS_RETRY flag, then this
- * callback will always return %NULL. This is to prevent endless loops
- * where an application is expecting to interact with a prompter, but
- * instead is interacting with this callback reading a file over and over.
- *
- * This callback fails on files larger than 4 Kilobytes.
- *
- * This callback is not registered by default. It may have security
- * implications depending on the source of the PKCS\#11 URI and the PKCS\#11
- * in use. To register it, use code like the following:
- *
- * <informalexample><programlisting>
- * p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
- * NULL, NULL);
- * </programlisting></informalexample>
- *
- * Returns: a referenced PIN with the file contents, or %NULL if the file
- * could not be read
- */
-P11KitPin *
-p11_kit_pin_file_callback (const char *pin_source,
- P11KitUri *pin_uri,
- const char *pin_description,
- P11KitPinFlags pin_flags,
- void *callback_data)
-{
- const size_t block = 1024;
- unsigned char *buffer;
- unsigned char *memory;
- size_t used, allocated;
- int error = 0;
- int fd;
- int res;
-
- return_val_if_fail (pin_source != NULL, NULL);
-
- /* We don't support retries */
- if (pin_flags & P11_KIT_PIN_FLAGS_RETRY)
- return NULL;
-
- fd = open (pin_source, O_BINARY | O_RDONLY | O_CLOEXEC);
- if (fd == -1)
- return NULL;
-
- buffer = NULL;
- used = 0;
- allocated = 0;
-
- for (;;) {
- if (used + block > 4096) {
- error = EFBIG;
- break;
- }
- if (used + block > allocated) {
- memory = realloc (buffer, used + block);
- if (memory == NULL) {
- error = ENOMEM;
- break;
- }
- buffer = memory;
- allocated = used + block;
- }
-
- res = read (fd, buffer + used, allocated - used);
- if (res < 0) {
- if (errno == EAGAIN)
- continue;
- error = errno;
- break;
- } else if (res == 0) {
- break;
- } else {
- used += res;
- }
- }
-
- close (fd);
-
- if (error != 0) {
- free (buffer);
- errno = error;
- return NULL;
- }
-
- return p11_kit_pin_new_for_buffer (buffer, used, free);
-}
-
-/**
- * P11KitPin:
- *
- * A structure representing a PKCS\#11 PIN. There are no public fields
- * visible in this structure. Use the various accessor functions.
- */
-struct p11_kit_pin {
- int ref_count;
- unsigned char *buffer;
- size_t length;
- p11_kit_pin_destroy_func destroy;
-};
-
-/**
- * p11_kit_pin_new:
- * @value: the value of the PIN
- * @length: the length of @value
- *
- * Create a new P11KitPin with the given PIN value. This function is
- * usually used from within registered PIN callbacks.
- *
- * Exactly @length bytes from @value are used. Null terminated strings,
- * or encodings are not considered. A copy of the @value will be made.
- *
- * Returns: The newly allocated P11KitPin, which should be freed with
- * p11_kit_pin_unref() when no longer needed.
- */
-P11KitPin *
-p11_kit_pin_new (const unsigned char *value, size_t length)
-{
- unsigned char *copy;
- P11KitPin *pin;
-
- copy = malloc (length);
- return_val_if_fail (copy != NULL, NULL);
-
- memcpy (copy, value, length);
- pin = p11_kit_pin_new_for_buffer (copy, length, free);
- return_val_if_fail (pin != NULL, NULL);
-
- return pin;
-}
-
-/**
- * p11_kit_pin_new_for_string:
- * @value: the value of the PIN
- *
- * Create a new P11KitPin for the given null-terminated string, such as a
- * password. This function is usually used from within registered
- * PIN callbacks.
- *
- * The PIN will consist of the string not including the null terminator.
- * String encoding is not considered. A copy of the @value will be made.
- *
- * Returns: The newly allocated P11KitPin, which should be freed with
- * p11_kit_pin_unref() when no longer needed.
- */
-P11KitPin *
-p11_kit_pin_new_for_string (const char *value)
-{
- return p11_kit_pin_new ((const unsigned char *)value, strlen (value));
-}
-
-/**
- * p11_kit_pin_new_for_buffer:
- * @buffer: the value of the PIN
- * @length: the length of @buffer
- * @destroy: if not %NULL, then called when PIN is destroyed.
- *
- * Create a new P11KitPin which will use @buffer for the PIN value.
- * This function is usually used from within registered PIN callbacks.
- *
- * The buffer will not be copied. String encodings and null characters
- * are not considered.
- *
- * When the last reference to this PIN is lost, then the @destroy callback
- * function will be called passing @buffer as an argument. This allows the
- * caller to use a buffer as a PIN without copying it.
- *
- * <informalexample><programlisting>
- * char *buffer = malloc (128);
- * P11KitPin *pin;
- * ....
- * pin = p11_kit_pin_new_for_buffer (buffer, 128, free);
- * </programlisting></informalexample>
- *
- * Returns: The newly allocated P11KitPin, which should be freed with
- * p11_kit_pin_unref() when no longer needed.
- */
-P11KitPin *
-p11_kit_pin_new_for_buffer (unsigned char *buffer, size_t length,
- p11_kit_pin_destroy_func destroy)
-{
- P11KitPin *pin;
-
- pin = calloc (1, sizeof (P11KitPin));
- return_val_if_fail (pin != NULL, NULL);
-
- pin->ref_count = 1;
- pin->buffer = buffer;
- pin->length = length;
- pin->destroy = destroy;
-
- return pin;
-}
-
-/**
- * p11_kit_pin_get_value:
- * @pin: the P11KitPin
- * @length: a location to return the value length
- *
- * Get the PIN value from a P11KitPin. @length will be set to the
- * length of the value.
- *
- * The value returned is owned by the P11KitPin and should not be modified.
- * It remains valid as long as a reference to the PIN is held. The PIN value
- * will not contain an extra null-terminator character.
- *
- * Returns: the value for the PIN.
- */
-const unsigned char *
-p11_kit_pin_get_value (P11KitPin *pin, size_t *length)
-{
- if (length)
- *length = pin->length;
- return pin->buffer;
-}
-
-/**
- * p11_kit_pin_get_length
- * @pin: the P11KitPin
- *
- * Get the length of the PIN value from a P11KitPin.
- *
- * Returns: the length of the PIN value.
- */
-size_t
-p11_kit_pin_get_length (P11KitPin *pin)
-{
- return pin->length;
-}
-
-/**
- * p11_kit_pin_ref:
- * @pin: the P11KitPin
- *
- * Add a reference to a P11KitPin. This should be matched with a later call
- * to p11_kit_pin_unref(). As long as at least one reference is held, the PIN
- * will remain valid and in memory.
- *
- * Returns: the @pin pointer, for convenience sake.
- */
-P11KitPin *
-p11_kit_pin_ref (P11KitPin *pin)
-{
- p11_lock ();
-
- pin->ref_count++;
-
- p11_unlock ();
-
- return pin;
-}
-
-/**
- * p11_kit_pin_unref:
- * @pin: the P11KitPin
- *
- * Remove a reference from a P11KitPin. When all references have been removed
- * then the PIN will be freed and will no longer be in memory.
- */
-void
-p11_kit_pin_unref (P11KitPin *pin)
-{
- bool last = false;
-
- p11_lock ();
-
- last = (pin->ref_count == 1);
- pin->ref_count--;
-
- p11_unlock ();
-
- if (last) {
- if (pin->destroy)
- (pin->destroy) (pin->buffer);
- free (pin);
- }
-}
diff --git a/p11-kit/pin.h b/p11-kit/pin.h
deleted file mode 100644
index 3b6806d..0000000
--- a/p11-kit/pin.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef P11_KIT_PIN_H
-#define P11_KIT_PIN_H
-
-#include <p11-kit/uri.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct p11_kit_pin P11KitPin;
-
-typedef enum {
- P11_KIT_PIN_FLAGS_USER_LOGIN = 1<<0,
- P11_KIT_PIN_FLAGS_SO_LOGIN = 1<<1,
- P11_KIT_PIN_FLAGS_CONTEXT_LOGIN = 1<<2,
- P11_KIT_PIN_FLAGS_RETRY = 1<<3,
- P11_KIT_PIN_FLAGS_MANY_TRIES = 1<<4,
- P11_KIT_PIN_FLAGS_FINAL_TRY = 1<<5
-} P11KitPinFlags;
-
-#define P11_KIT_PIN_FALLBACK ""
-
-typedef void (*p11_kit_pin_destroy_func) (void *data);
-
-P11KitPin* p11_kit_pin_new (const unsigned char *value,
- size_t length);
-
-P11KitPin* p11_kit_pin_new_for_string (const char *value);
-
-P11KitPin* p11_kit_pin_new_for_buffer (unsigned char *buffer,
- size_t length,
- p11_kit_pin_destroy_func destroy);
-
-P11KitPin* p11_kit_pin_ref (P11KitPin *pin);
-
-void p11_kit_pin_unref (P11KitPin *pin);
-
-const unsigned char * p11_kit_pin_get_value (P11KitPin *pin,
- size_t *length);
-
-size_t p11_kit_pin_get_length (P11KitPin *pin);
-
-typedef P11KitPin* (*p11_kit_pin_callback) (const char *pin_source,
- P11KitUri *pin_uri,
- const char *pin_description,
- P11KitPinFlags pin_flags,
- void *callback_data);
-
-int p11_kit_pin_register_callback (const char *pin_source,
- p11_kit_pin_callback callback,
- void *callback_data,
- p11_kit_pin_destroy_func callback_destroy);
-
-void p11_kit_pin_unregister_callback (const char *pin_source,
- p11_kit_pin_callback callback,
- void *callback_data);
-
-P11KitPin* p11_kit_pin_request (const char *pin_source,
- P11KitUri *pin_uri,
- const char *pin_description,
- P11KitPinFlags pin_flags);
-
-P11KitPin* p11_kit_pin_file_callback (const char *pin_source,
- P11KitUri *pin_uri,
- const char *pin_description,
- P11KitPinFlags pin_flags,
- void *callback_data);
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* P11_KIT_URI_H */
diff --git a/p11-kit/pkcs11.conf.example.in b/p11-kit/pkcs11.conf.example.in
deleted file mode 100644
index 96d0a08..0000000
--- a/p11-kit/pkcs11.conf.example.in
+++ /dev/null
@@ -1,9 +0,0 @@
-# This is an example @p11_system_config_file@ file. Copy it into
-# place before use.
-
-# This setting controls whether to load user configuration from the
-# @p11_user_config@ directory. Possible values:
-# none: No user configuration
-# merge: Merge the user config over the system configuration (default)
-# only: Only user configuration, ignore system configuration
-user-config: merge
diff --git a/p11-kit/pkcs11.h b/p11-kit/pkcs11.h
deleted file mode 100644
index 245f379..0000000
--- a/p11-kit/pkcs11.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat, Inc
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-/*
- * This is so that we can use the path <p11-kit/pkcs11.h> in our installed
- * headers, but still have the actual file live in our common/ subdirectory.
- */
-
-#include "common/pkcs11.h"
diff --git a/p11-kit/print-messages.c b/p11-kit/print-messages.c
deleted file mode 100644
index 5870ad1..0000000
--- a/p11-kit/print-messages.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met);
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "p11-kit.h"
-
-int
-main (int argc, char *argv[])
-{
- if (argc != 1) {
- fprintf (stderr, "usage: print-messages\n");
- exit (2);
- }
-
- #define X(x) printf ("%s: %s\n", #x, p11_kit_strerror (x))
- X(CKR_CANCEL);
- X(CKR_FUNCTION_CANCELED);
- X(CKR_HOST_MEMORY);
- X(CKR_SLOT_ID_INVALID);
- X(CKR_GENERAL_ERROR);
- X(CKR_FUNCTION_FAILED);
- X(CKR_ARGUMENTS_BAD);
- X(CKR_NEED_TO_CREATE_THREADS);
- X(CKR_CANT_LOCK);
- X(CKR_ATTRIBUTE_READ_ONLY);
- X(CKR_ATTRIBUTE_SENSITIVE);
- X(CKR_ATTRIBUTE_TYPE_INVALID);
- X(CKR_ATTRIBUTE_VALUE_INVALID);
- X(CKR_DATA_INVALID);
- X(CKR_DATA_LEN_RANGE);
- X(CKR_DEVICE_ERROR);
- X(CKR_DEVICE_MEMORY);
- X(CKR_DEVICE_REMOVED);
- X(CKR_ENCRYPTED_DATA_INVALID);
- X(CKR_ENCRYPTED_DATA_LEN_RANGE);
- X(CKR_FUNCTION_NOT_SUPPORTED);
- X(CKR_KEY_HANDLE_INVALID);
- X(CKR_KEY_SIZE_RANGE);
- X(CKR_KEY_TYPE_INCONSISTENT);
- X(CKR_KEY_NOT_NEEDED);
- X(CKR_KEY_CHANGED);
- X(CKR_KEY_NEEDED);
- X(CKR_KEY_INDIGESTIBLE);
- X(CKR_KEY_FUNCTION_NOT_PERMITTED);
- X(CKR_KEY_NOT_WRAPPABLE);
- X(CKR_KEY_UNEXTRACTABLE);
- X(CKR_MECHANISM_INVALID);
- X(CKR_MECHANISM_PARAM_INVALID);
- X(CKR_OBJECT_HANDLE_INVALID);
- X(CKR_OPERATION_ACTIVE);
- X(CKR_OPERATION_NOT_INITIALIZED);
- X(CKR_PIN_INCORRECT);
- X(CKR_PIN_INVALID);
- X(CKR_PIN_LEN_RANGE);
- X(CKR_PIN_EXPIRED);
- X(CKR_PIN_LOCKED);
- X(CKR_SESSION_CLOSED);
- X(CKR_SESSION_COUNT);
- X(CKR_SESSION_HANDLE_INVALID);
- X(CKR_SESSION_READ_ONLY);
- X(CKR_SESSION_EXISTS);
- X(CKR_SESSION_READ_ONLY_EXISTS);
- X(CKR_SESSION_READ_WRITE_SO_EXISTS);
- X(CKR_SIGNATURE_INVALID);
- X(CKR_SIGNATURE_LEN_RANGE);
- X(CKR_TEMPLATE_INCOMPLETE);
- X(CKR_TEMPLATE_INCONSISTENT);
- X(CKR_TOKEN_NOT_PRESENT);
- X(CKR_TOKEN_NOT_RECOGNIZED);
- X(CKR_TOKEN_WRITE_PROTECTED);
- X(CKR_UNWRAPPING_KEY_HANDLE_INVALID);
- X(CKR_UNWRAPPING_KEY_SIZE_RANGE);
- X(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT);
- X(CKR_USER_ALREADY_LOGGED_IN);
- X(CKR_USER_NOT_LOGGED_IN);
- X(CKR_USER_PIN_NOT_INITIALIZED);
- X(CKR_USER_TYPE_INVALID);
- X(CKR_USER_ANOTHER_ALREADY_LOGGED_IN);
- X(CKR_USER_TOO_MANY_TYPES);
- X(CKR_WRAPPED_KEY_INVALID);
- X(CKR_WRAPPED_KEY_LEN_RANGE);
- X(CKR_WRAPPING_KEY_HANDLE_INVALID);
- X(CKR_WRAPPING_KEY_SIZE_RANGE);
- X(CKR_WRAPPING_KEY_TYPE_INCONSISTENT);
- X(CKR_RANDOM_SEED_NOT_SUPPORTED);
- X(CKR_RANDOM_NO_RNG);
- X(CKR_DOMAIN_PARAMS_INVALID);
- X(CKR_BUFFER_TOO_SMALL);
- X(CKR_SAVED_STATE_INVALID);
- X(CKR_INFORMATION_SENSITIVE);
- X(CKR_STATE_UNSAVEABLE);
- X(CKR_CRYPTOKI_NOT_INITIALIZED);
- X(CKR_CRYPTOKI_ALREADY_INITIALIZED);
- X(CKR_MUTEX_BAD);
- X(CKR_MUTEX_NOT_LOCKED);
- X(CKR_FUNCTION_REJECTED);
- #undef X
-
- return 0;
-}
diff --git a/p11-kit/private.h b/p11-kit/private.h
deleted file mode 100644
index b363b17..0000000
--- a/p11-kit/private.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef __P11_KIT_PRIVATE_H__
-#define __P11_KIT_PRIVATE_H__
-
-#include "compat.h"
-#include "pkcs11.h"
-
-/* These are global variables to be overridden in tests */
-extern const char *p11_config_system_file;
-extern const char *p11_config_user_file;
-extern const char *p11_config_package_modules;
-extern const char *p11_config_system_modules;
-extern const char *p11_config_user_modules;
-
-CK_RV _p11_load_config_files_unlocked (const char *system_conf,
- const char *user_conf,
- int *user_mode);
-
-void _p11_kit_default_message (CK_RV rv);
-
-const char * _p11_get_progname_unlocked (void);
-
-void _p11_set_progname_unlocked (const char *progname);
-
-int p11_match_uri_module_info (CK_INFO_PTR one,
- CK_INFO_PTR two);
-
-int p11_match_uri_slot_info (CK_SLOT_INFO_PTR one,
- CK_SLOT_INFO_PTR two);
-
-int p11_match_uri_token_info (CK_TOKEN_INFO_PTR one,
- CK_TOKEN_INFO_PTR two);
-
-#endif /* __P11_KIT_PRIVATE_H__ */
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
deleted file mode 100644
index c554511..0000000
--- a/p11-kit/proxy.c
+++ /dev/null
@@ -1,2425 +0,0 @@
-/*
- * Copyright (C) 2008 Stefan Walter
- * Copyright (C) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#define P11_DEBUG_FLAG P11_DEBUG_PROXY
-#define CRYPTOKI_EXPORTS
-
-#include "debug.h"
-#include "dict.h"
-#include "library.h"
-#include "message.h"
-#include "modules.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "p11-kit.h"
-#include "private.h"
-#include "proxy.h"
-#include "virtual.h"
-
-#include <sys/types.h>
-#include <assert.h>
-#include <errno.h>
-#include <stdarg.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-/* Start wrap slots slightly higher for testing */
-#define MAPPING_OFFSET 0x10
-#define FIRST_HANDLE 0x10
-
-typedef struct _Mapping {
- CK_SLOT_ID wrap_slot;
- CK_SLOT_ID real_slot;
- CK_FUNCTION_LIST_PTR funcs;
-} Mapping;
-
-typedef struct _Session {
- CK_SESSION_HANDLE wrap_session;
- CK_SESSION_HANDLE real_session;
- CK_SLOT_ID wrap_slot;
-} Session;
-
-typedef struct {
- int refs;
- Mapping *mappings;
- unsigned int n_mappings;
- p11_dict *sessions;
- CK_FUNCTION_LIST **inited;
- unsigned int forkid;
-} Proxy;
-
-typedef struct _State {
- p11_virtual virt;
- struct _State *next;
- CK_FUNCTION_LIST *wrapped;
- CK_ULONG last_handle;
- Proxy *px;
-} State;
-
-static CK_FUNCTION_LIST **all_modules = NULL;
-static State *all_instances = NULL;
-static State global = { { { { -1, -1 }, NULL, }, }, NULL, NULL, FIRST_HANDLE, NULL };
-
-#define PROXY_VALID(px) ((px) && (px)->forkid == p11_forkid)
-#define PROXY_FORKED(px) ((px) && (px)->forkid != p11_forkid)
-
-#define MANUFACTURER_ID "PKCS#11 Kit "
-#define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module "
-#define LIBRARY_VERSION_MAJOR 1
-#define LIBRARY_VERSION_MINOR 1
-
-/* -----------------------------------------------------------------------------
- * PKCS#11 PROXY MODULE
- */
-
-static CK_RV
-map_slot_unlocked (Proxy *px,
- CK_SLOT_ID slot,
- Mapping *mapping)
-{
- assert (px != NULL);
- assert (mapping != NULL);
-
- if (slot < MAPPING_OFFSET)
- return CKR_SLOT_ID_INVALID;
- slot -= MAPPING_OFFSET;
-
- if (slot > px->n_mappings) {
- return CKR_SLOT_ID_INVALID;
- } else {
- assert (px->mappings);
- memcpy (mapping, &px->mappings[slot], sizeof (Mapping));
- return CKR_OK;
- }
-}
-
-static CK_RV
-map_slot_to_real (Proxy *px,
- CK_SLOT_ID_PTR slot,
- Mapping *mapping)
-{
- CK_RV rv;
-
- assert (mapping != NULL);
-
- p11_lock ();
-
- if (!PROXY_VALID (px))
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
- else
- rv = map_slot_unlocked (px, *slot, mapping);
- if (rv == CKR_OK)
- *slot = mapping->real_slot;
-
- p11_unlock ();
-
- return rv;
-}
-
-static CK_RV
-map_session_to_real (Proxy *px,
- CK_SESSION_HANDLE_PTR handle,
- Mapping *mapping,
- Session *session)
-{
- CK_RV rv = CKR_OK;
- Session *sess;
-
- assert (handle != NULL);
- assert (mapping != NULL);
-
- p11_lock ();
-
- if (!PROXY_VALID (px)) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
- } else {
- assert (px->sessions);
- sess = p11_dict_get (px->sessions, handle);
- if (sess != NULL) {
- *handle = sess->real_session;
- rv = map_slot_unlocked (px, sess->wrap_slot, mapping);
- if (session != NULL)
- memcpy (session, sess, sizeof (Session));
- } else {
- rv = CKR_SESSION_HANDLE_INVALID;
- }
- }
-
- p11_unlock ();
-
- return rv;
-}
-
-static void
-proxy_free (Proxy *py, unsigned finalize)
-{
- if (py) {
- if (finalize)
- p11_kit_modules_finalize (py->inited);
- free (py->inited);
- p11_dict_free (py->sessions);
- free (py->mappings);
- free (py);
- }
-}
-
-static CK_RV
-proxy_C_Finalize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR reserved)
-{
- Proxy *py = NULL;
- State *state = (State *)self;
- CK_RV rv = CKR_OK;
-
- p11_debug ("in");
-
- /* WARNING: This function must be reentrant */
-
- if (reserved) {
- rv = CKR_ARGUMENTS_BAD;
-
- } else {
- p11_lock ();
-
- if (!PROXY_VALID (state->px)) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
- py = state->px;
- state->px = NULL;
- } else if (state->px->refs-- == 1) {
- py = state->px;
- state->px = NULL;
- }
-
- p11_unlock ();
-
- proxy_free (py, 1);
- }
-
- p11_debug ("out: %lu", rv);
- return rv;
-}
-
-static CK_FUNCTION_LIST **
-modules_dup (CK_FUNCTION_LIST **modules)
-{
- int count = 0;
-
- while (modules[count] != NULL)
- count++;
-
- return memdup (modules, sizeof (CK_FUNCTION_LIST *) * (count + 1));
-}
-
-static CK_RV
-proxy_create (Proxy **res)
-{
- CK_FUNCTION_LIST_PTR *f;
- CK_FUNCTION_LIST_PTR funcs;
- CK_SLOT_ID_PTR slots;
- CK_ULONG i, count;
- CK_RV rv = CKR_OK;
- Proxy *py;
-
- py = calloc (1, sizeof (Proxy));
- return_val_if_fail (py != NULL, CKR_HOST_MEMORY);
-
- py->forkid = p11_forkid;
-
- py->inited = modules_dup (all_modules);
- return_val_if_fail (py->inited != NULL, CKR_HOST_MEMORY);
-
- rv = p11_kit_modules_initialize (py->inited, NULL);
-
- if (rv == CKR_OK) {
- for (f = py->inited; *f; ++f) {
- funcs = *f;
- assert (funcs != NULL);
- slots = NULL;
-
- /* Ask module for its slots */
- rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
- if (rv == CKR_OK && count) {
- slots = calloc (sizeof (CK_SLOT_ID), count);
- rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
- }
-
- if (rv != CKR_OK) {
- free (slots);
- break;
- }
-
- return_val_if_fail (count == 0 || slots != NULL, CKR_GENERAL_ERROR);
-
- py->mappings = realloc (py->mappings, sizeof (Mapping) * (py->n_mappings + count));
- return_val_if_fail (py->mappings != NULL, CKR_HOST_MEMORY);
-
- /* And now add a mapping for each of those slots */
- for (i = 0; i < count; ++i) {
- py->mappings[py->n_mappings].funcs = funcs;
- py->mappings[py->n_mappings].wrap_slot = py->n_mappings + MAPPING_OFFSET;
- py->mappings[py->n_mappings].real_slot = slots[i];
- ++py->n_mappings;
- }
-
- free (slots);
- }
- }
-
- if (rv != CKR_OK) {
- proxy_free (py, 1);
- return rv;
- }
-
- py->sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free);
- return_val_if_fail (py->sessions != NULL, CKR_HOST_MEMORY);
- py->refs = 1;
-
- *res = py;
- return CKR_OK;
-}
-
-static CK_RV
-proxy_C_Initialize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR init_args)
-{
- State *state = (State *)self;
- bool initialize = false;
- Proxy *py;
- CK_RV rv;
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant */
-
- p11_debug ("in");
-
- p11_lock ();
-
- if (!PROXY_VALID (state->px)) {
- unsigned call_finalize = 1;
-
- initialize = true;
- if (PROXY_FORKED(state->px))
- call_finalize = 0;
- proxy_free (state->px, call_finalize);
-
- state->px = NULL;
- } else {
- state->px->refs++;
- }
-
- p11_unlock ();
-
- if (!initialize) {
- p11_debug ("out: already: %lu", CKR_OK);
- return CKR_OK;
- }
-
- rv = proxy_create (&py);
- if (rv != CKR_OK) {
- p11_debug ("out: %lu", rv);
- return rv;
- }
-
- p11_lock ();
-
- if (state->px == NULL) {
- state->px = py;
- py = NULL;
- }
-
- p11_unlock ();
-
- proxy_free (py, 1);
- p11_debug ("out: 0");
- return rv;
-}
-
-static CK_RV
-proxy_C_GetInfo (CK_X_FUNCTION_LIST *self,
- CK_INFO_PTR info)
-{
- State *state = (State *)self;
- CK_RV rv = CKR_OK;
-
- p11_library_init_once ();
-
- return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
-
- p11_lock ();
-
- if (!PROXY_VALID (state->px))
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- p11_unlock ();
-
- if (rv != CKR_OK)
- return rv;
-
- memset (info, 0, sizeof (CK_INFO));
- info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR;
- info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR;
- info->libraryVersion.major = LIBRARY_VERSION_MAJOR;
- info->libraryVersion.minor = LIBRARY_VERSION_MINOR;
- info->flags = 0;
- strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
- strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32);
- return CKR_OK;
-}
-
-static CK_RV
-proxy_C_GetSlotList (CK_X_FUNCTION_LIST *self,
- CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- State *state = (State *)self;
- CK_SLOT_INFO info;
- Mapping *mapping;
- CK_ULONG index;
- CK_RV rv = CKR_OK;
- unsigned int i;
-
- return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD);
-
- p11_lock ();
-
- if (!PROXY_VALID (state->px)) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
- } else {
- index = 0;
-
- /* Go through and build up a map */
- for (i = 0; i < state->px->n_mappings; ++i) {
- mapping = &state->px->mappings[i];
-
- /* Skip ones without a token if requested */
- if (token_present) {
- rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info);
- if (rv != CKR_OK)
- break;
- if (!(info.flags & CKF_TOKEN_PRESENT))
- continue;
- }
-
- /* Fill in the slot if we can */
- if (slot_list && *count > index)
- slot_list[index] = mapping->wrap_slot;
-
- ++index;
- }
-
- if (slot_list && *count < index)
- rv = CKR_BUFFER_TOO_SMALL;
-
- *count = index;
- }
-
- p11_unlock ();
-
- return rv;
-}
-
-static CK_RV
-proxy_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID id,
- CK_SLOT_INFO_PTR info)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_slot_to_real (state->px, &id, &map);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GetSlotInfo) (id, info);
-}
-
-static CK_RV
-proxy_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID id,
- CK_TOKEN_INFO_PTR info)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_slot_to_real (state->px, &id, &map);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GetTokenInfo) (id, info);
-}
-
-static CK_RV
-proxy_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_slot_to_real (state->px, &id, &map);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GetMechanismList) (id, mechanism_list, count);
-}
-
-static CK_RV
-proxy_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_slot_to_real (state->px, &id, &map);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GetMechanismInfo) (id, type, info);
-}
-
-static CK_RV
-proxy_C_InitToken (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_slot_to_real (state->px, &id, &map);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_InitToken) (id, pin, pin_len, label);
-}
-
-static CK_RV
-proxy_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved)
-{
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-static CK_RV
-proxy_C_OpenSession (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR handle)
-{
- State *state = (State *)self;
- Session *sess;
- Mapping map;
- CK_RV rv;
-
- return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD);
-
- rv = map_slot_to_real (state->px, &id, &map);
- if (rv != CKR_OK)
- return rv;
-
- rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle);
-
- if (rv == CKR_OK) {
- p11_lock ();
-
- if (!PROXY_VALID (state->px)) {
- /*
- * The underlying module should have returned an error, so this
- * code should never be reached with properly behaving modules.
- * That's why we don't cleanup and close the newly opened session here
- * or anything like that.
- */
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- } else {
- sess = calloc (1, sizeof (Session));
- sess->wrap_slot = map.wrap_slot;
- sess->real_session = *handle;
- sess->wrap_session = ++state->last_handle; /* TODO: Handle wrapping, and then collisions */
- p11_dict_set (state->px->sessions, &sess->wrap_session, sess);
- *handle = sess->wrap_session;
- }
-
- p11_unlock ();
- }
-
- return rv;
-}
-
-static CK_RV
-proxy_C_CloseSession (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle)
-{
- State *state = (State *)self;
- CK_SESSION_HANDLE key;
- Mapping map;
- CK_RV rv;
-
- key = handle;
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- rv = (map.funcs->C_CloseSession) (handle);
-
- if (rv == CKR_OK) {
- p11_lock ();
-
- if (state->px)
- p11_dict_remove (state->px->sessions, &key);
-
- p11_unlock ();
- }
-
- return rv;
-}
-
-static CK_RV
-proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID id)
-{
- State *state = (State *)self;
- CK_SESSION_HANDLE_PTR to_close;
- CK_RV rv = CKR_OK;
- Session *sess;
- CK_ULONG i, count = 0;
- p11_dictiter iter;
-
- p11_lock ();
-
- if (!PROXY_VALID (state->px)) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
- } else {
- assert (state->px->sessions != NULL);
- to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (state->px->sessions));
- if (!to_close) {
- rv = CKR_HOST_MEMORY;
- } else {
- p11_dict_iterate (state->px->sessions, &iter);
- count = 0;
- while (p11_dict_next (&iter, NULL, (void**)&sess)) {
- if (sess->wrap_slot == id && to_close)
- to_close[count++] = sess->wrap_session;
- }
- }
- }
-
- p11_unlock ();
-
- if (rv != CKR_OK)
- return rv;
-
- for (i = 0; i < count; ++i)
- proxy_C_CloseSession (self, to_close[i]);
-
- free (to_close);
- return CKR_OK;
-}
-
-static CK_RV
-proxy_C_GetFunctionStatus (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GetFunctionStatus) (handle);
-}
-
-static CK_RV
-proxy_C_CancelFunction (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_CancelFunction) (handle);
-}
-
-static CK_RV
-proxy_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_SESSION_INFO_PTR info)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- if (info == NULL)
- return CKR_ARGUMENTS_BAD;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
-
- rv = (map.funcs->C_GetSessionInfo) (handle, info);
- if (rv == CKR_OK)
- info->slotID = map.wrap_slot;
-
- return rv;
-}
-
-static CK_RV
-proxy_C_InitPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
-
- return (map.funcs->C_InitPIN) (handle, pin, pin_len);
-}
-
-static CK_RV
-proxy_C_SetPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
-
- return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len);
-}
-
-static CK_RV
-proxy_C_GetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len);
-}
-
-static CK_RV
-proxy_C_SetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key);
-}
-
-static CK_RV
-proxy_C_Login (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
-
- return (map.funcs->C_Login) (handle, user_type, pin, pin_len);
-}
-
-static CK_RV
-proxy_C_Logout (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_Logout) (handle);
-}
-
-static CK_RV
-proxy_C_CreateObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
-
- return (map.funcs->C_CreateObject) (handle, template, count, new_object);
-}
-
-static CK_RV
-proxy_C_CopyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_CopyObject) (handle, object, template, count, new_object);
-}
-
-static CK_RV
-proxy_C_DestroyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DestroyObject) (handle, object);
-}
-
-static CK_RV
-proxy_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GetObjectSize) (handle, object, size);
-}
-
-static CK_RV
-proxy_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GetAttributeValue) (handle, object, template, count);
-}
-
-static CK_RV
-proxy_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_SetAttributeValue) (handle, object, template, count);
-}
-
-static CK_RV
-proxy_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_FindObjectsInit) (handle, template, count);
-}
-
-static CK_RV
-proxy_C_FindObjects (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_FindObjects) (handle, objects, max_count, count);
-}
-
-static CK_RV
-proxy_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_FindObjectsFinal) (handle);
-}
-
-static CK_RV
-proxy_C_EncryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_EncryptInit) (handle, mechanism, key);
-}
-
-static CK_RV
-proxy_C_Encrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_Encrypt) (handle, input, input_len, encrypted_data, encrypted_data_len);
-}
-
-static CK_RV
-proxy_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len);
-}
-
-static CK_RV
-proxy_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len);
-}
-
-static CK_RV
-proxy_C_DecryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DecryptInit) (handle, mechanism, key);
-}
-
-static CK_RV
-proxy_C_Decrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_data,
- CK_ULONG enc_data_len,
- CK_BYTE_PTR output,
- CK_ULONG_PTR output_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, output, output_len);
-}
-
-static CK_RV
-proxy_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len);
-}
-
-static CK_RV
-proxy_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len);
-}
-
-static CK_RV
-proxy_C_DigestInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DigestInit) (handle, mechanism);
-}
-
-static CK_RV
-proxy_C_Digest (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_Digest) (handle, input, input_len, digest, digest_len);
-}
-
-static CK_RV
-proxy_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DigestUpdate) (handle, part, part_len);
-}
-
-static CK_RV
-proxy_C_DigestKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DigestKey) (handle, key);
-}
-
-static CK_RV
-proxy_C_DigestFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DigestFinal) (handle, digest, digest_len);
-}
-
-static CK_RV
-proxy_C_SignInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_SignInit) (handle, mechanism, key);
-}
-
-static CK_RV
-proxy_C_Sign (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_Sign) (handle, input, input_len, signature, signature_len);
-}
-
-static CK_RV
-proxy_C_SignUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_SignUpdate) (handle, part, part_len);
-}
-
-static CK_RV
-proxy_C_SignFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_SignFinal) (handle, signature, signature_len);
-}
-
-static CK_RV
-proxy_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_SignRecoverInit) (handle, mechanism, key);
-}
-
-static CK_RV
-proxy_C_SignRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_SignRecover) (handle, input, input_len, signature, signature_len);
-}
-
-static CK_RV
-proxy_C_VerifyInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_VerifyInit) (handle, mechanism, key);
-}
-
-static CK_RV
-proxy_C_Verify (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_Verify) (handle, input, input_len, signature, signature_len);
-}
-
-static CK_RV
-proxy_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_VerifyUpdate) (handle, part, part_len);
-}
-
-static CK_RV
-proxy_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_VerifyFinal) (handle, signature, signature_len);
-}
-
-static CK_RV
-proxy_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key);
-}
-
-static CK_RV
-proxy_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR output,
- CK_ULONG_PTR output_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, output, output_len);
-}
-
-static CK_RV
-proxy_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len);
-}
-
-static CK_RV
-proxy_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len);
-}
-
-static CK_RV
-proxy_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len);
-}
-
-static CK_RV
-proxy_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len);
-}
-
-static CK_RV
-proxy_C_GenerateKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key);
-}
-
-static CK_RV
-proxy_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR pub_template,
- CK_ULONG pub_count,
- CK_ATTRIBUTE_PTR priv_template,
- CK_ULONG priv_count,
- CK_OBJECT_HANDLE_PTR pub_key,
- CK_OBJECT_HANDLE_PTR priv_key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key);
-}
-
-static CK_RV
-proxy_C_WrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len);
-}
-
-static CK_RV
-proxy_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key);
-}
-
-static CK_RV
-proxy_C_DeriveKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key);
-}
-
-static CK_RV
-proxy_C_SeedRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_SeedRandom) (handle, seed, seed_len);
-}
-
-static CK_RV
-proxy_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE handle,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len)
-{
- State *state = (State *)self;
- Mapping map;
- CK_RV rv;
-
- rv = map_session_to_real (state->px, &handle, &map, NULL);
- if (rv != CKR_OK)
- return rv;
- return (map.funcs->C_GenerateRandom) (handle, random_data, random_len);
-}
-
-/* --------------------------------------------------------------------
- * Global module functions
- */
-
-static CK_FUNCTION_LIST module_functions;
-
-static CK_RV
-module_C_Initialize (CK_VOID_PTR init_args)
-{
- return proxy_C_Initialize (&global.virt.funcs, init_args);
-}
-
-static CK_RV
-module_C_Finalize (CK_VOID_PTR reserved)
-{
- return proxy_C_Finalize (&global.virt.funcs, reserved);
-}
-
-static CK_RV
-module_C_GetInfo (CK_INFO_PTR info)
-{
- return proxy_C_GetInfo (&global.virt.funcs, info);
-}
-
-static CK_RV
-module_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
- return_val_if_fail (list != NULL, CKR_ARGUMENTS_BAD);
- *list = &module_functions;
- return CKR_OK;
-}
-
-static CK_RV
-module_C_GetSlotList (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- return proxy_C_GetSlotList (&global.virt.funcs, token_present, slot_list, count);
-}
-
-static CK_RV
-module_C_GetSlotInfo (CK_SLOT_ID id,
- CK_SLOT_INFO_PTR info)
-{
- return proxy_C_GetSlotInfo (&global.virt.funcs, id, info);
-}
-
-static CK_RV
-module_C_GetTokenInfo (CK_SLOT_ID id,
- CK_TOKEN_INFO_PTR info)
-{
- return proxy_C_GetTokenInfo (&global.virt.funcs, id, info);
-}
-
-static CK_RV
-module_C_GetMechanismList (CK_SLOT_ID id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count)
-{
- return proxy_C_GetMechanismList (&global.virt.funcs, id, mechanism_list, count);
-}
-
-static CK_RV
-module_C_GetMechanismInfo (CK_SLOT_ID id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info)
-{
- return proxy_C_GetMechanismInfo (&global.virt.funcs, id, type, info);
-}
-
-static CK_RV
-module_C_InitToken (CK_SLOT_ID id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label)
-{
- return proxy_C_InitToken (&global.virt.funcs, id, pin, pin_len, label);
-}
-
-static CK_RV
-module_C_WaitForSlotEvent (CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved)
-{
- return proxy_C_WaitForSlotEvent (&global.virt.funcs, flags, slot, reserved);
-}
-
-static CK_RV
-module_C_OpenSession (CK_SLOT_ID id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR handle)
-{
- return proxy_C_OpenSession (&global.virt.funcs, id, flags, user_data, callback,
- handle);
-}
-
-static CK_RV
-module_C_CloseSession (CK_SESSION_HANDLE handle)
-{
- return proxy_C_CloseSession (&global.virt.funcs, handle);
-}
-
-static CK_RV
-module_C_CloseAllSessions (CK_SLOT_ID id)
-{
- return proxy_C_CloseAllSessions (&global.virt.funcs, id);
-}
-
-static CK_RV
-module_C_GetFunctionStatus (CK_SESSION_HANDLE handle)
-{
- return proxy_C_GetFunctionStatus (&global.virt.funcs, handle);
-}
-
-static CK_RV
-module_C_CancelFunction (CK_SESSION_HANDLE handle)
-{
- return proxy_C_CancelFunction (&global.virt.funcs, handle);
-}
-
-static CK_RV
-module_C_GetSessionInfo (CK_SESSION_HANDLE handle,
- CK_SESSION_INFO_PTR info)
-{
- return proxy_C_GetSessionInfo (&global.virt.funcs, handle, info);
-}
-
-static CK_RV
-module_C_InitPIN (CK_SESSION_HANDLE handle,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- return proxy_C_InitPIN (&global.virt.funcs, handle, pin, pin_len);
-}
-
-static CK_RV
-module_C_SetPIN (CK_SESSION_HANDLE handle,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len)
-{
- return proxy_C_SetPIN (&global.virt.funcs, handle, old_pin, old_pin_len, new_pin,
- new_pin_len);
-}
-
-static CK_RV
-module_C_GetOperationState (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len)
-{
- return proxy_C_GetOperationState (&global.virt.funcs, handle, operation_state,
- operation_state_len);
-}
-
-static CK_RV
-module_C_SetOperationState (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key)
-{
- return proxy_C_SetOperationState (&global.virt.funcs, handle, operation_state,
- operation_state_len, encryption_key,
- authentication_key);
-}
-
-static CK_RV
-module_C_Login (CK_SESSION_HANDLE handle,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- return proxy_C_Login (&global.virt.funcs, handle, user_type, pin, pin_len);
-}
-
-static CK_RV
-module_C_Logout (CK_SESSION_HANDLE handle)
-{
- return proxy_C_Logout (&global.virt.funcs, handle);
-}
-
-static CK_RV
-module_C_CreateObject (CK_SESSION_HANDLE handle,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- return proxy_C_CreateObject (&global.virt.funcs, handle, template, count,
- new_object);
-}
-
-static CK_RV
-module_C_CopyObject (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- return proxy_C_CopyObject (&global.virt.funcs, handle, object, template, count,
- new_object);
-}
-
-static CK_RV
-module_C_DestroyObject (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object)
-{
- return proxy_C_DestroyObject (&global.virt.funcs, handle, object);
-}
-
-static CK_RV
-module_C_GetObjectSize (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size)
-{
- return proxy_C_GetObjectSize (&global.virt.funcs, handle, object, size);
-}
-
-static CK_RV
-module_C_GetAttributeValue (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return proxy_C_GetAttributeValue (&global.virt.funcs, handle, object, template,
- count);
-}
-
-static CK_RV
-module_C_SetAttributeValue (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return proxy_C_SetAttributeValue (&global.virt.funcs, handle, object, template,
- count);
-}
-
-static CK_RV
-module_C_FindObjectsInit (CK_SESSION_HANDLE handle,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- return proxy_C_FindObjectsInit (&global.virt.funcs, handle, template, count);
-}
-
-static CK_RV
-module_C_FindObjects (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count)
-{
- return proxy_C_FindObjects (&global.virt.funcs, handle, objects, max_count, count);
-}
-
-static CK_RV
-module_C_FindObjectsFinal (CK_SESSION_HANDLE handle)
-{
- return proxy_C_FindObjectsFinal (&global.virt.funcs, handle);
-}
-
-static CK_RV
-module_C_EncryptInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return proxy_C_EncryptInit (&global.virt.funcs, handle, mechanism, key);
-}
-
-static CK_RV
-module_C_Encrypt (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len)
-{
- return proxy_C_Encrypt (&global.virt.funcs, handle, data, data_len,
- encrypted_data, encrypted_data_len);
-}
-
-static CK_RV
-module_C_EncryptUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- return proxy_C_EncryptUpdate (&global.virt.funcs, handle, part, part_len,
- encrypted_part, encrypted_part_len);
-}
-
-static CK_RV
-module_C_EncryptFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return proxy_C_EncryptFinal (&global.virt.funcs, handle, last_part, last_part_len);
-}
-
-static CK_RV
-module_C_DecryptInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return proxy_C_DecryptInit (&global.virt.funcs, handle, mechanism, key);
-}
-
-static CK_RV
-module_C_Decrypt (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_data,
- CK_ULONG enc_data_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return proxy_C_Decrypt (&global.virt.funcs, handle, enc_data, enc_data_len,
- data, data_len);
-}
-
-static CK_RV
-module_C_DecryptUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return proxy_C_DecryptUpdate (&global.virt.funcs, handle, enc_part, enc_part_len,
- part, part_len);
-}
-
-static CK_RV
-module_C_DecryptFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return proxy_C_DecryptFinal (&global.virt.funcs, handle, last_part, last_part_len);
-}
-
-static CK_RV
-module_C_DigestInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism)
-{
- return proxy_C_DigestInit (&global.virt.funcs, handle, mechanism);
-}
-
-static CK_RV
-module_C_Digest (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return proxy_C_Digest (&global.virt.funcs, handle, data, data_len, digest,
- digest_len);
-}
-
-static CK_RV
-module_C_DigestUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return proxy_C_DigestUpdate (&global.virt.funcs, handle, part, part_len);
-}
-
-static CK_RV
-module_C_DigestKey (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE key)
-{
- return proxy_C_DigestKey (&global.virt.funcs, handle, key);
-}
-
-static CK_RV
-module_C_DigestFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return proxy_C_DigestFinal (&global.virt.funcs, handle, digest, digest_len);
-}
-
-static CK_RV
-module_C_SignInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return proxy_C_SignInit (&global.virt.funcs, handle, mechanism, key);
-}
-
-static CK_RV
-module_C_Sign (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return proxy_C_Sign (&global.virt.funcs, handle, data, data_len, signature,
- signature_len);
-}
-
-static CK_RV
-module_C_SignUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return proxy_C_SignUpdate (&global.virt.funcs, handle, part, part_len);
-}
-
-static CK_RV
-module_C_SignFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return proxy_C_SignFinal (&global.virt.funcs, handle, signature, signature_len);
-}
-
-static CK_RV
-module_C_SignRecoverInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return proxy_C_SignRecoverInit (&global.virt.funcs, handle, mechanism, key);
-}
-
-static CK_RV
-module_C_SignRecover (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return proxy_C_SignRecover (&global.virt.funcs, handle, data, data_len,
- signature, signature_len);
-}
-
-static CK_RV
-module_C_VerifyInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return proxy_C_VerifyInit (&global.virt.funcs, handle, mechanism, key);
-}
-
-static CK_RV
-module_C_Verify (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- return proxy_C_Verify (&global.virt.funcs, handle, data, data_len, signature,
- signature_len);
-}
-
-static CK_RV
-module_C_VerifyUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return proxy_C_VerifyUpdate (&global.virt.funcs, handle, part, part_len);
-}
-
-static CK_RV
-module_C_VerifyFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- return proxy_C_VerifyFinal (&global.virt.funcs, handle, signature, signature_len);
-}
-
-static CK_RV
-module_C_VerifyRecoverInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return proxy_C_VerifyRecoverInit (&global.virt.funcs, handle, mechanism, key);
-}
-
-static CK_RV
-module_C_VerifyRecover (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return proxy_C_VerifyRecover (&global.virt.funcs, handle, signature, signature_len,
- data, data_len);
-}
-
-static CK_RV
-module_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return proxy_C_DigestEncryptUpdate (&global.virt.funcs, handle, part, part_len,
- enc_part, enc_part_len);
-}
-
-static CK_RV
-module_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return proxy_C_DecryptDigestUpdate (&global.virt.funcs, handle, enc_part,
- enc_part_len, part, part_len);
-}
-
-static CK_RV
-module_C_SignEncryptUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return proxy_C_SignEncryptUpdate (&global.virt.funcs, handle, part, part_len,
- enc_part, enc_part_len);
-}
-
-static CK_RV
-module_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return proxy_C_DecryptVerifyUpdate (&global.virt.funcs, handle, enc_part,
- enc_part_len, part, part_len);
-}
-
-static CK_RV
-module_C_GenerateKey (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return proxy_C_GenerateKey (&global.virt.funcs, handle, mechanism, template, count,
- key);
-}
-
-static CK_RV
-module_C_GenerateKeyPair (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR pub_template,
- CK_ULONG pub_count,
- CK_ATTRIBUTE_PTR priv_template,
- CK_ULONG priv_count,
- CK_OBJECT_HANDLE_PTR pub_key,
- CK_OBJECT_HANDLE_PTR priv_key)
-{
- return proxy_C_GenerateKeyPair (&global.virt.funcs, handle, mechanism, pub_template,
- pub_count, priv_template, priv_count,
- pub_key, priv_key);
-}
-
-static CK_RV
-module_C_WrapKey (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len)
-{
- return proxy_C_WrapKey (&global.virt.funcs, handle, mechanism, wrapping_key,
- key, wrapped_key, wrapped_key_len);
-}
-
-static CK_RV
-module_C_UnwrapKey (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return proxy_C_UnwrapKey (&global.virt.funcs, handle, mechanism, unwrapping_key,
- wrapped_key, wrapped_key_len, template,
- count, key);
-}
-
-static CK_RV
-module_C_DeriveKey (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return proxy_C_DeriveKey (&global.virt.funcs, handle, mechanism, base_key,
- template, count, key);
-}
-
-static CK_RV
-module_C_SeedRandom (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len)
-{
- return proxy_C_SeedRandom (&global.virt.funcs, handle, seed, seed_len);
-}
-
-static CK_RV
-module_C_GenerateRandom (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len)
-{
- return proxy_C_GenerateRandom (&global.virt.funcs, handle, random_data, random_len);
-}
-
-/* --------------------------------------------------------------------
- * MODULE ENTRY POINT
- */
-
-static CK_FUNCTION_LIST module_functions = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
- module_C_Initialize,
- module_C_Finalize,
- module_C_GetInfo,
- module_C_GetFunctionList,
- module_C_GetSlotList,
- module_C_GetSlotInfo,
- module_C_GetTokenInfo,
- module_C_GetMechanismList,
- module_C_GetMechanismInfo,
- module_C_InitToken,
- module_C_InitPIN,
- module_C_SetPIN,
- module_C_OpenSession,
- module_C_CloseSession,
- module_C_CloseAllSessions,
- module_C_GetSessionInfo,
- module_C_GetOperationState,
- module_C_SetOperationState,
- module_C_Login,
- module_C_Logout,
- module_C_CreateObject,
- module_C_CopyObject,
- module_C_DestroyObject,
- module_C_GetObjectSize,
- module_C_GetAttributeValue,
- module_C_SetAttributeValue,
- module_C_FindObjectsInit,
- module_C_FindObjects,
- module_C_FindObjectsFinal,
- module_C_EncryptInit,
- module_C_Encrypt,
- module_C_EncryptUpdate,
- module_C_EncryptFinal,
- module_C_DecryptInit,
- module_C_Decrypt,
- module_C_DecryptUpdate,
- module_C_DecryptFinal,
- module_C_DigestInit,
- module_C_Digest,
- module_C_DigestUpdate,
- module_C_DigestKey,
- module_C_DigestFinal,
- module_C_SignInit,
- module_C_Sign,
- module_C_SignUpdate,
- module_C_SignFinal,
- module_C_SignRecoverInit,
- module_C_SignRecover,
- module_C_VerifyInit,
- module_C_Verify,
- module_C_VerifyUpdate,
- module_C_VerifyFinal,
- module_C_VerifyRecoverInit,
- module_C_VerifyRecover,
- module_C_DigestEncryptUpdate,
- module_C_DecryptDigestUpdate,
- module_C_SignEncryptUpdate,
- module_C_DecryptVerifyUpdate,
- module_C_GenerateKey,
- module_C_GenerateKeyPair,
- module_C_WrapKey,
- module_C_UnwrapKey,
- module_C_DeriveKey,
- module_C_SeedRandom,
- module_C_GenerateRandom,
- module_C_GetFunctionStatus,
- module_C_CancelFunction,
- module_C_WaitForSlotEvent
-};
-
-static CK_X_FUNCTION_LIST proxy_functions = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
- proxy_C_Initialize,
- proxy_C_Finalize,
- proxy_C_GetInfo,
- proxy_C_GetSlotList,
- proxy_C_GetSlotInfo,
- proxy_C_GetTokenInfo,
- proxy_C_GetMechanismList,
- proxy_C_GetMechanismInfo,
- proxy_C_InitToken,
- proxy_C_InitPIN,
- proxy_C_SetPIN,
- proxy_C_OpenSession,
- proxy_C_CloseSession,
- proxy_C_CloseAllSessions,
- proxy_C_GetSessionInfo,
- proxy_C_GetOperationState,
- proxy_C_SetOperationState,
- proxy_C_Login,
- proxy_C_Logout,
- proxy_C_CreateObject,
- proxy_C_CopyObject,
- proxy_C_DestroyObject,
- proxy_C_GetObjectSize,
- proxy_C_GetAttributeValue,
- proxy_C_SetAttributeValue,
- proxy_C_FindObjectsInit,
- proxy_C_FindObjects,
- proxy_C_FindObjectsFinal,
- proxy_C_EncryptInit,
- proxy_C_Encrypt,
- proxy_C_EncryptUpdate,
- proxy_C_EncryptFinal,
- proxy_C_DecryptInit,
- proxy_C_Decrypt,
- proxy_C_DecryptUpdate,
- proxy_C_DecryptFinal,
- proxy_C_DigestInit,
- proxy_C_Digest,
- proxy_C_DigestUpdate,
- proxy_C_DigestKey,
- proxy_C_DigestFinal,
- proxy_C_SignInit,
- proxy_C_Sign,
- proxy_C_SignUpdate,
- proxy_C_SignFinal,
- proxy_C_SignRecoverInit,
- proxy_C_SignRecover,
- proxy_C_VerifyInit,
- proxy_C_Verify,
- proxy_C_VerifyUpdate,
- proxy_C_VerifyFinal,
- proxy_C_VerifyRecoverInit,
- proxy_C_VerifyRecover,
- proxy_C_DigestEncryptUpdate,
- proxy_C_DecryptDigestUpdate,
- proxy_C_SignEncryptUpdate,
- proxy_C_DecryptVerifyUpdate,
- proxy_C_GenerateKey,
- proxy_C_GenerateKeyPair,
- proxy_C_WrapKey,
- proxy_C_UnwrapKey,
- proxy_C_DeriveKey,
- proxy_C_SeedRandom,
- proxy_C_GenerateRandom,
- proxy_C_WaitForSlotEvent,
-};
-
-#ifdef OS_WIN32
-__declspec(dllexport)
-#endif
-CK_RV
-C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
- CK_FUNCTION_LIST_PTR module = NULL;
- CK_FUNCTION_LIST **loaded;
- State *state;
- CK_RV rv = CKR_OK;
-
- p11_library_init_once ();
- p11_lock ();
-
- if (all_modules == NULL) {
- /* WARNING: Reentrancy can occur here */
- rv = p11_modules_load_inlock_reentrant (0, &loaded);
- if (rv == CKR_OK) {
- if (all_modules == NULL)
- all_modules = loaded;
- else
- p11_modules_release_inlock_reentrant (loaded);
- }
- }
-
- if (rv == CKR_OK && p11_virtual_can_wrap ()) {
- state = calloc (1, sizeof (State));
- if (!state) {
- rv = CKR_HOST_MEMORY;
-
- } else {
- p11_virtual_init (&state->virt, &proxy_functions, state, NULL);
- state->last_handle = FIRST_HANDLE;
-
- module = p11_virtual_wrap (&state->virt, free);
- if (module == NULL) {
- rv = CKR_GENERAL_ERROR;
-
- } else {
- state->wrapped = module;
- state->next = all_instances;
- all_instances = state;
- }
- }
- }
-
- if (rv == CKR_OK) {
- if (module == NULL)
- module = &module_functions;
-
- /* We use this as a check below */
- module->C_WaitForSlotEvent = module_C_WaitForSlotEvent;
- *list = module;
- }
-
- p11_unlock ();
-
- return rv;
-}
-
-void
-p11_proxy_module_cleanup (void)
-{
- State *state, *next;
-
- state = all_instances;
- all_instances = NULL;
-
- for (; state != NULL; state = next) {
- next = state->next;
- p11_virtual_unwrap (state->wrapped);
- }
-
- if (all_modules) {
- p11_kit_modules_release (all_modules);
- all_modules = NULL;
- }
-}
-
-bool
-p11_proxy_module_check (CK_FUNCTION_LIST_PTR module)
-{
- return (module->C_WaitForSlotEvent == module_C_WaitForSlotEvent);
-}
diff --git a/p11-kit/proxy.h b/p11-kit/proxy.h
deleted file mode 100644
index f3d56d7..0000000
--- a/p11-kit/proxy.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef __P11_PROXY_H__
-#define __P11_PROXY_H__
-
-bool p11_proxy_module_check (CK_FUNCTION_LIST_PTR module);
-
-void p11_proxy_module_cleanup (void);
-
-
-#endif /* __P11_PROXY_H__ */
diff --git a/p11-kit/remote.c b/p11-kit/remote.c
deleted file mode 100644
index 7717277..0000000
--- a/p11-kit/remote.c
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright (C) 2014 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#include "debug.h"
-#include "message.h"
-#include "p11-kit.h"
-#include "remote.h"
-#include "tool.h"
-
-#include <assert.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-int
-main (int argc,
- char *argv[])
-{
- CK_FUNCTION_LIST *module;
- int opt;
- int ret;
-
- enum {
- opt_verbose = 'v',
- opt_help = 'h',
- };
-
- struct option options[] = {
- { "verbose", no_argument, NULL, opt_verbose },
- { "help", no_argument, NULL, opt_help },
- { 0 },
- };
-
- p11_tool_desc usages[] = {
- { 0, "usage: p11-kit remote <module>" },
- { 0 },
- };
-
- while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
- switch (opt) {
- case opt_verbose:
- p11_kit_be_loud ();
- break;
- case opt_help:
- case '?':
- p11_tool_usage (usages, options);
- return 0;
- default:
- assert_not_reached ();
- break;
- }
- }
-
- argc -= optind;
- argv += optind;
-
- if (argc != 1) {
- p11_message ("specify the module to remote");
- return 2;
- }
-
- if (isatty (0)) {
- p11_message ("the 'remote' tool is not meant to be run from a terminal");
- return 2;
- }
-
- module = p11_kit_module_load (argv[0], 0);
- if (module == NULL)
- return 1;
-
- ret = p11_kit_remote_serve_module (module, 0, 1);
- p11_kit_module_release (module);
-
- return ret;
-}
diff --git a/p11-kit/remote.h b/p11-kit/remote.h
deleted file mode 100644
index 12cbe6d..0000000
--- a/p11-kit/remote.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 2014 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef __P11_KIT_REMOTE_H__
-#define __P11_KIT_REMOTE_H__
-
-#include "p11-kit/p11-kit.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef P11_KIT_FUTURE_UNSTABLE_API
-
-int p11_kit_remote_serve_module (CK_FUNCTION_LIST *module,
- int in_fd,
- int out_fd);
-
-#endif
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* __P11_KIT_REMOTE_H__ */
diff --git a/p11-kit/rpc-client.c b/p11-kit/rpc-client.c
deleted file mode 100644
index c69dcfd..0000000
--- a/p11-kit/rpc-client.c
+++ /dev/null
@@ -1,2104 +0,0 @@
-/*
- * Copyright (C) 2008 Stefan Walter
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_RPC
-#include "debug.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "library.h"
-#include "message.h"
-#include "private.h"
-#include "rpc.h"
-#include "rpc-message.h"
-#include "virtual.h"
-
-#include <assert.h>
-#include <string.h>
-#include <unistd.h>
-
-/* The error used by us when parsing of rpc message fails */
-#define PARSE_ERROR CKR_DEVICE_ERROR
-
-typedef struct {
- p11_mutex_t mutex;
- p11_rpc_client_vtable *vtable;
- unsigned int initialized_forkid;
- bool initialize_done;
-} rpc_client;
-
-/* Allocator for call session buffers */
-static void *
-log_allocator (void *pointer,
- size_t size)
-{
- void *result = realloc (pointer, (size_t)size);
- return_val_if_fail (!size || result != NULL, NULL);
- return result;
-}
-
-static CK_RV
-call_prepare (rpc_client *module,
- p11_rpc_message *msg,
- int call_id)
-{
- p11_buffer *buffer;
-
- assert (module != NULL);
- assert (msg != NULL);
-
- if (module->initialized_forkid != p11_forkid)
- return CKR_CRYPTOKI_NOT_INITIALIZED;
- if (!module->initialize_done)
- return CKR_DEVICE_REMOVED;
-
- buffer = p11_rpc_buffer_new_full (64, log_allocator, free);
- return_val_if_fail (buffer != NULL, CKR_GENERAL_ERROR);
-
- /* We use the same buffer for reading and writing */
- p11_rpc_message_init (msg, buffer, buffer);
-
- /* Put in the Call ID and signature */
- if (!p11_rpc_message_prep (msg, call_id, P11_RPC_REQUEST))
- return_val_if_reached (CKR_HOST_MEMORY);
-
- p11_debug ("prepared call: %d", call_id);
- return CKR_OK;
-}
-
-static CK_RV
-call_run (rpc_client *module,
- p11_rpc_message *msg)
-{
- CK_RV ret = CKR_OK;
- CK_ULONG ckerr;
-
- int call_id;
-
- assert (module != NULL);
- assert (msg != NULL);
-
- /* Did building the call fail? */
- if (p11_buffer_failed (msg->output))
- return_val_if_reached (CKR_HOST_MEMORY);
-
- /* Make sure that the signature is valid */
- assert (p11_rpc_message_is_verified (msg));
- call_id = msg->call_id;
-
- /* Do the transport send and receive */
- assert (module->vtable->transport != NULL);
- ret = (module->vtable->transport) (module->vtable,
- msg->output,
- msg->input);
-
- if (ret != CKR_OK)
- return ret;
-
- if (!p11_rpc_message_parse (msg, P11_RPC_RESPONSE))
- return CKR_DEVICE_ERROR;
-
- /* If it's an error code then return it */
- if (msg->call_id == P11_RPC_CALL_ERROR) {
- if (!p11_rpc_message_read_ulong (msg, &ckerr)) {
- p11_message ("invalid rpc error response: too short");
- return CKR_DEVICE_ERROR;
- }
-
- if (ckerr <= CKR_OK) {
- p11_message ("invalid rpc error response: bad error code");
- return CKR_DEVICE_ERROR;
- }
-
- /* An error code from the other side */
- return (CK_RV)ckerr;
- }
-
- /* Make sure other side answered the right call */
- if (call_id != msg->call_id) {
- p11_message ("invalid rpc response: call mismatch");
- return CKR_DEVICE_ERROR;
- }
-
- assert (!p11_buffer_failed (msg->input));
-
- p11_debug ("parsing response values");
- return CKR_OK;
-}
-
-static CK_RV
-call_done (rpc_client *module,
- p11_rpc_message *msg,
- CK_RV ret)
-{
- assert (module != NULL);
- assert (msg != NULL);
-
- /* Check for parsing errors that were not caught elsewhere */
- if (ret == CKR_OK) {
- if (p11_buffer_failed (msg->input)) {
- p11_message ("invalid rpc response: bad argument data");
- ret = CKR_GENERAL_ERROR;
- } else {
- /* Double check that the signature matched our decoding */
- assert (p11_rpc_message_is_verified (msg));
- }
- }
-
- /* We used the same buffer for input/output, so this frees both */
- assert (msg->input == msg->output);
- p11_rpc_buffer_free (msg->input);
-
- p11_rpc_message_clear (msg);
-
- return ret;
-}
-
-/* -----------------------------------------------------------------------------
- * MODULE SPECIFIC PROTOCOL CODE
- */
-
-static CK_RV
-proto_read_attribute_array (p11_rpc_message *msg,
- CK_ATTRIBUTE_PTR arr,
- CK_ULONG len)
-{
- uint32_t i, num, value, type;
- CK_ATTRIBUTE_PTR attr;
- const unsigned char *attrval = NULL;
- size_t attrlen = 0;
- unsigned char validity;
- CK_RV ret;
-
- assert (len != 0);
- assert (msg != NULL);
- assert (msg->input != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA"));
-
- /* Get the number of items. We need this value to be correct */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &num))
- return PARSE_ERROR;
-
- /*
- * This should never happen in normal operation. It denotes a goof up
- * on the other side of our RPC. We should be indicating the exact number
- * of attributes to the other side. And it should respond with the same
- * number.
- */
- if (len != num) {
- p11_message ("received an attribute array with wrong number of attributes");
- return PARSE_ERROR;
- }
-
- ret = CKR_OK;
-
- /* We need to go ahead and read everything in all cases */
- for (i = 0; i < num; ++i) {
-
- /* The attribute type */
- p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &type);
-
- /* Attribute validity */
- p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &validity);
-
- /* And the data itself */
- if (validity) {
- if (p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value) &&
- p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &attrval, &attrlen)) {
- if (attrval && value != attrlen) {
- p11_message ("attribute length does not match attribute data");
- return PARSE_ERROR;
- }
- attrlen = value;
- }
- }
-
- /* Don't act on this data unless no errors */
- if (p11_buffer_failed (msg->input))
- break;
-
- /* Try and stuff it in the output data */
- if (arr) {
- attr = &(arr[i]);
- if (attr->type != type) {
- p11_message ("returned attributes in invalid order");
- return PARSE_ERROR;
- }
-
- if (validity) {
- /* Just requesting the attribute size */
- if (!attr->pValue) {
- attr->ulValueLen = attrlen;
-
- /* Wants attribute data, but too small */
- } else if (attr->ulValueLen < attrlen) {
- attr->ulValueLen = attrlen;
- ret = CKR_BUFFER_TOO_SMALL;
-
- /* Wants attribute data, value is null */
- } else if (attrval == NULL) {
- attr->ulValueLen = 0;
-
- /* Wants attribute data, enough space */
- } else {
- attr->ulValueLen = attrlen;
- memcpy (attr->pValue, attrval, attrlen);
- }
-
- /* Not a valid attribute */
- } else {
- attr->ulValueLen = ((CK_ULONG)-1);
- }
- }
- }
-
- if (p11_buffer_failed (msg->input))
- return PARSE_ERROR;
-
- /* Read in the code that goes along with these attributes */
- if (!p11_rpc_message_read_ulong (msg, &ret))
- return PARSE_ERROR;
-
- return ret;
-}
-
-static CK_RV
-proto_read_byte_array (p11_rpc_message *msg,
- CK_BYTE_PTR arr,
- CK_ULONG_PTR len,
- CK_ULONG max)
-{
- const unsigned char *val;
- unsigned char valid;
- uint32_t length;
- size_t vlen;
-
- assert (len != NULL);
- assert (msg != NULL);
- assert (msg->input != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay"));
-
- /* A single byte which determines whether valid or not */
- if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid))
- return PARSE_ERROR;
-
- /* If not valid, then just the length is encoded, this can signify CKR_BUFFER_TOO_SMALL */
- if (!valid) {
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length))
- return PARSE_ERROR;
-
- *len = length;
-
- if (arr)
- return CKR_BUFFER_TOO_SMALL;
- else
- return CKR_OK;
- }
-
- /* Get the actual bytes */
- if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &val, &vlen))
- return PARSE_ERROR;
-
- *len = vlen;
-
- /* Just asking us for size */
- if (!arr)
- return CKR_OK;
-
- if (max < vlen)
- return CKR_BUFFER_TOO_SMALL;
-
- /* Enough space, yay */
- memcpy (arr, val, vlen);
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_ulong_array (p11_rpc_message *msg, CK_ULONG_PTR arr,
- CK_ULONG_PTR len, CK_ULONG max)
-{
- uint32_t i, num;
- uint64_t val;
- unsigned char valid;
-
- assert (len != NULL);
- assert (msg != NULL);
- assert (msg->input != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "au"));
-
- /* A single byte which determines whether valid or not */
- if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid))
- return PARSE_ERROR;
-
- /* Get the number of items. */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &num))
- return PARSE_ERROR;
-
- *len = num;
-
- /* If not valid, then just the length is encoded, this can signify CKR_BUFFER_TOO_SMALL */
- if (!valid) {
- if (arr)
- return CKR_BUFFER_TOO_SMALL;
- else
- return CKR_OK;
- }
-
- if (max < num)
- return CKR_BUFFER_TOO_SMALL;
-
- /* We need to go ahead and read everything in all cases */
- for (i = 0; i < num; ++i) {
- p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &val);
- if (arr)
- arr[i] = (CK_ULONG)val;
- }
-
- return p11_buffer_failed (msg->input) ? PARSE_ERROR : CKR_OK;
-}
-
-/* Used to override the supported mechanisms in tests */
-CK_MECHANISM_TYPE *p11_rpc_mechanisms_override_supported = NULL;
-
-static bool
-mechanism_has_sane_parameters (CK_MECHANISM_TYPE type)
-{
- int i;
-
- /* This can be set from tests, to override default set of supported */
- if (p11_rpc_mechanisms_override_supported) {
- for (i = 0; p11_rpc_mechanisms_override_supported[i] != 0; i++) {
- if (p11_rpc_mechanisms_override_supported[i] == type)
- return true;
- }
-
- return false;
- }
-
- /* This list is incomplete */
- switch (type) {
- case CKM_RSA_PKCS_OAEP:
- case CKM_RSA_PKCS_PSS:
- return true;
- default:
- return false;
- }
-}
-
-static bool
-mechanism_has_no_parameters (CK_MECHANISM_TYPE mech)
-{
- /* This list is incomplete */
-
- switch (mech) {
- case CKM_RSA_PKCS_KEY_PAIR_GEN:
- case CKM_RSA_X9_31_KEY_PAIR_GEN:
- case CKM_RSA_PKCS:
- case CKM_RSA_9796:
- case CKM_RSA_X_509:
- case CKM_RSA_X9_31:
- case CKM_MD2_RSA_PKCS:
- case CKM_MD5_RSA_PKCS:
- case CKM_SHA1_RSA_PKCS:
- case CKM_SHA256_RSA_PKCS:
- case CKM_SHA384_RSA_PKCS:
- case CKM_SHA512_RSA_PKCS:
- case CKM_RIPEMD128_RSA_PKCS:
- case CKM_RIPEMD160_RSA_PKCS:
- case CKM_SHA1_RSA_X9_31:
- case CKM_DSA_KEY_PAIR_GEN:
- case CKM_DSA_PARAMETER_GEN:
- case CKM_DSA:
- case CKM_DSA_SHA1:
- case CKM_FORTEZZA_TIMESTAMP:
- case CKM_EC_KEY_PAIR_GEN:
- case CKM_ECDSA:
- case CKM_ECDSA_SHA1:
- case CKM_DH_PKCS_KEY_PAIR_GEN:
- case CKM_DH_PKCS_PARAMETER_GEN:
- case CKM_X9_42_DH_KEY_PAIR_GEN:
- case CKM_X9_42_DH_PARAMETER_GEN:
- case CKM_KEA_KEY_PAIR_GEN:
- case CKM_GENERIC_SECRET_KEY_GEN:
- case CKM_RC2_KEY_GEN:
- case CKM_RC4_KEY_GEN:
- case CKM_RC4:
- case CKM_RC5_KEY_GEN:
- case CKM_AES_KEY_GEN:
- case CKM_AES_ECB:
- case CKM_AES_MAC:
- case CKM_DES_KEY_GEN:
- case CKM_DES2_KEY_GEN:
- case CKM_DES3_KEY_GEN:
- case CKM_CDMF_KEY_GEN:
- case CKM_CAST_KEY_GEN:
- case CKM_CAST3_KEY_GEN:
- case CKM_CAST128_KEY_GEN:
- case CKM_IDEA_KEY_GEN:
- case CKM_SSL3_PRE_MASTER_KEY_GEN:
- case CKM_TLS_PRE_MASTER_KEY_GEN:
- case CKM_SKIPJACK_KEY_GEN:
- case CKM_BATON_KEY_GEN:
- case CKM_JUNIPER_KEY_GEN:
- case CKM_RC2_ECB:
- case CKM_DES_ECB:
- case CKM_DES3_ECB:
- case CKM_CDMF_ECB:
- case CKM_CAST_ECB:
- case CKM_CAST3_ECB:
- case CKM_CAST128_ECB:
- case CKM_RC5_ECB:
- case CKM_IDEA_ECB:
- case CKM_RC2_MAC:
- case CKM_DES_MAC:
- case CKM_DES3_MAC:
- case CKM_CDMF_MAC:
- case CKM_CAST_MAC:
- case CKM_CAST3_MAC:
- case CKM_RC5_MAC:
- case CKM_IDEA_MAC:
- case CKM_SSL3_MD5_MAC:
- case CKM_SSL3_SHA1_MAC:
- case CKM_SKIPJACK_WRAP:
- case CKM_BATON_WRAP:
- case CKM_JUNIPER_WRAP:
- case CKM_MD2:
- case CKM_MD2_HMAC:
- case CKM_MD5:
- case CKM_MD5_HMAC:
- case CKM_SHA_1:
- case CKM_SHA_1_HMAC:
- case CKM_SHA256:
- case CKM_SHA256_HMAC:
- case CKM_SHA384:
- case CKM_SHA384_HMAC:
- case CKM_SHA512:
- case CKM_SHA512_HMAC:
- case CKM_FASTHASH:
- case CKM_RIPEMD128:
- case CKM_RIPEMD128_HMAC:
- case CKM_RIPEMD160:
- case CKM_RIPEMD160_HMAC:
- case CKM_KEY_WRAP_LYNKS:
- return true;
- default:
- return false;
- };
-}
-
-static bool
-mechanism_is_supported (CK_MECHANISM_TYPE mech)
-{
- if (mechanism_has_no_parameters (mech) ||
- mechanism_has_sane_parameters (mech))
- return true;
- return false;
-}
-static void
-mechanism_list_purge (CK_MECHANISM_TYPE_PTR mechs,
- CK_ULONG *n_mechs)
-{
- int i;
-
- assert (mechs != NULL);
- assert (n_mechs != NULL);
-
- for (i = 0; i < (int)(*n_mechs); ++i) {
- if (!mechanism_is_supported (mechs[i])) {
-
- /* Remove the mechanism from the list */
- memmove (&mechs[i], &mechs[i + 1],
- (*n_mechs - i) * sizeof (CK_MECHANISM_TYPE));
-
- --(*n_mechs);
- --i;
- }
- }
-}
-
-static CK_RV
-proto_write_mechanism (p11_rpc_message *msg,
- CK_MECHANISM_PTR mech)
-{
- assert (msg != NULL);
- assert (mech != NULL);
- assert (msg->output != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "M"));
-
- /* The mechanism type */
- p11_rpc_buffer_add_uint32 (msg->output, mech->mechanism);
-
- /*
- * PKCS#11 mechanism parameters are not easy to serialize. They're
- * completely different for so many mechanisms, they contain
- * pointers to arbitrary memory, and many callers don't initialize
- * them completely or properly.
- *
- * We only support certain mechanisms.
- *
- * Also callers do yucky things like leaving parts of the structure
- * pointing to garbage if they don't think it's going to be used.
- */
-
- if (mechanism_has_no_parameters (mech->mechanism))
- p11_rpc_buffer_add_byte_array (msg->output, NULL, 0);
- else if (mechanism_has_sane_parameters (mech->mechanism))
- p11_rpc_buffer_add_byte_array (msg->output, mech->pParameter,
- mech->ulParameterLen);
- else
- return CKR_MECHANISM_INVALID;
-
- return p11_buffer_failed (msg->output) ? CKR_HOST_MEMORY : CKR_OK;
-}
-
-static CK_RV
-proto_read_info (p11_rpc_message *msg,
- CK_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_read_version (msg, &info->cryptokiVersion) ||
- !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) ||
- !p11_rpc_message_read_ulong (msg, &info->flags) ||
- !p11_rpc_message_read_space_string (msg, info->libraryDescription, 32) ||
- !p11_rpc_message_read_version (msg, &info->libraryVersion))
- return PARSE_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_slot_info (p11_rpc_message *msg,
- CK_SLOT_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_read_space_string (msg, info->slotDescription, 64) ||
- !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) ||
- !p11_rpc_message_read_ulong (msg, &info->flags) ||
- !p11_rpc_message_read_version (msg, &info->hardwareVersion) ||
- !p11_rpc_message_read_version (msg, &info->firmwareVersion))
- return PARSE_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_token_info (p11_rpc_message *msg,
- CK_TOKEN_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_read_space_string (msg, info->label, 32) ||
- !p11_rpc_message_read_space_string (msg, info->manufacturerID, 32) ||
- !p11_rpc_message_read_space_string (msg, info->model, 16) ||
- !p11_rpc_message_read_space_string (msg, info->serialNumber, 16) ||
- !p11_rpc_message_read_ulong (msg, &info->flags) ||
- !p11_rpc_message_read_ulong (msg, &info->ulMaxSessionCount) ||
- !p11_rpc_message_read_ulong (msg, &info->ulSessionCount) ||
- !p11_rpc_message_read_ulong (msg, &info->ulMaxRwSessionCount) ||
- !p11_rpc_message_read_ulong (msg, &info->ulRwSessionCount) ||
- !p11_rpc_message_read_ulong (msg, &info->ulMaxPinLen) ||
- !p11_rpc_message_read_ulong (msg, &info->ulMinPinLen) ||
- !p11_rpc_message_read_ulong (msg, &info->ulTotalPublicMemory) ||
- !p11_rpc_message_read_ulong (msg, &info->ulFreePublicMemory) ||
- !p11_rpc_message_read_ulong (msg, &info->ulTotalPrivateMemory) ||
- !p11_rpc_message_read_ulong (msg, &info->ulFreePrivateMemory) ||
- !p11_rpc_message_read_version (msg, &info->hardwareVersion) ||
- !p11_rpc_message_read_version (msg, &info->firmwareVersion) ||
- !p11_rpc_message_read_space_string (msg, info->utcTime, 16))
- return PARSE_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_mechanism_info (p11_rpc_message *msg,
- CK_MECHANISM_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_read_ulong (msg, &info->ulMinKeySize) ||
- !p11_rpc_message_read_ulong (msg, &info->ulMaxKeySize) ||
- !p11_rpc_message_read_ulong (msg, &info->flags))
- return PARSE_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_sesssion_info (p11_rpc_message *msg,
- CK_SESSION_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_read_ulong (msg, &info->slotID) ||
- !p11_rpc_message_read_ulong (msg, &info->state) ||
- !p11_rpc_message_read_ulong (msg, &info->flags) ||
- !p11_rpc_message_read_ulong (msg, &info->ulDeviceError))
- return PARSE_ERROR;
-
- return CKR_OK;
-}
-
-/* -------------------------------------------------------------------
- * CALL MACROS
- */
-
-#define BEGIN_CALL_OR(call_id, self, if_no_daemon) \
- p11_debug (#call_id ": enter"); \
- { \
- rpc_client *_mod = ((p11_virtual *)self)->lower_module; p11_rpc_message _msg; \
- CK_RV _ret = call_prepare (_mod, &_msg, P11_RPC_CALL_##call_id); \
- if (_ret == CKR_DEVICE_REMOVED) return (if_no_daemon); \
- if (_ret != CKR_OK) return _ret;
-
-#define PROCESS_CALL \
- _ret = call_run (_mod, &_msg); \
- if (_ret != CKR_OK) goto _cleanup;
-
-#define RETURN(ret) \
- _ret = ret; \
- goto _cleanup;
-
-#define END_CALL \
- _cleanup: \
- _ret = call_done (_mod, &_msg, _ret); \
- p11_debug ("ret: %lu", _ret); \
- return _ret; \
- }
-
-#define IN_BYTE(val) \
- if (!p11_rpc_message_write_byte (&_msg, val)) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_ULONG(val) \
- if (!p11_rpc_message_write_ulong (&_msg, val)) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_STRING(val) \
- if (!p11_rpc_message_write_zero_string (&_msg, val)) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_BYTE_BUFFER(arr, len) \
- if (len == NULL) \
- { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \
- if (!p11_rpc_message_write_byte_buffer (&_msg, arr ? *len : 0)) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_BYTE_ARRAY(arr, len) \
- if (len != 0 && arr == NULL) \
- { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \
- if (!p11_rpc_message_write_byte_array (&_msg, arr, len)) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_ULONG_BUFFER(arr, len) \
- if (len == NULL) \
- { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \
- if (!p11_rpc_message_write_ulong_buffer (&_msg, arr ? *len : 0)) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_ULONG_ARRAY(arr, len) \
- if (len != 0 && arr == NULL) \
- { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; }\
- if (!p11_rpc_message_write_ulong_array (&_msg, arr, len)) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_ATTRIBUTE_BUFFER(arr, num) \
- if (num != 0 && arr == NULL) \
- { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \
- if (!p11_rpc_message_write_attribute_buffer (&_msg, (arr), (num))) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_ATTRIBUTE_ARRAY(arr, num) \
- if (num != 0 && arr == NULL) \
- { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \
- if (!p11_rpc_message_write_attribute_array (&_msg, (arr), (num))) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_MECHANISM_TYPE(val) \
- if(!mechanism_is_supported (val)) \
- { _ret = CKR_MECHANISM_INVALID; goto _cleanup; } \
- if (!p11_rpc_message_write_ulong (&_msg, val)) \
- { _ret = CKR_HOST_MEMORY; goto _cleanup; }
-
-#define IN_MECHANISM(val) \
- if (val == NULL) \
- { _ret = CKR_ARGUMENTS_BAD; goto _cleanup; } \
- _ret = proto_write_mechanism (&_msg, val); \
- if (_ret != CKR_OK) goto _cleanup;
-
-
-
-#define OUT_ULONG(val) \
- if (val == NULL) \
- _ret = CKR_ARGUMENTS_BAD; \
- if (_ret == CKR_OK && !p11_rpc_message_read_ulong (&_msg, val)) \
- _ret = PARSE_ERROR;
-
-#define OUT_BYTE_ARRAY(arr, len) \
- if (len == NULL) \
- _ret = CKR_ARGUMENTS_BAD; \
- if (_ret == CKR_OK) \
- _ret = proto_read_byte_array (&_msg, (arr), (len), *(len));
-
-#define OUT_ULONG_ARRAY(a, len) \
- if (len == NULL) \
- _ret = CKR_ARGUMENTS_BAD; \
- if (_ret == CKR_OK) \
- _ret = proto_read_ulong_array (&_msg, (a), (len), *(len));
-
-#define OUT_ATTRIBUTE_ARRAY(arr, num) \
- if (_ret == CKR_OK) \
- _ret = proto_read_attribute_array (&_msg, (arr), (num));
-
-#define OUT_INFO(info) \
- if (info == NULL) \
- _ret = CKR_ARGUMENTS_BAD; \
- if (_ret == CKR_OK) \
- _ret = proto_read_info (&_msg, info);
-
-#define OUT_SLOT_INFO(info) \
- if (info == NULL) \
- _ret = CKR_ARGUMENTS_BAD; \
- if (_ret == CKR_OK) \
- _ret = proto_read_slot_info (&_msg, info);
-
-#define OUT_TOKEN_INFO(info) \
- if (info == NULL) \
- _ret = CKR_ARGUMENTS_BAD; \
- if (_ret == CKR_OK) \
- _ret = proto_read_token_info (&_msg, info);
-
-#define OUT_SESSION_INFO(info) \
- if (info == NULL) \
- _ret = CKR_ARGUMENTS_BAD; \
- if (_ret == CKR_OK) \
- _ret = proto_read_sesssion_info (&_msg, info);
-
-#define OUT_MECHANISM_TYPE_ARRAY(arr, len) \
- if (len == NULL) \
- _ret = CKR_ARGUMENTS_BAD; \
- if (_ret == CKR_OK) \
- _ret = proto_read_ulong_array (&_msg, (arr), (len), *(len)); \
- if (_ret == CKR_OK && arr) \
- mechanism_list_purge (arr, len);
-
-#define OUT_MECHANISM_INFO(info) \
- if (info == NULL) \
- _ret = CKR_ARGUMENTS_BAD; \
- if (_ret == CKR_OK) \
- _ret = proto_read_mechanism_info (&_msg, info);
-
-
-/* -------------------------------------------------------------------
- * INITIALIZATION and 'GLOBAL' CALLS
- */
-
-static CK_RV
-rpc_C_Initialize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR init_args)
-{
- rpc_client *module = ((p11_virtual *)self)->lower_module;
- CK_C_INITIALIZE_ARGS_PTR args = NULL;
- void *reserved = NULL;
- CK_RV ret = CKR_OK;
- p11_rpc_message msg;
-
- assert (module != NULL);
- p11_debug ("C_Initialize: enter");
-
- if (init_args != NULL) {
- int supplied_ok;
-
- /*
- * pReserved is either a string or NULL. Other cases
- * should be rejected by the caller of this function.
- */
- args = init_args;
-
- /* ALL supplied function pointers need to have the value either NULL or non-NULL. */
- supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL &&
- args->LockMutex == NULL && args->UnlockMutex == NULL) ||
- (args->CreateMutex != NULL && args->DestroyMutex != NULL &&
- args->LockMutex != NULL && args->UnlockMutex != NULL);
- if (!supplied_ok) {
- p11_message ("invalid set of mutex calls supplied");
- return CKR_ARGUMENTS_BAD;
- }
-
- /*
- * When the CKF_OS_LOCKING_OK flag isn't set return an error.
- * We must be able to use our mutex functionality.
- */
- if (!(args->flags & CKF_OS_LOCKING_OK)) {
- p11_message ("can't do without os locking");
- return CKR_CANT_LOCK;
- }
-
- if (args->pReserved)
- reserved = args->pReserved;
- }
-
- p11_mutex_lock (&module->mutex);
-
- if (module->initialized_forkid != 0) {
- /* This process has called C_Initialize already */
- if (p11_forkid == module->initialized_forkid) {
- p11_message ("C_Initialize called twice for same process");
- ret = CKR_CRYPTOKI_ALREADY_INITIALIZED;
- goto done;
- }
- }
-
- /* Call out to initialize client callback */
- assert (module->vtable->connect != NULL);
- ret = (module->vtable->connect) (module->vtable, reserved);
-
- /* Successfully initialized */
- if (ret == CKR_OK) {
- module->initialized_forkid = p11_forkid;
- module->initialize_done = true;
-
- /* Server doesn't exist, initialize but don't call */
- } else if (ret == CKR_DEVICE_REMOVED) {
- module->initialized_forkid = p11_forkid;
- module->initialize_done = false;
- ret = CKR_OK;
- goto done;
-
- } else {
- goto done;
- }
-
- /* If we don't have read and write fds now, then initialize other side */
- ret = call_prepare (module, &msg, P11_RPC_CALL_C_Initialize);
- if (ret == CKR_OK)
- if (!p11_rpc_message_write_byte_array (&msg, P11_RPC_HANDSHAKE, P11_RPC_HANDSHAKE_LEN))
- ret = CKR_HOST_MEMORY;
- if (ret == CKR_OK) {
- if (!p11_rpc_message_write_byte (&msg, reserved != NULL))
- ret = CKR_HOST_MEMORY;
- }
- if (ret == CKR_OK) {
- char *reserved_string = "";
- if (reserved != NULL)
- reserved_string = (char *) reserved;
- if (!p11_rpc_message_write_byte_array (&msg, (CK_BYTE_PTR) reserved_string, strlen (reserved_string) + 1))
- ret = CKR_HOST_MEMORY;
- }
- if (ret == CKR_OK)
- ret = call_run (module, &msg);
- call_done (module, &msg, ret);
-
-done:
- /* If failed then unmark initialized */
- if (ret != CKR_OK && ret != CKR_CRYPTOKI_ALREADY_INITIALIZED)
- module->initialized_forkid = 0;
-
- /* If we told our caller that we're initialized, but not really, then finalize */
- if (ret != CKR_OK && module->initialize_done) {
- module->initialize_done = false;
- assert (module->vtable->disconnect != NULL);
- (module->vtable->disconnect) (module->vtable, reserved);
- }
-
- p11_mutex_unlock (&module->mutex);
-
- p11_debug ("C_Initialize: %lu", ret);
- return ret;
-}
-
-static CK_RV
-rpc_C_Finalize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR reserved)
-{
- rpc_client *module = ((p11_virtual *)self)->lower_module;
- CK_RV ret = CKR_OK;
- p11_rpc_message msg;
-
- p11_debug ("C_Finalize: enter");
- return_val_if_fail (module->initialized_forkid == p11_forkid, CKR_CRYPTOKI_NOT_INITIALIZED);
- return_val_if_fail (!reserved, CKR_ARGUMENTS_BAD);
-
- p11_mutex_lock (&module->mutex);
-
- if (module->initialize_done) {
- ret = call_prepare (module, &msg, P11_RPC_CALL_C_Finalize);
- if (ret == CKR_OK)
- ret = call_run (module, &msg);
- call_done (module, &msg, ret);
- if (ret != CKR_OK)
- p11_message ("finalizing rpc module returned an error: %lu", ret);
-
- module->initialize_done = false;
- assert (module->vtable->disconnect != NULL);
- (module->vtable->disconnect) (module->vtable, reserved);
- }
-
- module->initialized_forkid = 0;
-
- p11_mutex_unlock (&module->mutex);
-
- p11_debug ("C_Finalize: %lu", CKR_OK);
- return CKR_OK;
-}
-
-static CK_RV
-fill_stand_in_info (CK_INFO_PTR info)
-{
- static CK_INFO stand_in_info = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
- "p11-kit ",
- 0,
- "p11-kit (no connection) ",
- { 1, 1 },
- };
- memcpy (info, &stand_in_info, sizeof (CK_INFO));
- return CKR_OK;
-
-}
-
-static CK_RV
-rpc_C_GetInfo (CK_X_FUNCTION_LIST *self,
- CK_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_GetInfo, self, fill_stand_in_info (info));
- PROCESS_CALL;
- OUT_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetSlotList (CK_X_FUNCTION_LIST *self,
- CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_GetSlotList, self, (*count = 0, CKR_OK));
- IN_BYTE (token_present);
- IN_ULONG_BUFFER (slot_list, count);
- PROCESS_CALL;
- OUT_ULONG_ARRAY (slot_list, count);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_SLOT_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_GetSlotInfo, self, CKR_SLOT_ID_INVALID);
- IN_ULONG (slot_id);
- PROCESS_CALL;
- OUT_SLOT_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_GetTokenInfo, self, CKR_SLOT_ID_INVALID);
- IN_ULONG (slot_id);
- PROCESS_CALL;
- OUT_TOKEN_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count)
-{
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_GetMechanismList, self, CKR_SLOT_ID_INVALID);
- IN_ULONG (slot_id);
- IN_ULONG_BUFFER (mechanism_list, count);
- PROCESS_CALL;
- OUT_MECHANISM_TYPE_ARRAY (mechanism_list, count);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_GetMechanismInfo, self, CKR_SLOT_ID_INVALID);
- IN_ULONG (slot_id);
- IN_MECHANISM_TYPE (type);
- PROCESS_CALL;
- OUT_MECHANISM_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_InitToken (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_UTF8CHAR_PTR pin, CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label)
-{
- BEGIN_CALL_OR (C_InitToken, self, CKR_SLOT_ID_INVALID);
- IN_ULONG (slot_id);
- IN_BYTE_ARRAY (pin, pin_len);
- IN_STRING (label);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved)
-{
- return_val_if_fail (slot, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_WaitForSlotEvent, self, CKR_DEVICE_REMOVED);
- IN_ULONG (flags);
- PROCESS_CALL;
- OUT_ULONG (slot);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_OpenSession (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR session)
-{
- return_val_if_fail (session, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_OpenSession, self, CKR_SLOT_ID_INVALID);
- IN_ULONG (slot_id);
- IN_ULONG (flags);
- PROCESS_CALL;
- OUT_ULONG (session);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_CloseSession (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- BEGIN_CALL_OR (C_CloseSession, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id)
-{
- BEGIN_CALL_OR (C_CloseAllSessions, self, CKR_SLOT_ID_INVALID);
- IN_ULONG (slot_id);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_SESSION_INFO_PTR info)
-{
- return_val_if_fail (info, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_GetSessionInfo, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- PROCESS_CALL;
- OUT_SESSION_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_InitPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- BEGIN_CALL_OR (C_InitPIN, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (pin, pin_len);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SetPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len)
-{
- BEGIN_CALL_OR (C_SetPIN, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (old_pin, old_pin_len);
- IN_BYTE_ARRAY (new_pin, new_pin_len);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len)
-{
- return_val_if_fail (operation_state_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_GetOperationState, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_BUFFER (operation_state, operation_state_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (operation_state, operation_state_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key)
-{
- BEGIN_CALL_OR (C_SetOperationState, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (operation_state, operation_state_len);
- IN_ULONG (encryption_key);
- IN_ULONG (authentication_key);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Login (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- BEGIN_CALL_OR (C_Login, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ULONG (user_type);
- IN_BYTE_ARRAY (pin, pin_len);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Logout (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- BEGIN_CALL_OR (C_Logout, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_CreateObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- return_val_if_fail (new_object, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_CreateObject, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL;
- OUT_ULONG (new_object);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_CopyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- return_val_if_fail (new_object, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_CopyObject, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ULONG (object);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL;
- OUT_ULONG (new_object);
- END_CALL;
-}
-
-
-static CK_RV
-rpc_C_DestroyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object)
-{
- BEGIN_CALL_OR (C_DestroyObject, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ULONG (object);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size)
-{
- return_val_if_fail (size, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_GetObjectSize, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ULONG (object);
- PROCESS_CALL;
- OUT_ULONG (size);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- BEGIN_CALL_OR (C_GetAttributeValue, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ULONG (object);
- IN_ATTRIBUTE_BUFFER (template, count);
- PROCESS_CALL;
- OUT_ATTRIBUTE_ARRAY (template, count);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- BEGIN_CALL_OR (C_SetAttributeValue, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ULONG (object);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- BEGIN_CALL_OR (C_FindObjectsInit, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_FindObjects (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count)
-{
- /* HACK: To fix a stupid gcc warning */
- CK_ULONG_PTR address_of_max_count = &max_count;
-
- return_val_if_fail (count, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_FindObjects, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ULONG_BUFFER (objects, address_of_max_count);
- PROCESS_CALL;
- *count = max_count;
- OUT_ULONG_ARRAY (objects, count);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- BEGIN_CALL_OR (C_FindObjectsFinal, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_EncryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- BEGIN_CALL_OR (C_EncryptInit, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Encrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len)
-{
- return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_Encrypt, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_BUFFER (encrypted_data, encrypted_data_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (encrypted_data, encrypted_data_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_EncryptUpdate, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- IN_BYTE_BUFFER (encrypted_part, encrypted_part_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_EncryptFinal, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_BUFFER (last_part, last_part_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (last_part, last_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- BEGIN_CALL_OR (C_DecryptInit, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Decrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_data,
- CK_ULONG enc_data_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return_val_if_fail (data_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_Decrypt, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (enc_data, enc_data_len);
- IN_BYTE_BUFFER (data, data_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (data, data_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_DecryptUpdate, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (enc_part, enc_part_len);
- IN_BYTE_BUFFER (part, part_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (part, part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_DecryptFinal, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_BUFFER (last_part, last_part_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (last_part, last_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism)
-{
- BEGIN_CALL_OR (C_DigestInit, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Digest (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_Digest, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_BUFFER (digest, digest_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (digest, digest_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- BEGIN_CALL_OR (C_DigestUpdate, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE key)
-{
- BEGIN_CALL_OR (C_DigestKey, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_ULONG (key);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_DigestFinal, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_BUFFER (digest, digest_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (digest, digest_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- BEGIN_CALL_OR (C_SignInit, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Sign (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_Sign, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_BUFFER (signature, signature_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (signature, signature_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_SignUpdate, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_SignFinal, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_BUFFER (signature, signature_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (signature, signature_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- BEGIN_CALL_OR (C_SignRecoverInit, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
-{
- return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_SignRecover, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_BUFFER (signature, signature_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (signature, signature_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- BEGIN_CALL_OR (C_VerifyInit, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Verify (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- BEGIN_CALL_OR (C_Verify, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_ARRAY (signature, signature_len);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- BEGIN_CALL_OR (C_VerifyUpdate, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- BEGIN_CALL_OR (C_VerifyFinal, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (signature, signature_len);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- BEGIN_CALL_OR (C_VerifyRecoverInit, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return_val_if_fail (data_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_VerifyRecover, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (signature, signature_len);
- IN_BYTE_BUFFER (data, data_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (data, data_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_DigestEncryptUpdate, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- IN_BYTE_BUFFER (enc_part, enc_part_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (enc_part, enc_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_DecryptDigestUpdate, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (enc_part, enc_part_len);
- IN_BYTE_BUFFER (part, part_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (part, part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_SignEncryptUpdate, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- IN_BYTE_BUFFER (enc_part, enc_part_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (enc_part, enc_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_fail (part_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_DecryptVerifyUpdate, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (enc_part, enc_part_len);
- IN_BYTE_BUFFER (part, part_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (part, part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- BEGIN_CALL_OR (C_GenerateKey, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL;
- OUT_ULONG (key);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR pub_template,
- CK_ULONG pub_count,
- CK_ATTRIBUTE_PTR priv_template,
- CK_ULONG priv_count,
- CK_OBJECT_HANDLE_PTR pub_key,
- CK_OBJECT_HANDLE_PTR priv_key)
-{
- BEGIN_CALL_OR (C_GenerateKeyPair, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ATTRIBUTE_ARRAY (pub_template, pub_count);
- IN_ATTRIBUTE_ARRAY (priv_template, priv_count);
- PROCESS_CALL;
- OUT_ULONG (pub_key);
- OUT_ULONG (priv_key);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_WrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len)
-{
- return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD);
-
- BEGIN_CALL_OR (C_WrapKey, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (wrapping_key);
- IN_ULONG (key);
- IN_BYTE_BUFFER (wrapped_key, wrapped_key_len);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (wrapped_key, wrapped_key_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- BEGIN_CALL_OR (C_UnwrapKey, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (unwrapping_key);
- IN_BYTE_ARRAY (wrapped_key, wrapped_key_len);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL;
- OUT_ULONG (key);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- BEGIN_CALL_OR (C_DeriveKey, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (base_key);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL;
- OUT_ULONG (key);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SeedRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len)
-{
- BEGIN_CALL_OR (C_SeedRandom, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_ARRAY (seed, seed_len);
- PROCESS_CALL;
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len)
-{
- CK_ULONG_PTR address = &random_len;
-
- BEGIN_CALL_OR (C_GenerateRandom, self, CKR_SESSION_HANDLE_INVALID);
- IN_ULONG (session);
- IN_BYTE_BUFFER (random_data, address);
- PROCESS_CALL;
- OUT_BYTE_ARRAY (random_data, address);
- END_CALL;
-}
-
-static CK_X_FUNCTION_LIST rpc_functions = {
- { -1, -1 },
- rpc_C_Initialize,
- rpc_C_Finalize,
- rpc_C_GetInfo,
- rpc_C_GetSlotList,
- rpc_C_GetSlotInfo,
- rpc_C_GetTokenInfo,
- rpc_C_GetMechanismList,
- rpc_C_GetMechanismInfo,
- rpc_C_InitToken,
- rpc_C_InitPIN,
- rpc_C_SetPIN,
- rpc_C_OpenSession,
- rpc_C_CloseSession,
- rpc_C_CloseAllSessions,
- rpc_C_GetSessionInfo,
- rpc_C_GetOperationState,
- rpc_C_SetOperationState,
- rpc_C_Login,
- rpc_C_Logout,
- rpc_C_CreateObject,
- rpc_C_CopyObject,
- rpc_C_DestroyObject,
- rpc_C_GetObjectSize,
- rpc_C_GetAttributeValue,
- rpc_C_SetAttributeValue,
- rpc_C_FindObjectsInit,
- rpc_C_FindObjects,
- rpc_C_FindObjectsFinal,
- rpc_C_EncryptInit,
- rpc_C_Encrypt,
- rpc_C_EncryptUpdate,
- rpc_C_EncryptFinal,
- rpc_C_DecryptInit,
- rpc_C_Decrypt,
- rpc_C_DecryptUpdate,
- rpc_C_DecryptFinal,
- rpc_C_DigestInit,
- rpc_C_Digest,
- rpc_C_DigestUpdate,
- rpc_C_DigestKey,
- rpc_C_DigestFinal,
- rpc_C_SignInit,
- rpc_C_Sign,
- rpc_C_SignUpdate,
- rpc_C_SignFinal,
- rpc_C_SignRecoverInit,
- rpc_C_SignRecover,
- rpc_C_VerifyInit,
- rpc_C_Verify,
- rpc_C_VerifyUpdate,
- rpc_C_VerifyFinal,
- rpc_C_VerifyRecoverInit,
- rpc_C_VerifyRecover,
- rpc_C_DigestEncryptUpdate,
- rpc_C_DecryptDigestUpdate,
- rpc_C_SignEncryptUpdate,
- rpc_C_DecryptVerifyUpdate,
- rpc_C_GenerateKey,
- rpc_C_GenerateKeyPair,
- rpc_C_WrapKey,
- rpc_C_UnwrapKey,
- rpc_C_DeriveKey,
- rpc_C_SeedRandom,
- rpc_C_GenerateRandom,
- rpc_C_WaitForSlotEvent,
-};
-
-static void
-rpc_client_free (void *data)
-{
- rpc_client *client = data;
- p11_mutex_uninit (&client->mutex);
- free (client);
-}
-
-bool
-p11_rpc_client_init (p11_virtual *virt,
- p11_rpc_client_vtable *vtable)
-{
- rpc_client *client;
-
- p11_message_clear ();
-
- return_val_if_fail (vtable != NULL, false);
- return_val_if_fail (vtable->connect != NULL, false);
- return_val_if_fail (vtable->transport != NULL, false);
- return_val_if_fail (vtable->disconnect != NULL, false);
-
- P11_RPC_CHECK_CALLS ();
-
- client = calloc (1, sizeof (rpc_client));
- return_val_if_fail (client != NULL, false);
-
- p11_mutex_init (&client->mutex);
- client->vtable = vtable;
-
- p11_virtual_init (virt, &rpc_functions, client, rpc_client_free);
- return true;
-}
diff --git a/p11-kit/rpc-message.c b/p11-kit/rpc-message.c
deleted file mode 100644
index b5ac528..0000000
--- a/p11-kit/rpc-message.c
+++ /dev/null
@@ -1,769 +0,0 @@
-/*
- * Copyright (C) 2008 Stefan Walter
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-
-#include "debug.h"
-#include "library.h"
-#include "message.h"
-#include "private.h"
-#include "rpc-message.h"
-
-#include <assert.h>
-#include <string.h>
-
-void
-p11_rpc_message_init (p11_rpc_message *msg,
- p11_buffer *input,
- p11_buffer *output)
-{
- assert (input != NULL);
- assert (output != NULL);
- assert (output->ffree != NULL);
- assert (output->frealloc != NULL);
-
- memset (msg, 0, sizeof (*msg));
-
- msg->output = output;
- msg->input = input;
-}
-
-void
-p11_rpc_message_clear (p11_rpc_message *msg)
-{
- void *allocated;
- void **data;
-
- assert (msg != NULL);
-
- /* Free up the extra allocated memory */
- allocated = msg->extra;
- while (allocated != NULL) {
- data = (void **)allocated;
-
- /* Pointer to the next allocation */
- allocated = *data;
- assert (msg->output->ffree);
- (msg->output->ffree) (data);
- }
-
- msg->output = NULL;
- msg->input = NULL;
- msg->extra = NULL;
-}
-
-void *
-p11_rpc_message_alloc_extra (p11_rpc_message *msg,
- size_t length)
-{
- void **data;
-
- assert (msg != NULL);
-
- if (length > 0x7fffffff)
- return NULL;
-
- assert (msg->output->frealloc != NULL);
- data = (msg->output->frealloc) (NULL, sizeof (void *) + length);
- if (data == NULL)
- return NULL;
-
- /* Munch up the memory to help catch bugs */
- memset (data, 0xff, sizeof (void *) + length);
-
- /* Store pointer to next allocated block at beginning */
- *data = msg->extra;
- msg->extra = data;
-
- /* Data starts after first pointer */
- return (void *)(data + 1);
-}
-
-bool
-p11_rpc_message_prep (p11_rpc_message *msg,
- int call_id,
- p11_rpc_message_type type)
-{
- int len;
-
- assert (type != 0);
- assert (call_id >= P11_RPC_CALL_ERROR);
- assert (call_id < P11_RPC_CALL_MAX);
-
- p11_buffer_reset (msg->output, 0);
- msg->signature = NULL;
-
- /* The call id and signature */
- if (type == P11_RPC_REQUEST)
- msg->signature = p11_rpc_calls[call_id].request;
- else if (type == P11_RPC_RESPONSE)
- msg->signature = p11_rpc_calls[call_id].response;
- else
- assert_not_reached ();
- assert (msg->signature != NULL);
- msg->sigverify = msg->signature;
-
- msg->call_id = call_id;
- msg->call_type = type;
-
- /* Encode the two of them */
- p11_rpc_buffer_add_uint32 (msg->output, call_id);
- if (msg->signature) {
- len = strlen (msg->signature);
- p11_rpc_buffer_add_byte_array (msg->output, (unsigned char*)msg->signature, len);
- }
-
- msg->parsed = 0;
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_parse (p11_rpc_message *msg,
- p11_rpc_message_type type)
-{
- const unsigned char *val;
- size_t len;
- uint32_t call_id;
-
- assert (msg != NULL);
- assert (msg->input != NULL);
-
- msg->parsed = 0;
-
- /* Pull out the call identifier */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &call_id)) {
- p11_message ("invalid message: couldn't read call identifier");
- return false;
- }
-
- msg->signature = msg->sigverify = NULL;
-
- /* The call id and signature */
- if (call_id >= P11_RPC_CALL_MAX) {
- p11_message ("invalid message: bad call id: %d", call_id);
- return false;
- }
- if (type == P11_RPC_REQUEST)
- msg->signature = p11_rpc_calls[call_id].request;
- else if (type == P11_RPC_RESPONSE)
- msg->signature = p11_rpc_calls[call_id].response;
- else
- assert_not_reached ();
- assert (msg->signature != NULL);
- msg->call_id = call_id;
- msg->call_type = type;
- msg->sigverify = msg->signature;
-
- /* Verify the incoming signature */
- if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &val, &len)) {
- p11_message ("invalid message: couldn't read signature");
- return false;
- }
-
- if ((strlen (msg->signature) != len) || (memcmp (val, msg->signature, len) != 0)) {
- p11_message ("invalid message: signature doesn't match");
- return false;
- }
-
- return true;
-}
-
-bool
-p11_rpc_message_verify_part (p11_rpc_message *msg,
- const char* part)
-{
- int len;
- bool ok;
-
- if (!msg->sigverify)
- return true;
-
- len = strlen (part);
- ok = (strncmp (msg->sigverify, part, len) == 0);
- if (ok)
- msg->sigverify += len;
- return ok;
-}
-
-bool
-p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg,
- CK_ATTRIBUTE_PTR arr,
- CK_ULONG num)
-{
- CK_ATTRIBUTE_PTR attr;
- CK_ULONG i;
-
- assert (num == 0 || arr != NULL);
- assert (msg != NULL);
- assert (msg->output != NULL);
-
- /* Make sure this is in the rigth order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA"));
-
- /* Write the number of items */
- p11_rpc_buffer_add_uint32 (msg->output, num);
-
- for (i = 0; i < num; ++i) {
- attr = &(arr[i]);
-
- /* The attribute type */
- p11_rpc_buffer_add_uint32 (msg->output, attr->type);
-
- /* And the attribute buffer length */
- p11_rpc_buffer_add_uint32 (msg->output, attr->pValue ? attr->ulValueLen : 0);
- }
-
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_write_attribute_array (p11_rpc_message *msg,
- CK_ATTRIBUTE_PTR arr,
- CK_ULONG num)
-{
- CK_ULONG i;
- CK_ATTRIBUTE_PTR attr;
- unsigned char validity;
-
- assert (num == 0 || arr != NULL);
- assert (msg != NULL);
- assert (msg->output != NULL);
-
- /* Make sure this is in the rigth order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA"));
-
- /* Write the number of items */
- p11_rpc_buffer_add_uint32 (msg->output, num);
-
- for (i = 0; i < num; ++i) {
- attr = &(arr[i]);
-
- /* The attribute type */
- p11_rpc_buffer_add_uint32 (msg->output, attr->type);
-
- /* Write out the attribute validity */
- validity = (((CK_LONG)attr->ulValueLen) == -1) ? 0 : 1;
- p11_rpc_buffer_add_byte (msg->output, validity);
-
- /* The attribute length and value */
- if (validity) {
- p11_rpc_buffer_add_uint32 (msg->output, attr->ulValueLen);
- p11_rpc_buffer_add_byte_array (msg->output, attr->pValue, attr->ulValueLen);
- }
- }
-
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_read_byte (p11_rpc_message *msg,
- CK_BYTE *val)
-{
- assert (msg != NULL);
- assert (msg->input != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "y"));
- return p11_rpc_buffer_get_byte (msg->input, &msg->parsed, val);
-}
-
-bool
-p11_rpc_message_write_byte (p11_rpc_message *msg,
- CK_BYTE val)
-{
- assert (msg != NULL);
- assert (msg->output != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "y"));
- p11_rpc_buffer_add_byte (msg->output, val);
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_read_ulong (p11_rpc_message *msg,
- CK_ULONG *val)
-{
- uint64_t v;
-
- assert (msg != NULL);
- assert (msg->input != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "u"));
-
- if (!p11_rpc_buffer_get_uint64 (msg->input, &msg->parsed, &v))
- return false;
- if (val)
- *val = (CK_ULONG)v;
- return true;
-}
-
-bool
-p11_rpc_message_write_ulong (p11_rpc_message *msg,
- CK_ULONG val)
-{
- assert (msg != NULL);
- assert (msg->output != NULL);
-
- /* Make sure this is in the rigth order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "u"));
- p11_rpc_buffer_add_uint64 (msg->output, val);
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_write_byte_buffer (p11_rpc_message *msg,
- CK_ULONG count)
-{
- assert (msg != NULL);
- assert (msg->output != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "fy"));
- p11_rpc_buffer_add_uint32 (msg->output, count);
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_write_byte_array (p11_rpc_message *msg,
- CK_BYTE_PTR arr,
- CK_ULONG num)
-{
- assert (msg != NULL);
- assert (msg->output != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay"));
-
- /* No array, no data, just length */
- if (!arr) {
- p11_rpc_buffer_add_byte (msg->output, 0);
- p11_rpc_buffer_add_uint32 (msg->output, num);
- } else {
- p11_rpc_buffer_add_byte (msg->output, 1);
- p11_rpc_buffer_add_byte_array (msg->output, arr, num);
- }
-
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_write_ulong_buffer (p11_rpc_message *msg,
- CK_ULONG count)
-{
- assert (msg != NULL);
- assert (msg->output != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "fu"));
- p11_rpc_buffer_add_uint32 (msg->output, count);
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_write_ulong_array (p11_rpc_message *msg,
- CK_ULONG_PTR array,
- CK_ULONG n_array)
-{
- CK_ULONG i;
-
- assert (msg != NULL);
- assert (msg->output != NULL);
-
- /* Check that we're supposed to have this at this point */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "au"));
-
- /* We send a byte which determines whether there's actual data present or not */
- p11_rpc_buffer_add_byte (msg->output, array ? 1 : 0);
- p11_rpc_buffer_add_uint32 (msg->output, n_array);
-
- /* Now send the data if valid */
- if (array) {
- for (i = 0; i < n_array; ++i)
- p11_rpc_buffer_add_uint64 (msg->output, array[i]);
- }
-
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_read_version (p11_rpc_message *msg,
- CK_VERSION *version)
-{
- assert (msg != NULL);
- assert (msg->input != NULL);
- assert (version != NULL);
-
- /* Check that we're supposed to have this at this point */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "v"));
-
- return p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &version->major) &&
- p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &version->minor);
-}
-
-bool
-p11_rpc_message_write_version (p11_rpc_message *msg,
- CK_VERSION *version)
-{
- assert (msg != NULL);
- assert (msg->output != NULL);
- assert (version != NULL);
-
- /* Check that we're supposed to have this at this point */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "v"));
-
- p11_rpc_buffer_add_byte (msg->output, version->major);
- p11_rpc_buffer_add_byte (msg->output, version->minor);
-
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_read_space_string (p11_rpc_message *msg,
- CK_UTF8CHAR *buffer,
- CK_ULONG length)
-{
- const unsigned char *data;
- size_t n_data;
-
- assert (msg != NULL);
- assert (msg->input != NULL);
- assert (buffer != NULL);
- assert (length != 0);
-
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "s"));
-
- if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data))
- return false;
-
- if (n_data != length) {
- p11_message ("invalid length space padded string received: %d != %d",
- (int)length, (int)n_data);
- return false;
- }
-
- memcpy (buffer, data, length);
- return true;
-}
-
-bool
-p11_rpc_message_write_space_string (p11_rpc_message *msg,
- CK_UTF8CHAR *data,
- CK_ULONG length)
-{
- assert (msg != NULL);
- assert (msg->output != NULL);
- assert (data != NULL);
- assert (length != 0);
-
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "s"));
-
- p11_rpc_buffer_add_byte_array (msg->output, data, length);
- return !p11_buffer_failed (msg->output);
-}
-
-bool
-p11_rpc_message_write_zero_string (p11_rpc_message *msg,
- CK_UTF8CHAR *string)
-{
- assert (msg != NULL);
- assert (msg->output != NULL);
- assert (string != NULL);
-
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "z"));
-
- p11_rpc_buffer_add_byte_array (msg->output, string,
- string ? strlen ((char *)string) : 0);
- return !p11_buffer_failed (msg->output);
-}
-
-static void *
-log_allocator (void *pointer,
- size_t size)
-{
- void *result = realloc (pointer, (size_t)size);
- return_val_if_fail (!size || result != NULL, NULL);
- return result;
-}
-
-p11_buffer *
-p11_rpc_buffer_new (size_t reserve)
-{
- return p11_rpc_buffer_new_full (reserve, log_allocator, free);
-}
-
-p11_buffer *
-p11_rpc_buffer_new_full (size_t reserve,
- void * (* frealloc) (void *data, size_t size),
- void (* ffree) (void *data))
-{
- p11_buffer *buffer;
-
- buffer = calloc (1, sizeof (p11_buffer));
- return_val_if_fail (buffer != NULL, NULL);
-
- p11_buffer_init_full (buffer, NULL, 0, 0, frealloc, ffree);
- if (!p11_buffer_reset (buffer, reserve))
- return_val_if_reached (NULL);
-
- return buffer;
-}
-
-void
-p11_rpc_buffer_free (p11_buffer *buf)
-{
- if (buf == NULL)
- return;
-
- p11_buffer_uninit (buf);
- free (buf);
-}
-
-void
-p11_rpc_buffer_add_byte (p11_buffer *buf,
- unsigned char value)
-{
- p11_buffer_add (buf, &value, 1);
-}
-
-int
-p11_rpc_buffer_get_byte (p11_buffer *buf,
- size_t *offset,
- unsigned char *val)
-{
- unsigned char *ptr;
- if (buf->len < 1 || *offset > buf->len - 1) {
- p11_buffer_fail (buf);
- return 0;
- }
- ptr = (unsigned char *)buf->data + *offset;
- if (val != NULL)
- *val = *ptr;
- *offset = *offset + 1;
- return 1;
-}
-
-void
-p11_rpc_buffer_encode_uint16 (unsigned char* data,
- uint16_t value)
-{
- data[0] = (value >> 8) & 0xff;
- data[1] = (value >> 0) & 0xff;
-}
-
-uint16_t
-p11_rpc_buffer_decode_uint16 (unsigned char* data)
-{
- uint16_t value = data[0] << 8 | data[1];
- return value;
-}
-
-void
-p11_rpc_buffer_add_uint16 (p11_buffer *buffer,
- uint16_t value)
-{
- size_t offset = buffer->len;
- if (!p11_buffer_append (buffer, 2))
- return_if_reached ();
- p11_rpc_buffer_set_uint16 (buffer, offset, value);
-}
-
-bool
-p11_rpc_buffer_set_uint16 (p11_buffer *buffer,
- size_t offset,
- uint16_t value)
-{
- unsigned char *ptr;
- if (buffer->len < 2 || offset > buffer->len - 2) {
- p11_buffer_fail (buffer);
- return false;
- }
- ptr = (unsigned char *)buffer->data + offset;
- p11_rpc_buffer_encode_uint16 (ptr, value);
- return true;
-}
-
-bool
-p11_rpc_buffer_get_uint16 (p11_buffer *buf,
- size_t *offset,
- uint16_t *value)
-{
- unsigned char *ptr;
- if (buf->len < 2 || *offset > buf->len - 2) {
- p11_buffer_fail (buf);
- return false;
- }
- ptr = (unsigned char*)buf->data + *offset;
- if (value != NULL)
- *value = p11_rpc_buffer_decode_uint16 (ptr);
- *offset = *offset + 2;
- return true;
-}
-
-void
-p11_rpc_buffer_encode_uint32 (unsigned char* data,
- uint32_t value)
-{
- data[0] = (value >> 24) & 0xff;
- data[1] = (value >> 16) & 0xff;
- data[2] = (value >> 8) & 0xff;
- data[3] = (value >> 0) & 0xff;
-}
-
-uint32_t
-p11_rpc_buffer_decode_uint32 (unsigned char* ptr)
-{
- uint32_t val = ptr[0] << 24 | ptr[1] << 16 | ptr[2] << 8 | ptr[3];
- return val;
-}
-
-void
-p11_rpc_buffer_add_uint32 (p11_buffer *buffer,
- uint32_t value)
-{
- size_t offset = buffer->len;
- if (!p11_buffer_append (buffer, 4))
- return_val_if_reached ();
- p11_rpc_buffer_set_uint32 (buffer, offset, value);
-}
-
-bool
-p11_rpc_buffer_set_uint32 (p11_buffer *buffer,
- size_t offset,
- uint32_t value)
-{
- unsigned char *ptr;
- if (buffer->len < 4 || offset > buffer->len - 4) {
- p11_buffer_fail (buffer);
- return false;
- }
- ptr = (unsigned char*)buffer->data + offset;
- p11_rpc_buffer_encode_uint32 (ptr, value);
- return true;
-}
-
-bool
-p11_rpc_buffer_get_uint32 (p11_buffer *buf,
- size_t *offset,
- uint32_t *value)
-{
- unsigned char *ptr;
- if (buf->len < 4 || *offset > buf->len - 4) {
- p11_buffer_fail (buf);
- return false;
- }
- ptr = (unsigned char*)buf->data + *offset;
- if (value != NULL)
- *value = p11_rpc_buffer_decode_uint32 (ptr);
- *offset = *offset + 4;
- return true;
-}
-
-void
-p11_rpc_buffer_add_uint64 (p11_buffer *buffer,
- uint64_t value)
-{
- p11_rpc_buffer_add_uint32 (buffer, ((value >> 32) & 0xffffffff));
- p11_rpc_buffer_add_uint32 (buffer, (value & 0xffffffff));
-}
-
-bool
-p11_rpc_buffer_get_uint64 (p11_buffer *buf,
- size_t *offset,
- uint64_t *value)
-{
- size_t off = *offset;
- uint32_t a, b;
- if (!p11_rpc_buffer_get_uint32 (buf, &off, &a) ||
- !p11_rpc_buffer_get_uint32 (buf, &off, &b))
- return false;
- if (value != NULL)
- *value = ((uint64_t)a) << 32 | b;
- *offset = off;
- return true;
-}
-
-void
-p11_rpc_buffer_add_byte_array (p11_buffer *buffer,
- const unsigned char *data,
- size_t length)
-{
- if (data == NULL) {
- p11_rpc_buffer_add_uint32 (buffer, 0xffffffff);
- return;
- } else if (length >= 0x7fffffff) {
- p11_buffer_fail (buffer);
- return;
- }
- p11_rpc_buffer_add_uint32 (buffer, length);
- p11_buffer_add (buffer, data, length);
-}
-
-bool
-p11_rpc_buffer_get_byte_array (p11_buffer *buf,
- size_t *offset,
- const unsigned char **data,
- size_t *length)
-{
- size_t off = *offset;
- uint32_t len;
- if (!p11_rpc_buffer_get_uint32 (buf, &off, &len))
- return false;
- if (len == 0xffffffff) {
- *offset = off;
- if (data)
- *data = NULL;
- if (length)
- *length = 0;
- return true;
- } else if (len >= 0x7fffffff) {
- p11_buffer_fail (buf);
- return false;
- }
-
- if (buf->len < len || *offset > buf->len - len) {
- p11_buffer_fail (buf);
- return false;
- }
-
- if (data)
- *data = (unsigned char *)buf->data + off;
- if (length)
- *length = len;
- *offset = off + len;
-
- return true;
-}
diff --git a/p11-kit/rpc-message.h b/p11-kit/rpc-message.h
deleted file mode 100644
index 9827097..0000000
--- a/p11-kit/rpc-message.h
+++ /dev/null
@@ -1,370 +0,0 @@
-/*
- * Copyright (C) 2008 Stefan Walter
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#ifndef _RPC_MESSAGE_H
-#define _RPC_MESSAGE_H
-
-#include <stdlib.h>
-#include <stdarg.h>
-#include <stdint.h>
-
-#include "buffer.h"
-#include "pkcs11.h"
-
-/* The calls, must be in sync with array below */
-enum {
- P11_RPC_CALL_ERROR = 0,
-
- P11_RPC_CALL_C_Initialize,
- P11_RPC_CALL_C_Finalize,
- P11_RPC_CALL_C_GetInfo,
- P11_RPC_CALL_C_GetSlotList,
- P11_RPC_CALL_C_GetSlotInfo,
- P11_RPC_CALL_C_GetTokenInfo,
- P11_RPC_CALL_C_GetMechanismList,
- P11_RPC_CALL_C_GetMechanismInfo,
- P11_RPC_CALL_C_InitToken,
- P11_RPC_CALL_C_OpenSession,
- P11_RPC_CALL_C_CloseSession,
- P11_RPC_CALL_C_CloseAllSessions,
- P11_RPC_CALL_C_GetSessionInfo,
- P11_RPC_CALL_C_InitPIN,
- P11_RPC_CALL_C_SetPIN,
- P11_RPC_CALL_C_GetOperationState,
- P11_RPC_CALL_C_SetOperationState,
- P11_RPC_CALL_C_Login,
- P11_RPC_CALL_C_Logout,
- P11_RPC_CALL_C_CreateObject,
- P11_RPC_CALL_C_CopyObject,
- P11_RPC_CALL_C_DestroyObject,
- P11_RPC_CALL_C_GetObjectSize,
- P11_RPC_CALL_C_GetAttributeValue,
- P11_RPC_CALL_C_SetAttributeValue,
- P11_RPC_CALL_C_FindObjectsInit,
- P11_RPC_CALL_C_FindObjects,
- P11_RPC_CALL_C_FindObjectsFinal,
- P11_RPC_CALL_C_EncryptInit,
- P11_RPC_CALL_C_Encrypt,
- P11_RPC_CALL_C_EncryptUpdate,
- P11_RPC_CALL_C_EncryptFinal,
- P11_RPC_CALL_C_DecryptInit,
- P11_RPC_CALL_C_Decrypt,
- P11_RPC_CALL_C_DecryptUpdate,
- P11_RPC_CALL_C_DecryptFinal,
- P11_RPC_CALL_C_DigestInit,
- P11_RPC_CALL_C_Digest,
- P11_RPC_CALL_C_DigestUpdate,
- P11_RPC_CALL_C_DigestKey,
- P11_RPC_CALL_C_DigestFinal,
- P11_RPC_CALL_C_SignInit,
- P11_RPC_CALL_C_Sign,
- P11_RPC_CALL_C_SignUpdate,
- P11_RPC_CALL_C_SignFinal,
- P11_RPC_CALL_C_SignRecoverInit,
- P11_RPC_CALL_C_SignRecover,
- P11_RPC_CALL_C_VerifyInit,
- P11_RPC_CALL_C_Verify,
- P11_RPC_CALL_C_VerifyUpdate,
- P11_RPC_CALL_C_VerifyFinal,
- P11_RPC_CALL_C_VerifyRecoverInit,
- P11_RPC_CALL_C_VerifyRecover,
- P11_RPC_CALL_C_DigestEncryptUpdate,
- P11_RPC_CALL_C_DecryptDigestUpdate,
- P11_RPC_CALL_C_SignEncryptUpdate,
- P11_RPC_CALL_C_DecryptVerifyUpdate,
- P11_RPC_CALL_C_GenerateKey,
- P11_RPC_CALL_C_GenerateKeyPair,
- P11_RPC_CALL_C_WrapKey,
- P11_RPC_CALL_C_UnwrapKey,
- P11_RPC_CALL_C_DeriveKey,
- P11_RPC_CALL_C_SeedRandom,
- P11_RPC_CALL_C_GenerateRandom,
- P11_RPC_CALL_C_WaitForSlotEvent,
-
- P11_RPC_CALL_MAX
-};
-
-typedef struct {
- int call_id;
- const char* name;
- const char* request;
- const char* response;
-} p11_rpc_call;
-
-/*
- * a_ = prefix denotes array of _
- * A = CK_ATTRIBUTE
- * f_ = prefix denotes buffer for _
- * M = CK_MECHANISM
- * u = CK_ULONG
- * s = space padded string
- * v = CK_VERSION
- * y = CK_BYTE
- * z = null terminated string
- */
-
-static const p11_rpc_call p11_rpc_calls[] = {
- { P11_RPC_CALL_ERROR, "ERROR", NULL, "u" },
- { P11_RPC_CALL_C_Initialize, "C_Initialize", "ayyay", "" },
- { P11_RPC_CALL_C_Finalize, "C_Finalize", "", "" },
- { P11_RPC_CALL_C_GetInfo, "C_GetInfo", "", "vsusv" },
- { P11_RPC_CALL_C_GetSlotList, "C_GetSlotList", "yfu", "au" },
- { P11_RPC_CALL_C_GetSlotInfo, "C_GetSlotInfo", "u", "ssuvv" },
- { P11_RPC_CALL_C_GetTokenInfo, "C_GetTokenInfo", "u", "ssssuuuuuuuuuuuvvs" },
- { P11_RPC_CALL_C_GetMechanismList, "C_GetMechanismList", "ufu", "au" },
- { P11_RPC_CALL_C_GetMechanismInfo, "C_GetMechanismInfo", "uu", "uuu" },
- { P11_RPC_CALL_C_InitToken, "C_InitToken", "uayz", "" },
- { P11_RPC_CALL_C_OpenSession, "C_OpenSession", "uu", "u" },
- { P11_RPC_CALL_C_CloseSession, "C_CloseSession", "u", "" },
- { P11_RPC_CALL_C_CloseAllSessions, "C_CloseAllSessions", "u", "" },
- { P11_RPC_CALL_C_GetSessionInfo, "C_GetSessionInfo", "u", "uuuu" },
- { P11_RPC_CALL_C_InitPIN, "C_InitPIN", "uay", "" },
- { P11_RPC_CALL_C_SetPIN, "C_SetPIN", "uayay", "" },
- { P11_RPC_CALL_C_GetOperationState, "C_GetOperationState", "ufy", "ay" },
- { P11_RPC_CALL_C_SetOperationState, "C_SetOperationState", "uayuu", "" },
- { P11_RPC_CALL_C_Login, "C_Login", "uuay", "" },
- { P11_RPC_CALL_C_Logout, "C_Logout", "u", "" },
- { P11_RPC_CALL_C_CreateObject, "C_CreateObject", "uaA", "u" },
- { P11_RPC_CALL_C_CopyObject, "C_CopyObject", "uuaA", "u" },
- { P11_RPC_CALL_C_DestroyObject, "C_DestroyObject", "uu", "" },
- { P11_RPC_CALL_C_GetObjectSize, "C_GetObjectSize", "uu", "u" },
- { P11_RPC_CALL_C_GetAttributeValue, "C_GetAttributeValue", "uufA", "aAu" },
- { P11_RPC_CALL_C_SetAttributeValue, "C_SetAttributeValue", "uuaA", "" },
- { P11_RPC_CALL_C_FindObjectsInit, "C_FindObjectsInit", "uaA", "" },
- { P11_RPC_CALL_C_FindObjects, "C_FindObjects", "ufu", "au" },
- { P11_RPC_CALL_C_FindObjectsFinal, "C_FindObjectsFinal", "u", "" },
- { P11_RPC_CALL_C_EncryptInit, "C_EncryptInit", "uMu", "" },
- { P11_RPC_CALL_C_Encrypt, "C_Encrypt", "uayfy", "ay" },
- { P11_RPC_CALL_C_EncryptUpdate, "C_EncryptUpdate", "uayfy", "ay" },
- { P11_RPC_CALL_C_EncryptFinal, "C_EncryptFinal", "ufy", "ay" },
- { P11_RPC_CALL_C_DecryptInit, "C_DecryptInit", "uMu", "" },
- { P11_RPC_CALL_C_Decrypt, "C_Decrypt", "uayfy", "ay" },
- { P11_RPC_CALL_C_DecryptUpdate, "C_DecryptUpdate", "uayfy", "ay" },
- { P11_RPC_CALL_C_DecryptFinal, "C_DecryptFinal", "ufy", "ay" },
- { P11_RPC_CALL_C_DigestInit, "C_DigestInit", "uM", "" },
- { P11_RPC_CALL_C_Digest, "C_Digest", "uayfy", "ay" },
- { P11_RPC_CALL_C_DigestUpdate, "C_DigestUpdate", "uay", "" },
- { P11_RPC_CALL_C_DigestKey, "C_DigestKey", "uu", "" },
- { P11_RPC_CALL_C_DigestFinal, "C_DigestFinal", "ufy", "ay" },
- { P11_RPC_CALL_C_SignInit, "C_SignInit", "uMu", "" },
- { P11_RPC_CALL_C_Sign, "C_Sign", "uayfy", "ay" },
- { P11_RPC_CALL_C_SignUpdate, "C_SignUpdate", "uay", "" },
- { P11_RPC_CALL_C_SignFinal, "C_SignFinal", "ufy", "ay" },
- { P11_RPC_CALL_C_SignRecoverInit, "C_SignRecoverInit", "uMu", "" },
- { P11_RPC_CALL_C_SignRecover, "C_SignRecover", "uayfy", "ay" },
- { P11_RPC_CALL_C_VerifyInit, "C_VerifyInit", "uMu", "" },
- { P11_RPC_CALL_C_Verify, "C_Verify", "uayay", "" },
- { P11_RPC_CALL_C_VerifyUpdate, "C_VerifyUpdate", "uay", "" },
- { P11_RPC_CALL_C_VerifyFinal, "C_VerifyFinal", "uay", "" },
- { P11_RPC_CALL_C_VerifyRecoverInit, "C_VerifyRecoverInit", "uMu", "" },
- { P11_RPC_CALL_C_VerifyRecover, "C_VerifyRecover", "uayfy", "ay" },
- { P11_RPC_CALL_C_DigestEncryptUpdate, "C_DigestEncryptUpdate", "uayfy", "ay" },
- { P11_RPC_CALL_C_DecryptDigestUpdate, "C_DecryptDigestUpdate", "uayfy", "ay" },
- { P11_RPC_CALL_C_SignEncryptUpdate, "C_SignEncryptUpdate", "uayfy", "ay" },
- { P11_RPC_CALL_C_DecryptVerifyUpdate, "C_DecryptVerifyUpdate", "uayfy", "ay" },
- { P11_RPC_CALL_C_GenerateKey, "C_GenerateKey", "uMaA", "u" },
- { P11_RPC_CALL_C_GenerateKeyPair, "C_GenerateKeyPair", "uMaAaA", "uu" },
- { P11_RPC_CALL_C_WrapKey, "C_WrapKey", "uMuufy", "ay" },
- { P11_RPC_CALL_C_UnwrapKey, "C_UnwrapKey", "uMuayaA", "u" },
- { P11_RPC_CALL_C_DeriveKey, "C_DeriveKey", "uMuaA", "u" },
- { P11_RPC_CALL_C_SeedRandom, "C_SeedRandom", "uay", "" },
- { P11_RPC_CALL_C_GenerateRandom, "C_GenerateRandom", "ufy", "ay" },
- { P11_RPC_CALL_C_WaitForSlotEvent, "C_WaitForSlotEvent", "u", "u" },
-};
-
-#ifdef _DEBUG
-#define P11_RPC_CHECK_CALLS() \
- { int i; for (i = 0; i < P11_RPC_CALL_MAX; ++i) assert (p11_rpc_calls[i].call_id == i); }
-#else
-#define P11_RPC_CHECK_CALLS()
-#endif
-
-#define P11_RPC_HANDSHAKE \
- ((unsigned char *)"PRIVATE-GNOME-KEYRING-PKCS11-PROTOCOL-V-1")
-#define P11_RPC_HANDSHAKE_LEN \
- (strlen ((char *)P11_RPC_HANDSHAKE))
-
-typedef enum _p11_rpc_message_type {
- P11_RPC_REQUEST = 1,
- P11_RPC_RESPONSE
-} p11_rpc_message_type;
-
-typedef struct {
- int call_id;
- p11_rpc_message_type call_type;
- const char *signature;
- p11_buffer *input;
- p11_buffer *output;
- size_t parsed;
- const char *sigverify;
- void *extra;
-} p11_rpc_message;
-
-void p11_rpc_message_init (p11_rpc_message *msg,
- p11_buffer *input,
- p11_buffer *output);
-
-void p11_rpc_message_clear (p11_rpc_message *msg);
-
-#define p11_rpc_message_is_verified(msg) (!(msg)->sigverify || (msg)->sigverify[0] == 0)
-
-void * p11_rpc_message_alloc_extra (p11_rpc_message *msg,
- size_t length);
-
-bool p11_rpc_message_prep (p11_rpc_message *msg,
- int call_id,
- p11_rpc_message_type type);
-
-bool p11_rpc_message_parse (p11_rpc_message *msg,
- p11_rpc_message_type type);
-
-bool p11_rpc_message_verify_part (p11_rpc_message *msg,
- const char* part);
-
-bool p11_rpc_message_write_byte (p11_rpc_message *msg,
- CK_BYTE val);
-
-bool p11_rpc_message_write_ulong (p11_rpc_message *msg,
- CK_ULONG val);
-
-bool p11_rpc_message_write_zero_string (p11_rpc_message *msg,
- CK_UTF8CHAR *string);
-
-bool p11_rpc_message_write_space_string (p11_rpc_message *msg,
- CK_UTF8CHAR *buffer,
- CK_ULONG length);
-
-bool p11_rpc_message_write_byte_buffer (p11_rpc_message *msg,
- CK_ULONG count);
-
-bool p11_rpc_message_write_byte_array (p11_rpc_message *msg,
- CK_BYTE_PTR arr,
- CK_ULONG num);
-
-bool p11_rpc_message_write_ulong_buffer (p11_rpc_message *msg,
- CK_ULONG count);
-
-bool p11_rpc_message_write_ulong_array (p11_rpc_message *msg,
- CK_ULONG_PTR arr,
- CK_ULONG num);
-
-bool p11_rpc_message_write_attribute_buffer (p11_rpc_message *msg,
- CK_ATTRIBUTE_PTR arr,
- CK_ULONG num);
-
-bool p11_rpc_message_write_attribute_array (p11_rpc_message *msg,
- CK_ATTRIBUTE_PTR arr,
- CK_ULONG num);
-
-bool p11_rpc_message_write_version (p11_rpc_message *msg,
- CK_VERSION* version);
-
-bool p11_rpc_message_read_byte (p11_rpc_message *msg,
- CK_BYTE* val);
-
-bool p11_rpc_message_read_ulong (p11_rpc_message *msg,
- CK_ULONG* val);
-
-bool p11_rpc_message_read_space_string (p11_rpc_message *msg,
- CK_UTF8CHAR* buffer,
- CK_ULONG length);
-
-bool p11_rpc_message_read_version (p11_rpc_message *msg,
- CK_VERSION* version);
-
-p11_buffer * p11_rpc_buffer_new (size_t reserve);
-
-p11_buffer * p11_rpc_buffer_new_full (size_t reserve,
- void * (* frealloc) (void *data, size_t size),
- void (* ffree) (void *data));
-
-void p11_rpc_buffer_free (p11_buffer *buf);
-
-void p11_rpc_buffer_add_byte (p11_buffer *buf,
- unsigned char value);
-
-int p11_rpc_buffer_get_byte (p11_buffer *buf,
- size_t *offset,
- unsigned char *val);
-
-void p11_rpc_buffer_encode_uint32 (unsigned char *data,
- uint32_t value);
-
-uint32_t p11_rpc_buffer_decode_uint32 (unsigned char *data);
-
-void p11_rpc_buffer_add_uint32 (p11_buffer *buffer,
- uint32_t value);
-
-bool p11_rpc_buffer_set_uint32 (p11_buffer *buffer,
- size_t offset,
- uint32_t value);
-
-bool p11_rpc_buffer_get_uint32 (p11_buffer *buf,
- size_t *offset,
- uint32_t *value);
-
-void p11_rpc_buffer_encode_uint16 (unsigned char *data,
- uint16_t value);
-
-uint16_t p11_rpc_buffer_decode_uint16 (unsigned char *data);
-
-void p11_rpc_buffer_add_uint16 (p11_buffer *buffer,
- uint16_t val);
-
-bool p11_rpc_buffer_set_uint16 (p11_buffer *buffer,
- size_t offset,
- uint16_t val);
-
-bool p11_rpc_buffer_get_uint16 (p11_buffer *buf,
- size_t *offset,
- uint16_t *val);
-
-void p11_rpc_buffer_add_byte_array (p11_buffer *buffer,
- const unsigned char *val,
- size_t len);
-
-bool p11_rpc_buffer_get_byte_array (p11_buffer *buf,
- size_t *offset,
- const unsigned char **val,
- size_t *vlen);
-
-void p11_rpc_buffer_add_uint64 (p11_buffer *buffer,
- uint64_t val);
-
-bool p11_rpc_buffer_get_uint64 (p11_buffer *buf,
- size_t *offset,
- uint64_t *val);
-
-#endif /* _RPC_MESSAGE_H */
diff --git a/p11-kit/rpc-server.c b/p11-kit/rpc-server.c
deleted file mode 100644
index 225cc86..0000000
--- a/p11-kit/rpc-server.c
+++ /dev/null
@@ -1,2017 +0,0 @@
-/*
- * Copyright (C) 2008 Stefan Walter
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_RPC
-#include "debug.h"
-#include "pkcs11.h"
-#include "library.h"
-#include "private.h"
-#include "message.h"
-#include "remote.h"
-#include "rpc.h"
-#include "rpc-message.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <assert.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-/* The error returned on protocol failures */
-#define PARSE_ERROR CKR_DEVICE_ERROR
-#define PREP_ERROR CKR_DEVICE_MEMORY
-
-static CK_RV
-proto_read_byte_buffer (p11_rpc_message *msg,
- CK_BYTE_PTR *buffer,
- CK_ULONG *n_buffer)
-{
- uint32_t length;
-
- assert (msg != NULL);
- assert (buffer != NULL);
- assert (n_buffer != NULL);
- assert (msg->input != NULL);
-
- /* Check that we're supposed to be reading this at this point */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "fy"));
-
- /* The number of ulongs there's room for on the other end */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length))
- return PARSE_ERROR;
-
- *n_buffer = length;
- *buffer = NULL;
-
- /* If set to zero, then they just want the length */
- if (length == 0)
- return CKR_OK;
-
- *buffer = p11_rpc_message_alloc_extra (msg, length * sizeof (CK_BYTE));
- if (*buffer == NULL)
- return CKR_DEVICE_MEMORY;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_byte_array (p11_rpc_message *msg,
- CK_BYTE_PTR *array,
- CK_ULONG *n_array)
-{
- const unsigned char *data;
- unsigned char valid;
- size_t n_data;
-
- assert (msg != NULL);
- assert (msg->input != NULL);
-
- /* Check that we're supposed to have this at this point */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "ay"));
-
- /* Read out the byte which says whether data is present or not */
- if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid))
- return PARSE_ERROR;
-
- if (!valid) {
- *array = NULL;
- *n_array = 0;
- return CKR_OK;
- }
-
- /* Point our arguments into the buffer */
- if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data))
- return PARSE_ERROR;
-
- *array = (CK_BYTE_PTR)data;
- *n_array = n_data;
- return CKR_OK;
-}
-
-static CK_RV
-proto_write_byte_array (p11_rpc_message *msg,
- CK_BYTE_PTR array,
- CK_ULONG len,
- CK_RV ret)
-{
- assert (msg != NULL);
-
- /*
- * When returning an byte array, in many cases we need to pass
- * an invalid array along with a length, which signifies CKR_BUFFER_TOO_SMALL.
- */
-
- switch (ret) {
- case CKR_BUFFER_TOO_SMALL:
- array = NULL;
- /* fall through */
- case CKR_OK:
- break;
-
- /* Pass all other errors straight through */
- default:
- return ret;
- };
-
- if (!p11_rpc_message_write_byte_array (msg, array, len))
- return PREP_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_ulong_buffer (p11_rpc_message *msg,
- CK_ULONG_PTR *buffer,
- CK_ULONG *n_buffer)
-{
- uint32_t length;
-
- assert (msg != NULL);
- assert (buffer != NULL);
- assert (n_buffer != NULL);
- assert (msg->input != NULL);
-
- /* Check that we're supposed to be reading this at this point */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "fu"));
-
- /* The number of ulongs there's room for on the other end */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &length))
- return PARSE_ERROR;
-
- *n_buffer = length;
- *buffer = NULL;
-
- /* If set to zero, then they just want the length */
- if (length == 0)
- return CKR_OK;
-
- *buffer = p11_rpc_message_alloc_extra (msg, length * sizeof (CK_ULONG));
- if (!*buffer)
- return CKR_DEVICE_MEMORY;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_write_ulong_array (p11_rpc_message *msg,
- CK_ULONG_PTR array,
- CK_ULONG len,
- CK_RV ret)
-{
- assert (msg != NULL);
-
- /*
- * When returning an ulong array, in many cases we need to pass
- * an invalid array along with a length, which signifies CKR_BUFFER_TOO_SMALL.
- */
-
- switch (ret) {
- case CKR_BUFFER_TOO_SMALL:
- array = NULL;
- /* fall through */
- case CKR_OK:
- break;
-
- /* Pass all other errors straight through */
- default:
- return ret;
- };
-
- if (!p11_rpc_message_write_ulong_array (msg, array, len))
- return PREP_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_attribute_buffer (p11_rpc_message *msg,
- CK_ATTRIBUTE_PTR *result,
- CK_ULONG *n_result)
-{
- CK_ATTRIBUTE_PTR attrs;
- uint32_t n_attrs, i;
- uint32_t value;
-
- assert (msg != NULL);
- assert (result != NULL);
- assert (n_result != NULL);
- assert (msg->input != NULL);
-
- /* Make sure this is in the rigth order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "fA"));
-
- /* Read the number of attributes */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs))
- return PARSE_ERROR;
-
- /* Allocate memory for the attribute structures */
- attrs = p11_rpc_message_alloc_extra (msg, n_attrs * sizeof (CK_ATTRIBUTE));
- if (attrs == NULL)
- return CKR_DEVICE_MEMORY;
-
- /* Now go through and fill in each one */
- for (i = 0; i < n_attrs; ++i) {
-
- /* The attribute type */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value))
- return PARSE_ERROR;
-
- attrs[i].type = value;
-
- /* The number of bytes to allocate */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value))
- return PARSE_ERROR;
-
- if (value == 0) {
- attrs[i].pValue = NULL;
- attrs[i].ulValueLen = 0;
- } else {
- attrs[i].pValue = p11_rpc_message_alloc_extra (msg, value);
- if (!attrs[i].pValue)
- return CKR_DEVICE_MEMORY;
- attrs[i].ulValueLen = value;
- }
- }
-
- *result = attrs;
- *n_result = n_attrs;
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_attribute_array (p11_rpc_message *msg,
- CK_ATTRIBUTE_PTR *result,
- CK_ULONG *n_result)
-{
- CK_ATTRIBUTE_PTR attrs;
- const unsigned char *data;
- unsigned char valid;
- uint32_t n_attrs, i;
- uint32_t value;
- size_t n_data;
-
- assert (msg != NULL);
- assert (result != NULL);
- assert (n_result != NULL);
- assert (msg->input != NULL);
-
- /* Make sure this is in the rigth order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "aA"));
-
- /* Read the number of attributes */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &n_attrs))
- return PARSE_ERROR;
-
- /* Allocate memory for the attribute structures */
- attrs = p11_rpc_message_alloc_extra (msg, n_attrs * sizeof (CK_ATTRIBUTE));
- if (attrs == NULL)
- return CKR_DEVICE_MEMORY;
-
- /* Now go through and fill in each one */
- for (i = 0; i < n_attrs; ++i) {
-
- /* The attribute type */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value))
- return PARSE_ERROR;
-
- attrs[i].type = value;
-
- /* Whether this one is valid or not */
- if (!p11_rpc_buffer_get_byte (msg->input, &msg->parsed, &valid))
- return PARSE_ERROR;
-
- if (valid) {
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value))
- return PARSE_ERROR;
- if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data))
- return PARSE_ERROR;
-
- if (data != NULL && n_data != value) {
- p11_message ("attribute length and data do not match");
- return PARSE_ERROR;
- }
-
- attrs[i].pValue = (CK_VOID_PTR)data;
- attrs[i].ulValueLen = value;
- } else {
- attrs[i].pValue = NULL;
- attrs[i].ulValueLen = -1;
- }
- }
-
- *result = attrs;
- *n_result = n_attrs;
- return CKR_OK;
-}
-
-static CK_RV
-proto_write_attribute_array (p11_rpc_message *msg,
- CK_ATTRIBUTE_PTR array,
- CK_ULONG len,
- CK_RV ret)
-{
- assert (msg != NULL);
-
- /*
- * When returning an attribute array, certain errors aren't
- * actually real errors, these are passed through to the other
- * side along with the attribute array.
- */
-
- switch (ret) {
- case CKR_ATTRIBUTE_SENSITIVE:
- case CKR_ATTRIBUTE_TYPE_INVALID:
- case CKR_BUFFER_TOO_SMALL:
- case CKR_OK:
- break;
-
- /* Pass all other errors straight through */
- default:
- return ret;
- };
-
- if (!p11_rpc_message_write_attribute_array (msg, array, len) ||
- !p11_rpc_message_write_ulong (msg, ret))
- return PREP_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_null_string (p11_rpc_message *msg,
- CK_UTF8CHAR_PTR *val)
-{
- const unsigned char *data;
- size_t n_data;
-
- assert (msg != NULL);
- assert (val != NULL);
- assert (msg->input != NULL);
-
- /* Check that we're supposed to have this at this point */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "z"));
-
- if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data))
- return PARSE_ERROR;
-
- /* Allocate a block of memory for it */
- *val = p11_rpc_message_alloc_extra (msg, n_data + 1);
- if (*val == NULL)
- return CKR_DEVICE_MEMORY;
-
- memcpy (*val, data, n_data);
- (*val)[n_data] = 0;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_read_mechanism (p11_rpc_message *msg,
- CK_MECHANISM_PTR mech)
-{
- const unsigned char *data;
- uint32_t value;
- size_t n_data;
-
- assert (msg != NULL);
- assert (mech != NULL);
- assert (msg->input != NULL);
-
- /* Make sure this is in the right order */
- assert (!msg->signature || p11_rpc_message_verify_part (msg, "M"));
-
- /* The mechanism type */
- if (!p11_rpc_buffer_get_uint32 (msg->input, &msg->parsed, &value))
- return PARSE_ERROR;
-
- /* The mechanism data */
- if (!p11_rpc_buffer_get_byte_array (msg->input, &msg->parsed, &data, &n_data))
- return PARSE_ERROR;
-
- mech->mechanism = value;
- mech->pParameter = (CK_VOID_PTR)data;
- mech->ulParameterLen = n_data;
- return CKR_OK;
-}
-
-static CK_RV
-proto_write_info (p11_rpc_message *msg,
- CK_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_write_version (msg, &info->cryptokiVersion) ||
- !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) ||
- !p11_rpc_message_write_ulong (msg, info->flags) ||
- !p11_rpc_message_write_space_string (msg, info->libraryDescription, 32) ||
- !p11_rpc_message_write_version (msg, &info->libraryVersion))
- return PREP_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_write_slot_info (p11_rpc_message *msg,
- CK_SLOT_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_write_space_string (msg, info->slotDescription, 64) ||
- !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) ||
- !p11_rpc_message_write_ulong (msg, info->flags) ||
- !p11_rpc_message_write_version (msg, &info->hardwareVersion) ||
- !p11_rpc_message_write_version (msg, &info->firmwareVersion))
- return PREP_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_write_token_info (p11_rpc_message *msg,
- CK_TOKEN_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_write_space_string (msg, info->label, 32) ||
- !p11_rpc_message_write_space_string (msg, info->manufacturerID, 32) ||
- !p11_rpc_message_write_space_string (msg, info->model, 16) ||
- !p11_rpc_message_write_space_string (msg, info->serialNumber, 16) ||
- !p11_rpc_message_write_ulong (msg, info->flags) ||
- !p11_rpc_message_write_ulong (msg, info->ulMaxSessionCount) ||
- !p11_rpc_message_write_ulong (msg, info->ulSessionCount) ||
- !p11_rpc_message_write_ulong (msg, info->ulMaxRwSessionCount) ||
- !p11_rpc_message_write_ulong (msg, info->ulRwSessionCount) ||
- !p11_rpc_message_write_ulong (msg, info->ulMaxPinLen) ||
- !p11_rpc_message_write_ulong (msg, info->ulMinPinLen) ||
- !p11_rpc_message_write_ulong (msg, info->ulTotalPublicMemory) ||
- !p11_rpc_message_write_ulong (msg, info->ulFreePublicMemory) ||
- !p11_rpc_message_write_ulong (msg, info->ulTotalPrivateMemory) ||
- !p11_rpc_message_write_ulong (msg, info->ulFreePrivateMemory) ||
- !p11_rpc_message_write_version (msg, &info->hardwareVersion) ||
- !p11_rpc_message_write_version (msg, &info->firmwareVersion) ||
- !p11_rpc_message_write_space_string (msg, info->utcTime, 16))
- return PREP_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_write_mechanism_info (p11_rpc_message *msg,
- CK_MECHANISM_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_write_ulong (msg, info->ulMinKeySize) ||
- !p11_rpc_message_write_ulong (msg, info->ulMaxKeySize) ||
- !p11_rpc_message_write_ulong (msg, info->flags))
- return PREP_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-proto_write_session_info (p11_rpc_message *msg,
- CK_SESSION_INFO_PTR info)
-{
- assert (msg != NULL);
- assert (info != NULL);
-
- if (!p11_rpc_message_write_ulong (msg, info->slotID) ||
- !p11_rpc_message_write_ulong (msg, info->state) ||
- !p11_rpc_message_write_ulong (msg, info->flags) ||
- !p11_rpc_message_write_ulong (msg, info->ulDeviceError))
- return PREP_ERROR;
-
- return CKR_OK;
-}
-
-static CK_RV
-call_ready (p11_rpc_message *msg)
-{
- assert (msg->output);
-
- /*
- * Called right before invoking the actual PKCS#11 function
- * Reading out of data is complete, get ready to write return values.
- */
-
- if (p11_buffer_failed (msg->output)) {
- p11_message ("invalid request from module, probably too short"); \
- return PARSE_ERROR;
- }
-
- assert (p11_rpc_message_is_verified (msg));
-
- /* All done parsing input */
- msg->input = NULL;
-
- if (!p11_rpc_message_prep (msg, msg->call_id, P11_RPC_RESPONSE)) {
- p11_message ("couldn't initialize rpc response");
- return CKR_DEVICE_MEMORY;
- }
-
- return CKR_OK;
-}
-
-/* -------------------------------------------------------------------
- * CALL MACROS
- */
-
-#define BEGIN_CALL(call_id) \
- p11_debug (#call_id ": enter"); \
- assert (msg != NULL); \
- assert (self != NULL); \
- { \
- CK_X_##call_id _func = self->C_##call_id; \
- CK_RV _ret = CKR_OK; \
- if (!_func) { _ret = CKR_GENERAL_ERROR; goto _cleanup; }
-
-#define PROCESS_CALL(args) \
- _ret = call_ready (msg); \
- if (_ret != CKR_OK) { goto _cleanup; } \
- _ret = _func args
-
-#define END_CALL \
- _cleanup: \
- p11_debug ("ret: %d", (int)_ret); \
- return _ret; \
- }
-
-#define IN_BYTE(val) \
- if (!p11_rpc_message_read_byte (msg, &val)) \
- { _ret = PARSE_ERROR; goto _cleanup; }
-
-#define IN_ULONG(val) \
- if (!p11_rpc_message_read_ulong (msg, &val)) \
- { _ret = PARSE_ERROR; goto _cleanup; }
-
-#define IN_STRING(val) \
- _ret = proto_read_null_string (msg, &val); \
- if (_ret != CKR_OK) goto _cleanup;
-
-#define IN_BYTE_BUFFER(buffer, buffer_len) \
- _ret = proto_read_byte_buffer (msg, &buffer, &buffer_len); \
- if (_ret != CKR_OK) goto _cleanup;
-
-#define IN_BYTE_ARRAY(buffer, buffer_len) \
- _ret = proto_read_byte_array (msg, &buffer, &buffer_len); \
- if (_ret != CKR_OK) goto _cleanup;
-
-#define IN_ULONG_BUFFER(buffer, buffer_len) \
- _ret = proto_read_ulong_buffer (msg, &buffer, &buffer_len); \
- if (_ret != CKR_OK) goto _cleanup;
-
-#define IN_ATTRIBUTE_BUFFER(buffer, buffer_len) \
- _ret = proto_read_attribute_buffer (msg, &buffer, &buffer_len); \
- if (_ret != CKR_OK) goto _cleanup;
-
-#define IN_ATTRIBUTE_ARRAY(attrs, n_attrs) \
- _ret = proto_read_attribute_array (msg, &attrs, &n_attrs); \
- if (_ret != CKR_OK) goto _cleanup;
-
-#define IN_MECHANISM(mech) \
- _ret = proto_read_mechanism (msg, &mech); \
- if (_ret != CKR_OK) goto _cleanup;
-
-
-#define OUT_ULONG(val) \
- if (_ret == CKR_OK && !p11_rpc_message_write_ulong (msg, val)) \
- _ret = PREP_ERROR;
-
-#define OUT_BYTE_ARRAY(array, len) \
- /* Note how we filter return codes */ \
- _ret = proto_write_byte_array (msg, array, len, _ret);
-
-#define OUT_ULONG_ARRAY(array, len) \
- /* Note how we filter return codes */ \
- _ret = proto_write_ulong_array (msg, array, len, _ret);
-
-#define OUT_ATTRIBUTE_ARRAY(array, len) \
- /* Note how we filter return codes */ \
- _ret = proto_write_attribute_array (msg, array, len, _ret);
-
-#define OUT_INFO(val) \
- if (_ret == CKR_OK) \
- _ret = proto_write_info (msg, &val);
-
-#define OUT_SLOT_INFO(val) \
- if (_ret == CKR_OK) \
- _ret = proto_write_slot_info (msg, &val);
-
-#define OUT_TOKEN_INFO(val) \
- if (_ret == CKR_OK) \
- _ret = proto_write_token_info (msg, &val);
-
-#define OUT_MECHANISM_INFO(val) \
- if (_ret == CKR_OK) \
- _ret = proto_write_mechanism_info (msg, &val);
-
-#define OUT_SESSION_INFO(val) \
- if (_ret == CKR_OK) \
- _ret = proto_write_session_info (msg, &val);
-
-/* ---------------------------------------------------------------------------
- * DISPATCH SPECIFIC CALLS
- */
-
-static CK_RV
-rpc_C_Initialize (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_X_Initialize func;
- CK_C_INITIALIZE_ARGS init_args;
- CK_BYTE_PTR handshake;
- CK_ULONG n_handshake;
- CK_BYTE reserved_present = 0;
- CK_BYTE_PTR reserved = NULL;
- CK_ULONG n_reserved;
- CK_RV ret = CKR_OK;
-
- p11_debug ("C_Initialize: enter");
-
- assert (msg != NULL);
- assert (self != NULL);
-
- ret = proto_read_byte_array (msg, &handshake, &n_handshake);
- if (ret == CKR_OK) {
-
- /* Check to make sure the header matches */
- if (n_handshake != P11_RPC_HANDSHAKE_LEN ||
- memcmp (handshake, P11_RPC_HANDSHAKE, n_handshake) != 0) {
- p11_message ("invalid handshake received from connecting module");
- ret = CKR_GENERAL_ERROR;
- }
- }
-
- if (ret == CKR_OK) {
- if (!p11_rpc_message_read_byte (msg, &reserved_present))
- ret = PARSE_ERROR;
- }
-
- if (ret == CKR_OK) {
- ret = proto_read_byte_array (msg, &reserved, &n_reserved);
-
- assert (p11_rpc_message_is_verified (msg));
- }
-
- if (ret == CKR_OK) {
- memset (&init_args, 0, sizeof (init_args));
- init_args.flags = CKF_OS_LOCKING_OK;
- init_args.pReserved = reserved_present ? reserved : NULL;
-
- func = self->C_Initialize;
- assert (func != NULL);
- ret = (func) (self, &init_args);
-
- /* Empty response */
- if (ret == CKR_OK)
- ret = call_ready (msg);
- }
-
- p11_debug ("ret: %d", (int)ret);
- return ret;
-}
-
-static CK_RV
-rpc_C_Finalize (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- BEGIN_CALL (Finalize);
- PROCESS_CALL ((self, NULL));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetInfo (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_INFO info;
-
- BEGIN_CALL (GetInfo);
- PROCESS_CALL ((self, &info));
- OUT_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetSlotList (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_BBOOL token_present;
- CK_SLOT_ID_PTR slot_list;
- CK_ULONG count;
-
- BEGIN_CALL (GetSlotList);
- IN_BYTE (token_present);
- IN_ULONG_BUFFER (slot_list, count);
- PROCESS_CALL ((self, token_present, slot_list, &count));
- OUT_ULONG_ARRAY (slot_list, count);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SLOT_ID slot_id;
- CK_SLOT_INFO info;
-
- BEGIN_CALL (GetSlotInfo);
- IN_ULONG (slot_id);
- PROCESS_CALL ((self, slot_id, &info));
- OUT_SLOT_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SLOT_ID slot_id;
- CK_TOKEN_INFO info;
-
- BEGIN_CALL (GetTokenInfo);
- IN_ULONG (slot_id);
- PROCESS_CALL ((self, slot_id, &info));
- OUT_TOKEN_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SLOT_ID slot_id;
- CK_MECHANISM_TYPE_PTR mechanism_list;
- CK_ULONG count;
-
- BEGIN_CALL (GetMechanismList);
- IN_ULONG (slot_id);
- IN_ULONG_BUFFER (mechanism_list, count);
- PROCESS_CALL ((self, slot_id, mechanism_list, &count));
- OUT_ULONG_ARRAY (mechanism_list, count);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SLOT_ID slot_id;
- CK_MECHANISM_TYPE type;
- CK_MECHANISM_INFO info;
-
- BEGIN_CALL (GetMechanismInfo);
- IN_ULONG (slot_id);
- IN_ULONG (type);
- PROCESS_CALL ((self, slot_id, type, &info));
- OUT_MECHANISM_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_InitToken (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SLOT_ID slot_id;
- CK_UTF8CHAR_PTR pin;
- CK_ULONG pin_len;
- CK_UTF8CHAR_PTR label;
-
- BEGIN_CALL (InitToken);
- IN_ULONG (slot_id);
- IN_BYTE_ARRAY (pin, pin_len);
- IN_STRING (label);
- PROCESS_CALL ((self, slot_id, pin, pin_len, label));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_FLAGS flags;
- CK_SLOT_ID slot_id;
-
- BEGIN_CALL (WaitForSlotEvent);
- IN_ULONG (flags);
- PROCESS_CALL ((self, flags, &slot_id, NULL));
- OUT_ULONG (slot_id);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_OpenSession (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SLOT_ID slot_id;
- CK_FLAGS flags;
- CK_SESSION_HANDLE session;
-
- BEGIN_CALL (OpenSession);
- IN_ULONG (slot_id);
- IN_ULONG (flags);
- PROCESS_CALL ((self, slot_id, flags, NULL, NULL, &session));
- OUT_ULONG (session);
- END_CALL;
-}
-
-
-static CK_RV
-rpc_C_CloseSession (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
-
- BEGIN_CALL (CloseSession);
- IN_ULONG (session);
- PROCESS_CALL ((self, session));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SLOT_ID slot_id;
-
- /* Slot id becomes apartment so lower layers can tell clients apart. */
-
- BEGIN_CALL (CloseAllSessions);
- IN_ULONG (slot_id);
- PROCESS_CALL ((self, slot_id));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_SESSION_INFO info;
-
- BEGIN_CALL (GetSessionInfo);
- IN_ULONG (session);
- PROCESS_CALL ((self, session, &info));
- OUT_SESSION_INFO (info);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_InitPIN (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_UTF8CHAR_PTR pin;
- CK_ULONG pin_len;
-
- BEGIN_CALL (InitPIN);
- IN_ULONG (session);
- IN_BYTE_ARRAY (pin, pin_len);
- PROCESS_CALL ((self, session, pin, pin_len));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SetPIN (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_UTF8CHAR_PTR old_pin;
- CK_ULONG old_len;
- CK_UTF8CHAR_PTR new_pin;
- CK_ULONG new_len;
-
- BEGIN_CALL (SetPIN);
- IN_ULONG (session);
- IN_BYTE_ARRAY (old_pin, old_len);
- IN_BYTE_ARRAY (new_pin, new_len);
- PROCESS_CALL ((self, session, old_pin, old_len, new_pin, new_len));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetOperationState (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR operation_state;
- CK_ULONG operation_state_len;
-
- BEGIN_CALL (GetOperationState);
- IN_ULONG (session);
- IN_BYTE_BUFFER (operation_state, operation_state_len);
- PROCESS_CALL ((self, session, operation_state, &operation_state_len));
- OUT_BYTE_ARRAY (operation_state, operation_state_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SetOperationState (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR operation_state;
- CK_ULONG operation_state_len;
- CK_OBJECT_HANDLE encryption_key;
- CK_OBJECT_HANDLE authentication_key;
-
- BEGIN_CALL (SetOperationState);
- IN_ULONG (session);
- IN_BYTE_ARRAY (operation_state, operation_state_len);
- IN_ULONG (encryption_key);
- IN_ULONG (authentication_key);
- PROCESS_CALL ((self, session, operation_state, operation_state_len, encryption_key, authentication_key));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Login (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_USER_TYPE user_type;
- CK_UTF8CHAR_PTR pin;
- CK_ULONG pin_len;
-
- BEGIN_CALL (Login);
- IN_ULONG (session);
- IN_ULONG (user_type);
- IN_BYTE_ARRAY (pin, pin_len);
- PROCESS_CALL ((self, session, user_type, pin, pin_len));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Logout (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
-
- BEGIN_CALL (Logout);
- IN_ULONG (session);
- PROCESS_CALL ((self, session));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_CreateObject (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_ATTRIBUTE_PTR template;
- CK_ULONG count;
- CK_OBJECT_HANDLE new_object;
-
- BEGIN_CALL (CreateObject);
- IN_ULONG (session);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL ((self, session, template, count, &new_object));
- OUT_ULONG (new_object);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_CopyObject (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE object;
- CK_ATTRIBUTE_PTR template;
- CK_ULONG count;
- CK_OBJECT_HANDLE new_object;
-
- BEGIN_CALL (CopyObject);
- IN_ULONG (session);
- IN_ULONG (object);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL ((self, session, object, template, count, &new_object));
- OUT_ULONG (new_object);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DestroyObject (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE object;
-
- BEGIN_CALL (DestroyObject);
- IN_ULONG (session);
- IN_ULONG (object);
- PROCESS_CALL ((self, session, object));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE object;
- CK_ULONG size;
-
- BEGIN_CALL (GetObjectSize);
- IN_ULONG (session);
- IN_ULONG (object);
- PROCESS_CALL ((self, session, object, &size));
- OUT_ULONG (size);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE object;
- CK_ATTRIBUTE_PTR template;
- CK_ULONG count;
-
- BEGIN_CALL (GetAttributeValue);
- IN_ULONG (session);
- IN_ULONG (object);
- IN_ATTRIBUTE_BUFFER (template, count);
- PROCESS_CALL ((self, session, object, template, count));
- OUT_ATTRIBUTE_ARRAY (template, count);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE object;
- CK_ATTRIBUTE_PTR template;
- CK_ULONG count;
-
- BEGIN_CALL (SetAttributeValue);
- IN_ULONG (session);
- IN_ULONG (object);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL ((self, session, object, template, count));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_ATTRIBUTE_PTR template;
- CK_ULONG count;
-
- BEGIN_CALL (FindObjectsInit);
- IN_ULONG (session);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL ((self, session, template, count));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_FindObjects (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE_PTR objects;
- CK_ULONG max_object_count;
- CK_ULONG object_count;
-
- BEGIN_CALL (FindObjects);
- IN_ULONG (session);
- IN_ULONG_BUFFER (objects, max_object_count);
- PROCESS_CALL ((self, session, objects, max_object_count, &object_count));
- OUT_ULONG_ARRAY (objects, object_count);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
-
- BEGIN_CALL (FindObjectsFinal);
- IN_ULONG (session);
- PROCESS_CALL ((self, session));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_EncryptInit (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (EncryptInit);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL ((self, session, &mechanism, key));
- END_CALL;
-
-}
-
-static CK_RV
-rpc_C_Encrypt (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR data;
- CK_ULONG data_len;
- CK_BYTE_PTR encrypted_data;
- CK_ULONG encrypted_data_len;
-
- BEGIN_CALL (Encrypt);
- IN_ULONG (session);
- IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_BUFFER (encrypted_data, encrypted_data_len);
- PROCESS_CALL ((self, session, data, data_len, encrypted_data, &encrypted_data_len));
- OUT_BYTE_ARRAY (encrypted_data, encrypted_data_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
- CK_BYTE_PTR encrypted_part;
- CK_ULONG encrypted_part_len;
-
- BEGIN_CALL (EncryptUpdate);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- IN_BYTE_BUFFER (encrypted_part, encrypted_part_len);
- PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len));
- OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR last_encrypted_part;
- CK_ULONG last_encrypted_part_len;
-
- BEGIN_CALL (EncryptFinal);
- IN_ULONG (session);
- IN_BYTE_BUFFER (last_encrypted_part, last_encrypted_part_len);
- PROCESS_CALL ((self, session, last_encrypted_part, &last_encrypted_part_len));
- OUT_BYTE_ARRAY (last_encrypted_part, last_encrypted_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptInit (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (DecryptInit);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL ((self, session, &mechanism, key));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Decrypt (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR encrypted_data;
- CK_ULONG encrypted_data_len;
- CK_BYTE_PTR data;
- CK_ULONG data_len;
-
- BEGIN_CALL (Decrypt);
- IN_ULONG (session);
- IN_BYTE_ARRAY (encrypted_data, encrypted_data_len);
- IN_BYTE_BUFFER (data, data_len);
- PROCESS_CALL ((self, session, encrypted_data, encrypted_data_len, data, &data_len));
- OUT_BYTE_ARRAY (data, data_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR encrypted_part;
- CK_ULONG encrypted_part_len;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
-
- BEGIN_CALL (DecryptUpdate);
- IN_ULONG (session);
- IN_BYTE_ARRAY (encrypted_part, encrypted_part_len);
- IN_BYTE_BUFFER (part, part_len);
- PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len));
- OUT_BYTE_ARRAY (part, part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR last_part;
- CK_ULONG last_part_len;
-
- BEGIN_CALL (DecryptFinal);
- IN_ULONG (session);
- IN_BYTE_BUFFER (last_part, last_part_len);
- PROCESS_CALL ((self, session, last_part, &last_part_len));
- OUT_BYTE_ARRAY (last_part, last_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestInit (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
-
- BEGIN_CALL (DigestInit);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- PROCESS_CALL ((self, session, &mechanism));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Digest (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR data;
- CK_ULONG data_len;
- CK_BYTE_PTR digest;
- CK_ULONG digest_len;
-
- BEGIN_CALL (Digest);
- IN_ULONG (session);
- IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_BUFFER (digest, digest_len);
- PROCESS_CALL ((self, session, data, data_len, digest, &digest_len));
- OUT_BYTE_ARRAY (digest, digest_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
-
- BEGIN_CALL (DigestUpdate);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- PROCESS_CALL ((self, session, part, part_len));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestKey (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (DigestKey);
- IN_ULONG (session);
- IN_ULONG (key);
- PROCESS_CALL ((self, session, key));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestFinal (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR digest;
- CK_ULONG digest_len;
-
- BEGIN_CALL (DigestFinal);
- IN_ULONG (session);
- IN_BYTE_BUFFER (digest, digest_len);
- PROCESS_CALL ((self, session, digest, &digest_len));
- OUT_BYTE_ARRAY (digest, digest_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignInit (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (SignInit);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL ((self, session, &mechanism, key));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Sign (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
- CK_BYTE_PTR signature;
- CK_ULONG signature_len;
-
- BEGIN_CALL (Sign);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- IN_BYTE_BUFFER (signature, signature_len);
- PROCESS_CALL ((self, session, part, part_len, signature, &signature_len));
- OUT_BYTE_ARRAY (signature, signature_len);
- END_CALL;
-
-}
-
-static CK_RV
-rpc_C_SignUpdate (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
-
- BEGIN_CALL (SignUpdate);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- PROCESS_CALL ((self, session, part, part_len));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignFinal (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR signature;
- CK_ULONG signature_len;
-
- BEGIN_CALL (SignFinal);
- IN_ULONG (session);
- IN_BYTE_BUFFER (signature, signature_len);
- PROCESS_CALL ((self, session, signature, &signature_len));
- OUT_BYTE_ARRAY (signature, signature_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (SignRecoverInit);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL ((self, session, &mechanism, key));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignRecover (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR data;
- CK_ULONG data_len;
- CK_BYTE_PTR signature;
- CK_ULONG signature_len;
-
- BEGIN_CALL (SignRecover);
- IN_ULONG (session);
- IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_BUFFER (signature, signature_len);
- PROCESS_CALL ((self, session, data, data_len, signature, &signature_len));
- OUT_BYTE_ARRAY (signature, signature_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyInit (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (VerifyInit);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL ((self, session, &mechanism, key));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_Verify (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR data;
- CK_ULONG data_len;
- CK_BYTE_PTR signature;
- CK_ULONG signature_len;
-
- BEGIN_CALL (Verify);
- IN_ULONG (session);
- IN_BYTE_ARRAY (data, data_len);
- IN_BYTE_ARRAY (signature, signature_len);
- PROCESS_CALL ((self, session, data, data_len, signature, signature_len));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
-
- BEGIN_CALL (VerifyUpdate);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- PROCESS_CALL ((self, session, part, part_len));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR signature;
- CK_ULONG signature_len;
-
- BEGIN_CALL (VerifyFinal);
- IN_ULONG (session);
- IN_BYTE_ARRAY (signature, signature_len);
- PROCESS_CALL ((self, session, signature, signature_len));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (VerifyRecoverInit);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (key);
- PROCESS_CALL ((self, session, &mechanism, key));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR signature;
- CK_ULONG signature_len;
- CK_BYTE_PTR data;
- CK_ULONG data_len;
-
- BEGIN_CALL (VerifyRecover);
- IN_ULONG (session);
- IN_BYTE_ARRAY (signature, signature_len);
- IN_BYTE_BUFFER (data, data_len);
- PROCESS_CALL ((self, session, signature, signature_len, data, &data_len));
- OUT_BYTE_ARRAY (data, data_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
- CK_BYTE_PTR encrypted_part;
- CK_ULONG encrypted_part_len;
-
- BEGIN_CALL (DigestEncryptUpdate);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- IN_BYTE_BUFFER (encrypted_part, encrypted_part_len);
- PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len));
- OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR encrypted_part;
- CK_ULONG encrypted_part_len;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
-
- BEGIN_CALL (DecryptDigestUpdate);
- IN_ULONG (session);
- IN_BYTE_ARRAY (encrypted_part, encrypted_part_len);
- IN_BYTE_BUFFER (part, part_len);
- PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len));
- OUT_BYTE_ARRAY (part, part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
- CK_BYTE_PTR encrypted_part;
- CK_ULONG encrypted_part_len;
-
- BEGIN_CALL (SignEncryptUpdate);
- IN_ULONG (session);
- IN_BYTE_ARRAY (part, part_len);
- IN_BYTE_BUFFER (encrypted_part, encrypted_part_len);
- PROCESS_CALL ((self, session, part, part_len, encrypted_part, &encrypted_part_len));
- OUT_BYTE_ARRAY (encrypted_part, encrypted_part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR encrypted_part;
- CK_ULONG encrypted_part_len;
- CK_BYTE_PTR part;
- CK_ULONG part_len;
-
- BEGIN_CALL (DecryptVerifyUpdate);
- IN_ULONG (session);
- IN_BYTE_ARRAY (encrypted_part, encrypted_part_len);
- IN_BYTE_BUFFER (part, part_len);
- PROCESS_CALL ((self, session, encrypted_part, encrypted_part_len, part, &part_len));
- OUT_BYTE_ARRAY (part, part_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GenerateKey (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_ATTRIBUTE_PTR template;
- CK_ULONG count;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (GenerateKey);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ATTRIBUTE_ARRAY (template, count);
- PROCESS_CALL ((self, session, &mechanism, template, count, &key));
- OUT_ULONG (key);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_ATTRIBUTE_PTR public_key_template;
- CK_ULONG public_key_attribute_count;
- CK_ATTRIBUTE_PTR private_key_template;
- CK_ULONG private_key_attribute_count;
- CK_OBJECT_HANDLE public_key;
- CK_OBJECT_HANDLE private_key;
-
- BEGIN_CALL (GenerateKeyPair);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ATTRIBUTE_ARRAY (public_key_template, public_key_attribute_count);
- IN_ATTRIBUTE_ARRAY (private_key_template, private_key_attribute_count);
- PROCESS_CALL ((self, session, &mechanism, public_key_template, public_key_attribute_count, private_key_template, private_key_attribute_count, &public_key, &private_key));
- OUT_ULONG (public_key);
- OUT_ULONG (private_key);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_WrapKey (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_OBJECT_HANDLE wrapping_key;
- CK_OBJECT_HANDLE key;
- CK_BYTE_PTR wrapped_key;
- CK_ULONG wrapped_key_len;
-
- BEGIN_CALL (WrapKey);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (wrapping_key);
- IN_ULONG (key);
- IN_BYTE_BUFFER (wrapped_key, wrapped_key_len);
- PROCESS_CALL ((self, session, &mechanism, wrapping_key, key, wrapped_key, &wrapped_key_len));
- OUT_BYTE_ARRAY (wrapped_key, wrapped_key_len);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_OBJECT_HANDLE unwrapping_key;
- CK_BYTE_PTR wrapped_key;
- CK_ULONG wrapped_key_len;
- CK_ATTRIBUTE_PTR template;
- CK_ULONG attribute_count;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (UnwrapKey);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (unwrapping_key);
- IN_BYTE_ARRAY (wrapped_key, wrapped_key_len);
- IN_ATTRIBUTE_ARRAY (template, attribute_count);
- PROCESS_CALL ((self, session, &mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, attribute_count, &key));
- OUT_ULONG (key);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_DeriveKey (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_MECHANISM mechanism;
- CK_OBJECT_HANDLE base_key;
- CK_ATTRIBUTE_PTR template;
- CK_ULONG attribute_count;
- CK_OBJECT_HANDLE key;
-
- BEGIN_CALL (DeriveKey);
- IN_ULONG (session);
- IN_MECHANISM (mechanism);
- IN_ULONG (base_key);
- IN_ATTRIBUTE_ARRAY (template, attribute_count);
- PROCESS_CALL ((self, session, &mechanism, base_key, template, attribute_count, &key));
- OUT_ULONG (key);
- END_CALL;
-}
-
-static CK_RV
-rpc_C_SeedRandom (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR seed;
- CK_ULONG seed_len;
-
- BEGIN_CALL (SeedRandom);
- IN_ULONG (session);
- IN_BYTE_ARRAY (seed, seed_len);
- PROCESS_CALL ((self, session, seed, seed_len));
- END_CALL;
-}
-
-static CK_RV
-rpc_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
- p11_rpc_message *msg)
-{
- CK_SESSION_HANDLE session;
- CK_BYTE_PTR random_data;
- CK_ULONG random_len;
-
- BEGIN_CALL (GenerateRandom);
- IN_ULONG (session);
- IN_BYTE_BUFFER (random_data, random_len);
- PROCESS_CALL ((self, session, random_data, random_len));
- OUT_BYTE_ARRAY (random_data, random_len);
- END_CALL;
-}
-
-bool
-p11_rpc_server_handle (CK_X_FUNCTION_LIST *self,
- p11_buffer *request,
- p11_buffer *response)
-{
- p11_rpc_message msg;
- CK_RV ret;
- int req_id;
-
- return_val_if_fail (self != NULL, false);
- return_val_if_fail (request != NULL, false);
- return_val_if_fail (response != NULL, false);
-
- p11_message_clear ();
-
- p11_rpc_message_init (&msg, request, response);
-
- if (!p11_rpc_message_parse (&msg, P11_RPC_REQUEST)) {
- p11_rpc_message_clear (&msg);
- p11_message ("couldn't parse pkcs11 rpc message");
- return false;
- }
-
- /* This should have been checked by the parsing code */
- assert (msg.call_id > P11_RPC_CALL_ERROR);
- assert (msg.call_id < P11_RPC_CALL_MAX);
- req_id = msg.call_id;
-
- switch(req_id) {
- #define CASE_CALL(name) \
- case P11_RPC_CALL_##name: \
- ret = rpc_##name (self, &msg); \
- break;
- CASE_CALL (C_Initialize)
- CASE_CALL (C_Finalize)
- CASE_CALL (C_GetInfo)
- CASE_CALL (C_GetSlotList)
- CASE_CALL (C_GetSlotInfo)
- CASE_CALL (C_GetTokenInfo)
- CASE_CALL (C_GetMechanismList)
- CASE_CALL (C_GetMechanismInfo)
- CASE_CALL (C_InitToken)
- CASE_CALL (C_OpenSession)
- CASE_CALL (C_CloseSession)
- CASE_CALL (C_CloseAllSessions)
- CASE_CALL (C_GetSessionInfo)
- CASE_CALL (C_InitPIN)
- CASE_CALL (C_SetPIN)
- CASE_CALL (C_GetOperationState)
- CASE_CALL (C_SetOperationState)
- CASE_CALL (C_Login)
- CASE_CALL (C_Logout)
- CASE_CALL (C_CreateObject)
- CASE_CALL (C_CopyObject)
- CASE_CALL (C_DestroyObject)
- CASE_CALL (C_GetObjectSize)
- CASE_CALL (C_GetAttributeValue)
- CASE_CALL (C_SetAttributeValue)
- CASE_CALL (C_FindObjectsInit)
- CASE_CALL (C_FindObjects)
- CASE_CALL (C_FindObjectsFinal)
- CASE_CALL (C_EncryptInit)
- CASE_CALL (C_Encrypt)
- CASE_CALL (C_EncryptUpdate)
- CASE_CALL (C_EncryptFinal)
- CASE_CALL (C_DecryptInit)
- CASE_CALL (C_Decrypt)
- CASE_CALL (C_DecryptUpdate)
- CASE_CALL (C_DecryptFinal)
- CASE_CALL (C_DigestInit)
- CASE_CALL (C_Digest)
- CASE_CALL (C_DigestUpdate)
- CASE_CALL (C_DigestKey)
- CASE_CALL (C_DigestFinal)
- CASE_CALL (C_SignInit)
- CASE_CALL (C_Sign)
- CASE_CALL (C_SignUpdate)
- CASE_CALL (C_SignFinal)
- CASE_CALL (C_SignRecoverInit)
- CASE_CALL (C_SignRecover)
- CASE_CALL (C_VerifyInit)
- CASE_CALL (C_Verify)
- CASE_CALL (C_VerifyUpdate)
- CASE_CALL (C_VerifyFinal)
- CASE_CALL (C_VerifyRecoverInit)
- CASE_CALL (C_VerifyRecover)
- CASE_CALL (C_DigestEncryptUpdate)
- CASE_CALL (C_DecryptDigestUpdate)
- CASE_CALL (C_SignEncryptUpdate)
- CASE_CALL (C_DecryptVerifyUpdate)
- CASE_CALL (C_GenerateKey)
- CASE_CALL (C_GenerateKeyPair)
- CASE_CALL (C_WrapKey)
- CASE_CALL (C_UnwrapKey)
- CASE_CALL (C_DeriveKey)
- CASE_CALL (C_SeedRandom)
- CASE_CALL (C_GenerateRandom)
- CASE_CALL (C_WaitForSlotEvent)
- #undef CASE_CALL
- default:
- /* This should have been caught by the parse code */
- assert (0 && "Unchecked call");
- break;
- };
-
- if (p11_buffer_failed (msg.output)) {
- p11_message ("out of memory error putting together message");
- p11_rpc_message_clear (&msg);
- return false;
- }
-
- /* A filled in response */
- if (ret == CKR_OK) {
-
- /*
- * Since we're dealing with many many functions above generating
- * these messages we want to make sure each of them actually
- * does what it's supposed to.
- */
- assert (p11_rpc_message_is_verified (&msg));
- assert (msg.call_type == P11_RPC_RESPONSE);
- assert (msg.call_id == req_id);
- assert (p11_rpc_calls[msg.call_id].response);
- assert (strcmp (p11_rpc_calls[msg.call_id].response, msg.signature) == 0);
-
- /* Fill in an error respnose */
- } else {
- if (!p11_rpc_message_prep (&msg, P11_RPC_CALL_ERROR, P11_RPC_RESPONSE) ||
- !p11_rpc_message_write_ulong (&msg, (uint32_t)ret) ||
- p11_buffer_failed (msg.output)) {
- p11_message ("out of memory responding with error");
- p11_rpc_message_clear (&msg);
- return false;
- }
- }
-
- p11_rpc_message_clear (&msg);
- return true;
-}
-
-int
-p11_kit_remote_serve_module (CK_FUNCTION_LIST *module,
- int in_fd,
- int out_fd)
-{
- p11_rpc_status status;
- unsigned char version;
- p11_virtual virt;
- p11_buffer options;
- p11_buffer buffer;
- size_t state;
- int ret = 1;
- int code;
-
- return_val_if_fail (module != NULL, 1);
-
- p11_buffer_init (&options, 0);
- p11_buffer_init (&buffer, 0);
-
- p11_virtual_init (&virt, &p11_virtual_base, module, NULL);
-
- switch (read (in_fd, &version, 1)) {
- case 0:
- goto out;
- case 1:
- if (version != 0) {
- p11_message ("unspported version received: %d", (int)version);
- goto out;
- }
- break;
- default:
- p11_message_err (errno, "couldn't read credential byte");
- goto out;
- }
-
- version = 0;
- switch (write (out_fd, &version, out_fd)) {
- case 1:
- break;
- default:
- p11_message_err (errno, "couldn't write credential byte");
- goto out;
- }
-
- status = P11_RPC_OK;
- while (status == P11_RPC_OK) {
- state = 0;
- code = 0;
-
- do {
- status = p11_rpc_transport_read (in_fd, &state, &code,
- &options, &buffer);
- } while (status == P11_RPC_AGAIN);
-
- switch (status) {
- case P11_RPC_OK:
- break;
- case P11_RPC_EOF:
- ret = 0;
- continue;
- case P11_RPC_AGAIN:
- assert_not_reached ();
- case P11_RPC_ERROR:
- p11_message_err (errno, "failed to read rpc message");
- goto out;
- }
-
- if (!p11_rpc_server_handle (&virt.funcs, &buffer, &buffer)) {
- p11_message ("unexpected error handling rpc message");
- goto out;
- }
-
- state = 0;
- options.len = 0;
- do {
- status = p11_rpc_transport_write (out_fd, &state, code,
- &options, &buffer);
- } while (status == P11_RPC_AGAIN);
-
- switch (status) {
- case P11_RPC_OK:
- break;
- case P11_RPC_EOF:
- case P11_RPC_AGAIN:
- assert_not_reached ();
- case P11_RPC_ERROR:
- p11_message_err (errno, "failed to write rpc message");
- goto out;
- }
- }
-
-out:
- p11_buffer_uninit (&buffer);
- p11_buffer_uninit (&options);
-
- p11_virtual_uninit (&virt);
-
- return ret;
-}
diff --git a/p11-kit/rpc-transport.c b/p11-kit/rpc-transport.c
deleted file mode 100644
index 5251e11..0000000
--- a/p11-kit/rpc-transport.c
+++ /dev/null
@@ -1,864 +0,0 @@
-/*
- * Copyright (C) 2012 Stefan Walter
- * Copyright (C) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-
-#include "argv.h"
-#include "compat.h"
-#define P11_DEBUG_FLAG P11_DEBUG_RPC
-#include "debug.h"
-#include "message.h"
-#include "pkcs11.h"
-#include "private.h"
-#include "rpc.h"
-#include "rpc-message.h"
-
-#include <sys/types.h>
-
-#include <assert.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef OS_UNIX
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <sys/wait.h>
-#include <sys/un.h>
-#include <signal.h>
-#include <unistd.h>
-#endif
-
-#ifdef OS_WIN32
-#include <winsock2.h>
-#ifndef EWOULDBLOCK
-#define EWOULDBLOCK WSAEWOULDBLOCK
-#endif
-#endif
-
-#ifndef EPROTO
-#define EPROTO EIO
-#endif
-
-typedef struct {
- /* Never changes */
- int fd;
-
- /* Protected by the lock */
- p11_mutex_t write_lock;
- int refs;
- int last_code;
- bool sent_creds;
-
- /* This data is protected by read mutex */
- p11_mutex_t read_lock;
- bool read_creds;
- uint32_t read_code;
- uint32_t read_olen;
- uint32_t read_dlen;
-} rpc_socket;
-
-static rpc_socket *
-rpc_socket_new (int fd)
-{
- rpc_socket *sock;
-
- sock = calloc (1, sizeof (rpc_socket));
- return_val_if_fail (sock != NULL, NULL);
-
- sock->fd = fd;
- sock->last_code = 0x10;
- sock->read_creds = false;
- sock->sent_creds = false;
- sock->refs = 1;
-
- p11_mutex_init (&sock->write_lock);
- p11_mutex_init (&sock->read_lock);
-
- return sock;
-}
-
-#if 0
-static rpc_socket *
-rpc_socket_ref (rpc_socket *sock)
-{
- assert (sock != NULL);
-
- p11_mutex_lock (&sock->write_lock);
- sock->refs++;
- p11_mutex_unlock (&sock->write_lock);
-
- return sock;
-}
-
-static bool
-rpc_socket_is_open (rpc_socket *sock)
-{
- assert (sock != NULL);
- return sock->fd >= 0;
-}
-#endif
-
-static void
-rpc_socket_close (rpc_socket *sock)
-{
- assert (sock != NULL);
- if (sock->fd != -1)
- close (sock->fd);
- sock->fd = -1;
-}
-
-static void
-rpc_socket_unref (rpc_socket *sock)
-{
- int release = 0;
-
- assert (sock != NULL);
-
- p11_mutex_lock (&sock->write_lock);
- if (--sock->refs == 0)
- release = 1;
- p11_mutex_unlock (&sock->write_lock);
-
- if (!release)
- return;
-
- assert (sock != NULL);
- assert (sock->refs == 0);
-
- rpc_socket_close (sock);
- p11_mutex_uninit (&sock->write_lock);
- p11_mutex_uninit (&sock->read_lock);
-}
-
-static bool
-write_all (int fd,
- unsigned char* data,
- size_t len)
-{
- int r;
-
- while (len > 0) {
- r = write (fd, data, len);
- if (r == -1) {
- if (errno == EPIPE) {
- p11_message ("couldn't send data: closed connection");
- return false;
- } else if (errno != EAGAIN && errno != EINTR) {
- p11_message_err (errno, "couldn't send data");
- return false;
- }
- } else {
- p11_debug ("wrote %d bytes", r);
- data += r;
- len -= r;
- }
- }
-
- return true;
-}
-
-static bool
-read_all (int fd,
- unsigned char* data,
- size_t len)
-{
- int r;
-
- while (len > 0) {
- r = read (fd, data, len);
- if (r == 0) {
- p11_message ("couldn't receive data: closed connection");
- return false;
- } else if (r == -1) {
- if (errno != EAGAIN && errno != EINTR) {
- p11_message_err (errno, "couldn't receive data");
- return false;
- }
- } else {
- p11_debug ("read %d bytes", r);
- data += r;
- len -= r;
- }
- }
-
- return true;
-}
-
-static CK_RV
-rpc_socket_write_inlock (rpc_socket *sock,
- int code,
- p11_buffer *options,
- p11_buffer *buffer)
-{
- unsigned char header[12];
- unsigned char dummy = '\0';
-
- /* The socket is locked and referenced at this point */
- assert (buffer != NULL);
-
- /* Place holder byte, will later carry unix credentials (on some systems) */
- if (!sock->sent_creds) {
- if (write_all (sock->fd, &dummy, 1) != 1) {
- p11_message_err (errno, "couldn't send socket credentials");
- return CKR_DEVICE_ERROR;
- }
- sock->sent_creds = true;
- }
-
- p11_rpc_buffer_encode_uint32 (header, code);
- p11_rpc_buffer_encode_uint32 (header + 4, options->len);
- p11_rpc_buffer_encode_uint32 (header + 8, buffer->len);
-
- if (!write_all (sock->fd, header, 12) ||
- !write_all (sock->fd, options->data, options->len) ||
- !write_all (sock->fd, buffer->data, buffer->len))
- return CKR_DEVICE_ERROR;
-
- return CKR_OK;
-}
-
-static p11_rpc_status
-write_at (int fd,
- unsigned char *data,
- size_t len,
- size_t offset,
- size_t *at)
-{
- p11_rpc_status status;
- ssize_t num;
- size_t from;
- int errn;
-
- assert (*at >= offset);
-
- if (*at >= offset + len)
- return P11_RPC_OK;
-
- from = *at - offset;
- assert (from < len);
-
- num = write (fd, data + from, len - from);
- errn = errno;
-
- /* Update state */
- if (num > 0)
- *at += num;
-
- /* Completely written out this block */
- if (num == len - from) {
- p11_debug ("ok: wrote block of %d", (int)num);
- status = P11_RPC_OK;
-
- /* Partially written out this block */
- } else if (num >= 0) {
- p11_debug ("again: partial read of %d", (int)num);
- status = P11_RPC_AGAIN;
-
- /* Didn't write out block due to transient issue */
- } else if (errn == EINTR || errn == EAGAIN || errn == EWOULDBLOCK) {
- p11_debug ("again: due to %d", errn);
- status = P11_RPC_AGAIN;
-
- /* Failure */
- } else {
- p11_debug ("error: due to %d", errn);
- status = P11_RPC_ERROR;
- }
-
- errno = errn;
- return status;
-}
-
-p11_rpc_status
-p11_rpc_transport_write (int fd,
- size_t *state,
- int call_code,
- p11_buffer *options,
- p11_buffer *buffer)
-{
- unsigned char header[12] = { 0, };
- p11_rpc_status status;
-
- assert (state != NULL);
- assert (options != NULL);
- assert (buffer != NULL);
-
- if (*state < 12) {
- p11_rpc_buffer_encode_uint32 (header, call_code);
- p11_rpc_buffer_encode_uint32 (header + 4, options->len);
- p11_rpc_buffer_encode_uint32 (header + 8, buffer->len);
- }
-
- status = write_at (fd, header, 12, 0, state);
-
- if (status == P11_RPC_OK) {
- status = write_at (fd, options->data, options->len,
- 12, state);
- }
-
- if (status == P11_RPC_OK) {
- status = write_at (fd, buffer->data, buffer->len,
- 12 + options->len, state);
- }
-
- /* All done */
- if (status == P11_RPC_OK)
- *state = 0;
-
- return status;
-}
-
-static int
-rpc_socket_read (rpc_socket *sock,
- int *code,
- p11_buffer *buffer)
-{
- CK_RV ret = CKR_DEVICE_ERROR;
- unsigned char header[12];
- unsigned char dummy;
- fd_set rfds;
-
- assert (code != NULL);
- assert (buffer != NULL);
-
- /*
- * We are not in the main socket lock here, but the socket
- * is referenced, and won't go away
- */
-
- p11_mutex_lock (&sock->read_lock);
-
- if (!sock->read_creds) {
- if (read_all (sock->fd, &dummy, 1) != 1) {
- p11_mutex_unlock (&sock->read_lock);
- return CKR_DEVICE_ERROR;
- }
- sock->read_creds = true;
- }
-
- for (;;) {
- /* No message header has been read yet? ... read one in */
- if (sock->read_code == 0) {
- if (!read_all (sock->fd, header, 12))
- break;
-
- /* Decode and check the message header */
- sock->read_code = p11_rpc_buffer_decode_uint32 (header);
- sock->read_olen = p11_rpc_buffer_decode_uint32 (header + 4);
- sock->read_dlen = p11_rpc_buffer_decode_uint32 (header + 8);
- if (sock->read_code == 0) {
- p11_message ("received invalid rpc header values: perhaps wrong protocol");
- break;
- }
- }
-
- /* If it's our header (or caller doesn't care), then yay! */
- if (*code == -1 || sock->read_code == *code) {
-
- /* We ignore the options, so read into the same as buffer */
- if (!p11_buffer_reset (buffer, sock->read_olen) ||
- !p11_buffer_reset (buffer, sock->read_dlen)) {
- warn_if_reached ();
- break;
- }
-
- /* Read in the the options first, and then data */
- if (!read_all (sock->fd, buffer->data, sock->read_olen) ||
- !read_all (sock->fd, buffer->data, sock->read_dlen))
- break;
-
- buffer->len = sock->read_dlen;
- *code = sock->read_code;
-
- /* Yay, we got our data, off we go */
- sock->read_code = 0;
- sock->read_olen = 0;
- sock->read_dlen = 0;
- ret = CKR_OK;
- break;
- }
-
- /* Give another thread the chance to read data for this header */
- if (sock->read_code != 0) {
- p11_debug ("received header in wrong thread");
- p11_mutex_unlock (&sock->read_lock);
-
- /* Used as a simple wait */
- FD_ZERO (&rfds);
- FD_SET (sock->fd, &rfds);
- if (select (sock->fd + 1, &rfds, NULL, NULL, NULL) < 0)
- p11_message ("couldn't use select to wait on rpc socket");
-
- p11_mutex_lock (&sock->read_lock);
- }
- }
-
- p11_mutex_unlock (&sock->read_lock);
- return ret;
-}
-
-static p11_rpc_status
-read_at (int fd,
- unsigned char *data,
- size_t len,
- size_t offset,
- size_t *at)
-{
- p11_rpc_status status;
- int errn;
- ssize_t num;
- size_t from;
-
- assert (*at >= offset);
-
- if (*at >= offset + len)
- return P11_RPC_OK;
-
- from = *at - offset;
- assert (from < len);
-
- num = read (fd, data + from, len - from);
- errn = errno;
-
- /* Update state */
- if (num > 0)
- *at += num;
-
- /* Completely read out this block */
- if (num == len - from) {
- p11_debug ("ok: read block of %d", (int)num);
- status = P11_RPC_OK;
-
- /* Partially read out this block */
- } else if (num > 0) {
- p11_debug ("again: partial read of %d", (int)num);
- status = P11_RPC_AGAIN;
-
- /* End of file, valid if at offset zero */
- } else if (num == 0) {
- if (offset == 0) {
- p11_debug ("eof: read zero bytes");
- status = P11_RPC_EOF;
- } else {
- p11_debug ("error: early truncate");
- errn = EPROTO;
- status = P11_RPC_ERROR;
- }
-
- /* Didn't read out block due to transient issue */
- } else if (errn == EINTR || errn == EAGAIN || errn == EWOULDBLOCK) {
- p11_debug ("again: due to %d", errn);
- status = P11_RPC_AGAIN;
-
- /* Failure */
- } else {
- p11_debug ("error: due to %d", errn);
- status = P11_RPC_ERROR;
- }
-
- errno = errn;
- return status;
-}
-
-p11_rpc_status
-p11_rpc_transport_read (int fd,
- size_t *state,
- int *call_code,
- p11_buffer *options,
- p11_buffer *buffer)
-{
- unsigned char *header;
- p11_rpc_status status;
- size_t len;
-
- assert (state != NULL);
- assert (call_code != NULL);
- assert (options != NULL);
- assert (buffer != NULL);
-
- /* Reading the header, we read it into @buffer */
- if (*state < 12) {
- if (!p11_buffer_reset (buffer, 12))
- return_val_if_reached (P11_RPC_ERROR);
- status = read_at (fd, buffer->data, 12, 0, state);
- if (status != P11_RPC_OK)
- return status;
-
- /* Parse out the header */
- header = buffer->data;
- *call_code = p11_rpc_buffer_decode_uint32 (header);
- len = p11_rpc_buffer_decode_uint32 (header + 4);
- if (!p11_buffer_reset (options, len))
- return_val_if_reached (P11_RPC_ERROR);
- options->len = len;
- len = p11_rpc_buffer_decode_uint32 (header + 8);
- if (!p11_buffer_reset (buffer, len))
- return_val_if_reached (P11_RPC_ERROR);
- buffer->len = len;
- }
-
- /* At this point options has a valid len field */
- status = read_at (fd, options->data, options->len, 12, state);
- if (status == P11_RPC_OK) {
- status = read_at (fd, buffer->data, buffer->len,
- 12 + options->len, state);
- }
-
- if (status == P11_RPC_OK)
- *state = 0;
-
- return status;
-}
-
-struct _p11_rpc_transport {
- p11_rpc_client_vtable vtable;
- p11_destroyer destroyer;
- rpc_socket *socket;
- p11_buffer options;
-};
-
-static void
-rpc_transport_disconnect (p11_rpc_client_vtable *vtable,
- void *init_reserved)
-{
- p11_rpc_transport *rpc = (p11_rpc_transport *)vtable;
-
- if (rpc->socket) {
- rpc_socket_close (rpc->socket);
- rpc_socket_unref (rpc->socket);
- rpc->socket = NULL;
- }
-}
-
-static bool
-rpc_transport_init (p11_rpc_transport *rpc,
- const char *module_name,
- p11_destroyer destroyer)
-{
- rpc->destroyer = destroyer;
-
- p11_buffer_init_null (&rpc->options, 0);
- p11_buffer_add (&rpc->options, module_name, -1);
- return_val_if_fail (p11_buffer_ok (&rpc->options), false);
-
- return true;
-}
-
-static void
-rpc_transport_uninit (p11_rpc_transport *rpc)
-{
- p11_buffer_uninit (&rpc->options);
-}
-
-static CK_RV
-rpc_transport_buffer (p11_rpc_client_vtable *vtable,
- p11_buffer *request,
- p11_buffer *response)
-{
- p11_rpc_transport *rpc = (p11_rpc_transport *)vtable;
- CK_RV rv = CKR_OK;
- rpc_socket *sock;
- int call_code;
-
- assert (rpc != NULL);
- assert (request != NULL);
- assert (response != NULL);
-
- sock = rpc->socket;
- assert (sock != NULL);
-
- p11_mutex_lock (&sock->write_lock);
- assert (sock->refs > 0);
- sock->refs++;
-
- /* Get the next socket reply code */
- call_code = sock->last_code++;
-
- if (sock->fd == -1)
- rv = CKR_DEVICE_ERROR;
- if (rv == CKR_OK)
- rv = rpc_socket_write_inlock (sock, call_code, &rpc->options, request);
-
- /* We unlock the socket mutex while reading a response */
- if (rv == CKR_OK) {
- p11_mutex_unlock (&sock->write_lock);
-
- rv = rpc_socket_read (sock, &call_code, response);
-
- p11_mutex_lock (&sock->write_lock);
- }
-
- if (rv != CKR_OK && sock->fd != -1) {
- p11_message ("closing socket due to protocol failure");
- close (sock->fd);
- sock->fd = -1;
- }
-
- sock->refs--;
- assert (sock->refs > 0);
- p11_mutex_unlock (&sock->write_lock);
-
- return rv;
-}
-
-#ifdef OS_UNIX
-
-typedef struct {
- p11_rpc_transport base;
- p11_array *argv;
- pid_t pid;
-} rpc_exec;
-
-static void
-rpc_exec_wait_or_terminate (pid_t pid)
-{
- bool terminated = false;
- int status;
- int sig;
- int ret;
- int i;
-
-
- for (i = 0; i < 3 * 1000; i += 100) {
- ret = waitpid (pid, &status, WNOHANG);
- if (ret != 0)
- break;
- p11_sleep_ms (100);
- }
-
- if (ret == 0) {
- p11_message ("process %d did not exit, terminating", (int)pid);
- kill (pid, SIGTERM);
- terminated = true;
- ret = waitpid (pid, &status, 0);
- }
-
- if (ret < 0) {
- p11_message_err (errno, "failed to wait for executed child: %d", (int)pid);
- status = 0;
- } else if (WIFEXITED (status)) {
- status = WEXITSTATUS (status);
- if (status == 0)
- p11_debug ("process %d exited with status 0", (int)pid);
- else
- p11_message ("process %d exited with status %d", (int)pid, status);
- } else if (WIFSIGNALED (status)) {
- sig = WTERMSIG (status);
- if (!terminated || sig != SIGTERM)
- p11_message ("process %d was terminated with signal %d", (int)pid, sig);
- }
-}
-
-static void
-rpc_exec_disconnect (p11_rpc_client_vtable *vtable,
- void *fini_reserved)
-{
- rpc_exec *rex = (rpc_exec *)vtable;
-
- if (rex->base.socket)
- rpc_socket_close (rex->base.socket);
-
- if (rex->pid)
- rpc_exec_wait_or_terminate (rex->pid);
- rex->pid = 0;
-
- /* Do the common disconnect stuff */
- rpc_transport_disconnect (vtable, fini_reserved);
-}
-
-static int
-set_cloexec_on_fd (void *data,
- int fd)
-{
- int *max_fd = data;
- if (fd >= *max_fd)
- fcntl (fd, F_SETFD, FD_CLOEXEC);
- return 0;
-}
-
-static CK_RV
-rpc_exec_connect (p11_rpc_client_vtable *vtable,
- void *init_reserved)
-{
- rpc_exec *rex = (rpc_exec *)vtable;
- pid_t pid;
- int max_fd;
- int fds[2];
- int errn;
-
- p11_debug ("executing rpc transport: %s", (char *)rex->argv->elem[0]);
-
- if (socketpair (AF_UNIX, SOCK_STREAM, 0, fds) < 0) {
- p11_message_err (errno, "failed to create pipe for remote");
- return CKR_DEVICE_ERROR;
- }
-
- pid = fork ();
- switch (pid) {
-
- /* Failure */
- case -1:
- close (fds[0]);
- close (fds[1]);
- p11_message_err (errno, "failed to fork for remote");
- return CKR_DEVICE_ERROR;
-
- /* Child */
- case 0:
- if (dup2 (fds[1], STDIN_FILENO) < 0 ||
- dup2 (fds[1], STDOUT_FILENO) < 0) {
- errn = errno;
- p11_message_err (errn, "couldn't dup file descriptors in remote child");
- _exit (errn);
- }
-
- /* Close file descriptors, except for above on exec */
- max_fd = STDERR_FILENO + 1;
- fdwalk (set_cloexec_on_fd, &max_fd);
- execvp (rex->argv->elem[0], (char **)rex->argv->elem);
-
- errn = errno;
- p11_message_err (errn, "couldn't execute program for rpc: %s",
- (char *)rex->argv->elem[0]);
- _exit (errn);
-
- /* The parent */
- default:
- break;
- }
-
- close (fds[1]);
- rex->pid = pid;
- rex->base.socket = rpc_socket_new (fds[0]);
- return_val_if_fail (rex->base.socket != NULL, CKR_GENERAL_ERROR);
-
- return CKR_OK;
-}
-
-static void
-rpc_exec_free (void *data)
-{
- rpc_exec *rex = data;
- rpc_exec_disconnect (data, NULL);
- rpc_transport_uninit (&rex->base);
- p11_array_free (rex->argv);
- free (rex);
-}
-
-static void
-on_argv_parsed (char *argument,
- void *data)
-{
- p11_array *argv = data;
-
- if (!p11_array_push (argv, strdup (argument)))
- return_if_reached ();
-}
-
-static p11_rpc_transport *
-rpc_exec_init (const char *remote,
- const char *name)
-{
- p11_array *argv;
- rpc_exec *rex;
-
- argv = p11_array_new (free);
- if (!p11_argv_parse (remote, on_argv_parsed, argv) || argv->num < 1) {
- p11_message ("invalid remote command line: %s", remote);
- p11_array_free (argv);
- return NULL;
- }
-
- rex = calloc (1, sizeof (rpc_exec));
- return_val_if_fail (rex != NULL, NULL);
-
- p11_array_push (argv, NULL);
- rex->argv = argv;
-
- rex->base.vtable.connect = rpc_exec_connect;
- rex->base.vtable.disconnect = rpc_exec_disconnect;
- rex->base.vtable.transport = rpc_transport_buffer;
- rpc_transport_init (&rex->base, name, rpc_exec_free);
-
- p11_debug ("initialized rpc exec: %s", remote);
- return &rex->base;
-}
-
-#endif /* OS_UNIX */
-
-p11_rpc_transport *
-p11_rpc_transport_new (p11_virtual *virt,
- const char *remote,
- const char *name)
-{
- p11_rpc_transport *rpc = NULL;
-
- return_val_if_fail (virt != NULL, NULL);
- return_val_if_fail (remote != NULL, NULL);
- return_val_if_fail (name != NULL, NULL);
-
-#ifdef OS_WIN32
- p11_message ("Windows not yet supported for remote");
- return NULL;
-#endif
-
- /* This is a command we can execute */
- if (remote[0] == '|') {
- rpc = rpc_exec_init (remote + 1, name);
-
- } else {
- p11_message ("remote not supported: %s", remote);
- return NULL;
- }
-
- if (!p11_rpc_client_init (virt, &rpc->vtable))
- return_val_if_reached (NULL);
-
- return rpc;
-}
-
-void
-p11_rpc_transport_free (void *data)
-{
- p11_rpc_transport *rpc = data;
-
- if (rpc != NULL) {
- assert (rpc->destroyer);
- (rpc->destroyer) (data);
- }
-}
diff --git a/p11-kit/rpc.h b/p11-kit/rpc.h
deleted file mode 100644
index b129e61..0000000
--- a/p11-kit/rpc.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Copyright (C) 2012 Stefan Walter
- * Copyright (C) 2013 Stefan Walter
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#ifndef __P11_RPC_H__
-#define __P11_RPC_H__
-
-#include "pkcs11.h"
-#include "buffer.h"
-#include "virtual.h"
-
-typedef struct _p11_rpc_client_vtable p11_rpc_client_vtable;
-
-struct _p11_rpc_client_vtable {
- void *data;
-
- CK_RV (* connect) (p11_rpc_client_vtable *vtable,
- void *init_reserved);
-
- CK_RV (* transport) (p11_rpc_client_vtable *vtable,
- p11_buffer *request,
- p11_buffer *response);
-
- void (* disconnect) (p11_rpc_client_vtable *vtable,
- void *fini_reserved);
-};
-
-bool p11_rpc_client_init (p11_virtual *virt,
- p11_rpc_client_vtable *vtable);
-
-bool p11_rpc_server_handle (CK_X_FUNCTION_LIST *funcs,
- p11_buffer *request,
- p11_buffer *response);
-
-extern CK_MECHANISM_TYPE * p11_rpc_mechanisms_override_supported;
-
-typedef struct _p11_rpc_transport p11_rpc_transport;
-
-p11_rpc_transport * p11_rpc_transport_new (p11_virtual *virt,
- const char *remote,
- const char *name);
-
-void p11_rpc_transport_free (void *transport);
-
-typedef enum {
- P11_RPC_OK,
- P11_RPC_EOF,
- P11_RPC_AGAIN,
- P11_RPC_ERROR
-} p11_rpc_status;
-
-p11_rpc_status p11_rpc_transport_read (int fd,
- size_t *state,
- int *call_code,
- p11_buffer *options,
- p11_buffer *buffer);
-
-p11_rpc_status p11_rpc_transport_write (int fd,
- size_t *state,
- int call_code,
- p11_buffer *options,
- p11_buffer *buffer);
-
-#endif /* __P11_RPC_H__ */
diff --git a/p11-kit/test-conf.c b/p11-kit/test-conf.c
deleted file mode 100644
index 94b8b01..0000000
--- a/p11-kit/test-conf.c
+++ /dev/null
@@ -1,456 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "conf.h"
-#include "debug.h"
-#include "message.h"
-#include "p11-kit.h"
-#include "private.h"
-
-#ifdef OS_UNIX
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <unistd.h>
-#endif
-
-static void
-test_parse_conf_1 (void)
-{
- p11_dict *map;
- const char *value;
-
- map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/test-1.conf", NULL, 0);
- assert_ptr_not_null (map);
-
- value = p11_dict_get (map, "key1");
- assert_str_eq ("value1", value);
-
- value = p11_dict_get (map, "with-colon");
- assert_str_eq ("value-of-colon", value);
-
- value = p11_dict_get (map, "with-whitespace");
- assert_str_eq ("value-with-whitespace", value);
-
- value = p11_dict_get (map, "embedded-comment");
- assert_str_eq ("this is # not a comment", value);
-
- p11_dict_free (map);
-}
-
-static void
-test_parse_ignore_missing (void)
-{
- p11_dict *map;
-
- map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, CONF_IGNORE_MISSING);
- assert_ptr_not_null (map);
-
- assert_num_eq (0, p11_dict_size (map));
- assert (p11_message_last () == NULL);
- p11_dict_free (map);
-}
-
-static void
-test_parse_fail_missing (void)
-{
- p11_dict *map;
-
- map = _p11_conf_parse_file (SRCDIR "/p11-kit/fixtures/non-existant.conf", NULL, 0);
- assert (map == NULL);
- assert_ptr_not_null (p11_message_last ());
-}
-
-static void
-test_merge_defaults (void)
-{
- p11_dict *values;
- p11_dict *defaults;
-
- values = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free);
- defaults = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free);
-
- p11_dict_set (values, strdup ("one"), strdup ("real1"));
- p11_dict_set (values, strdup ("two"), strdup ("real2"));
-
- p11_dict_set (defaults, strdup ("two"), strdup ("default2"));
- p11_dict_set (defaults, strdup ("three"), strdup ("default3"));
-
- if (!_p11_conf_merge_defaults (values, defaults))
- assert_not_reached ();
-
- p11_dict_free (defaults);
-
- assert_str_eq (p11_dict_get (values, "one"), "real1");
- assert_str_eq (p11_dict_get (values, "two"), "real2");
- assert_str_eq (p11_dict_get (values, "three"), "default3");
-
- p11_dict_free (values);
-}
-
-static void
-test_load_globals_merge (void)
-{
- int user_mode = -1;
- p11_dict *config;
-
- p11_message_clear ();
-
- config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf",
- SRCDIR "/p11-kit/fixtures/test-user.conf",
- &user_mode);
- assert_ptr_not_null (config);
- assert (NULL == p11_message_last ());
- assert_num_eq (CONF_USER_MERGE, user_mode);
-
- assert_str_eq (p11_dict_get (config, "key1"), "system1");
- assert_str_eq (p11_dict_get (config, "key2"), "user2");
- assert_str_eq (p11_dict_get (config, "key3"), "user3");
-
- p11_dict_free (config);
-}
-
-static void
-test_load_globals_no_user (void)
-{
- int user_mode = -1;
- p11_dict *config;
-
- p11_message_clear ();
-
- config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-none.conf",
- SRCDIR "/p11-kit/fixtures/test-user.conf",
- &user_mode);
- assert_ptr_not_null (config);
- assert (NULL == p11_message_last ());
- assert_num_eq (CONF_USER_NONE, user_mode);
-
- assert_str_eq (p11_dict_get (config, "key1"), "system1");
- assert_str_eq (p11_dict_get (config, "key2"), "system2");
- assert_str_eq (p11_dict_get (config, "key3"), "system3");
-
- p11_dict_free (config);
-}
-
-static void
-test_load_globals_user_sets_only (void)
-{
- int user_mode = -1;
- p11_dict *config;
-
- p11_message_clear ();
-
- config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf",
- SRCDIR "/p11-kit/fixtures/test-user-only.conf",
- &user_mode);
- assert_ptr_not_null (config);
- assert (NULL == p11_message_last ());
- assert_num_eq (CONF_USER_ONLY, user_mode);
-
- assert (p11_dict_get (config, "key1") == NULL);
- assert_str_eq (p11_dict_get (config, "key2"), "user2");
- assert_str_eq (p11_dict_get (config, "key3"), "user3");
-
- p11_dict_free (config);
-}
-
-static void
-test_load_globals_system_sets_only (void)
-{
- int user_mode = -1;
- p11_dict *config;
-
- p11_message_clear ();
-
- config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-only.conf",
- SRCDIR "/p11-kit/fixtures/test-user.conf",
- &user_mode);
- assert_ptr_not_null (config);
- assert (NULL == p11_message_last ());
- assert_num_eq (CONF_USER_ONLY, user_mode);
-
- assert (p11_dict_get (config, "key1") == NULL);
- assert_str_eq (p11_dict_get (config, "key2"), "user2");
- assert_str_eq (p11_dict_get (config, "key3"), "user3");
-
- p11_dict_free (config);
-}
-
-static void
-test_load_globals_system_sets_invalid (void)
-{
- int user_mode = -1;
- p11_dict *config;
- int error;
-
- p11_message_clear ();
-
- config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-invalid.conf",
- SRCDIR "/p11-kit/fixtures/non-existant.conf",
- &user_mode);
- error = errno;
- assert_ptr_eq (NULL, config);
- assert_num_eq (EINVAL, error);
- assert_ptr_not_null (p11_message_last ());
-
- p11_dict_free (config);
-}
-
-static void
-test_load_globals_user_sets_invalid (void)
-{
- int user_mode = -1;
- p11_dict *config;
- int error;
-
- p11_message_clear ();
-
- config = _p11_conf_load_globals (SRCDIR "/p11-kit/fixtures/test-system-merge.conf",
- SRCDIR "/p11-kit/fixtures/test-user-invalid.conf",
- &user_mode);
- error = errno;
- assert_ptr_eq (NULL, config);
- assert_num_eq (EINVAL, error);
- assert_ptr_not_null (p11_message_last ());
-
- p11_dict_free (config);
-}
-
-static bool
-assert_msg_contains (const char *msg,
- const char *text)
-{
- return (msg && strstr (msg, text)) ? true : false;
-}
-
-static void
-test_load_modules_merge (void)
-{
- p11_dict *configs;
- p11_dict *config;
-
- p11_message_clear ();
-
- configs = _p11_conf_load_modules (CONF_USER_MERGE,
- SRCDIR "/p11-kit/fixtures/package-modules",
- SRCDIR "/p11-kit/fixtures/system-modules",
- SRCDIR "/p11-kit/fixtures/user-modules");
- assert_ptr_not_null (configs);
- assert (assert_msg_contains (p11_message_last (), "invalid config filename"));
-
- config = p11_dict_get (configs, "one");
- assert_ptr_not_null (config);
- assert_str_eq ("mock-one.so", p11_dict_get (config, "module"));
- assert_str_eq (p11_dict_get (config, "setting"), "user1");
-
- config = p11_dict_get (configs, "two.badname");
- assert_ptr_not_null (config);
- assert_str_eq ("mock-two.so", p11_dict_get (config, "module"));
- assert_str_eq (p11_dict_get (config, "setting"), "system2");
-
- config = p11_dict_get (configs, "three");
- assert_ptr_not_null (config);
- assert_str_eq ("mock-three.so", p11_dict_get (config, "module"));
- assert_str_eq (p11_dict_get (config, "setting"), "user3");
-
- p11_dict_free (configs);
-}
-
-static void
-test_load_modules_user_none (void)
-{
- p11_dict *configs;
- p11_dict *config;
-
- p11_message_clear ();
-
- configs = _p11_conf_load_modules (CONF_USER_NONE,
- SRCDIR "/p11-kit/fixtures/package-modules",
- SRCDIR "/p11-kit/fixtures/system-modules",
- SRCDIR "/p11-kit/fixtures/user-modules");
- assert_ptr_not_null (configs);
- assert (assert_msg_contains (p11_message_last (), "invalid config filename"));
-
- config = p11_dict_get (configs, "one");
- assert_ptr_not_null (config);
- assert_str_eq ("mock-one.so", p11_dict_get (config, "module"));
- assert_str_eq (p11_dict_get (config, "setting"), "system1");
-
- config = p11_dict_get (configs, "two.badname");
- assert_ptr_not_null (config);
- assert_str_eq ("mock-two.so", p11_dict_get (config, "module"));
- assert_str_eq (p11_dict_get (config, "setting"), "system2");
-
- config = p11_dict_get (configs, "three");
- assert_ptr_eq (NULL, config);
-
- p11_dict_free (configs);
-}
-
-static void
-test_load_modules_user_only (void)
-{
- p11_dict *configs;
- p11_dict *config;
-
- p11_message_clear ();
-
- configs = _p11_conf_load_modules (CONF_USER_ONLY,
- SRCDIR "/p11-kit/fixtures/package-modules",
- SRCDIR "/p11-kit/fixtures/system-modules",
- SRCDIR "/p11-kit/fixtures/user-modules");
- assert_ptr_not_null (configs);
- assert_ptr_eq (NULL, (void *)p11_message_last ());
-
- config = p11_dict_get (configs, "one");
- assert_ptr_not_null (config);
- assert (p11_dict_get (config, "module") == NULL);
- assert_str_eq (p11_dict_get (config, "setting"), "user1");
-
- config = p11_dict_get (configs, "two.badname");
- assert_ptr_eq (NULL, config);
-
- config = p11_dict_get (configs, "three");
- assert_ptr_not_null (config);
- assert_str_eq ("mock-three.so", p11_dict_get (config, "module"));
- assert_str_eq (p11_dict_get (config, "setting"), "user3");
-
- p11_dict_free (configs);
-}
-
-static void
-test_load_modules_no_user (void)
-{
- p11_dict *configs;
- p11_dict *config;
-
- p11_message_clear ();
-
- configs = _p11_conf_load_modules (CONF_USER_MERGE,
- SRCDIR "/p11-kit/fixtures/package-modules",
- SRCDIR "/p11-kit/fixtures/system-modules",
- SRCDIR "/p11-kit/fixtures/non-existant");
- assert_ptr_not_null (configs);
- assert (assert_msg_contains (p11_message_last (), "invalid config filename"));
-
- config = p11_dict_get (configs, "one");
- assert_ptr_not_null (config);
- assert_str_eq ("mock-one.so", p11_dict_get (config, "module"));
- assert_str_eq (p11_dict_get (config, "setting"), "system1");
-
- config = p11_dict_get (configs, "two.badname");
- assert_ptr_not_null (config);
- assert_str_eq ("mock-two.so", p11_dict_get (config, "module"));
- assert_str_eq (p11_dict_get (config, "setting"), "system2");
-
- config = p11_dict_get (configs, "three");
- assert_ptr_eq (NULL, config);
-
- p11_dict_free (configs);
-}
-
-static void
-test_parse_boolean (void)
-{
- p11_message_quiet ();
-
- assert_num_eq (true, _p11_conf_parse_boolean ("yes", false));
- assert_num_eq (false, _p11_conf_parse_boolean ("no", true));
- assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true));
-}
-
-#ifdef OS_UNIX
-
-static void
-test_setuid (void)
-{
- const char *args[] = { BUILDDIR "/frob-setuid", NULL, };
- char *path;
- int ret;
-
- /* This is the 'number' setting set in one.module user configuration. */
- ret = p11_test_run_child (args, true);
- assert_num_eq (ret, 33);
-
- path = p11_test_copy_setgid (args[0]);
- if (path == NULL)
- return;
-
- args[0] = path;
-
- /* This is the 'number' setting set in one.module system configuration. */
- ret = p11_test_run_child (args, true);
- assert_num_eq (ret, 18);
-
- if (unlink (path) < 0)
- assert_fail ("unlink failed", strerror (errno));
- free (path);
-}
-
-#endif /* OS_UNIX */
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_parse_conf_1, "/conf/test_parse_conf_1");
- p11_test (test_parse_ignore_missing, "/conf/test_parse_ignore_missing");
- p11_test (test_parse_fail_missing, "/conf/test_parse_fail_missing");
- p11_test (test_merge_defaults, "/conf/test_merge_defaults");
- p11_test (test_load_globals_merge, "/conf/test_load_globals_merge");
- p11_test (test_load_globals_no_user, "/conf/test_load_globals_no_user");
- p11_test (test_load_globals_system_sets_only, "/conf/test_load_globals_system_sets_only");
- p11_test (test_load_globals_user_sets_only, "/conf/test_load_globals_user_sets_only");
- p11_test (test_load_globals_system_sets_invalid, "/conf/test_load_globals_system_sets_invalid");
- p11_test (test_load_globals_user_sets_invalid, "/conf/test_load_globals_user_sets_invalid");
- p11_test (test_load_modules_merge, "/conf/test_load_modules_merge");
- p11_test (test_load_modules_no_user, "/conf/test_load_modules_no_user");
- p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only");
- p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none");
- p11_test (test_parse_boolean, "/conf/test_parse_boolean");
-#ifdef OS_UNIX
- /* Don't run this test when under fakeroot */
- if (!getenv ("FAKED_MODE")) {
- p11_test (test_setuid, "/conf/setuid");
- }
-#endif
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-deprecated.c b/p11-kit/test-deprecated.c
deleted file mode 100644
index c8b8001..0000000
--- a/p11-kit/test-deprecated.c
+++ /dev/null
@@ -1,513 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- * Copyright (c) 2012 Red Hat Inc
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#define P11_KIT_NO_DEPRECATIONS
-
-#include "config.h"
-#include "test.h"
-
-#include "dict.h"
-#include "library.h"
-#include "p11-kit.h"
-#include "private.h"
-#include "mock.h"
-
-#include <sys/types.h>
-
-#include <assert.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-
-static CK_FUNCTION_LIST_PTR_PTR
-initialize_and_get_modules (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
- CK_RV rv;
-
- rv = p11_kit_initialize_registered ();
- assert_num_eq (CKR_OK, rv);
- modules = p11_kit_registered_modules ();
- assert (modules != NULL && modules[0] != NULL);
-
- return modules;
-}
-
-static void
-finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules)
-{
- CK_RV rv;
-
- free (modules);
- rv = p11_kit_finalize_registered ();
- assert_num_eq (CKR_OK, rv);
-
-}
-
-static void
-test_no_duplicates (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
- p11_dict *paths;
- p11_dict *funcs;
- char *path;
- int i;
-
- modules = initialize_and_get_modules ();
- paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
- funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL);
-
- /* The loaded modules should not contain duplicates */
- for (i = 0; modules[i] != NULL; i++) {
- path = p11_kit_registered_option (modules[i], "module");
-
- if (p11_dict_get (funcs, modules[i]))
- assert_fail ("found duplicate function list pointer", NULL);
- if (p11_dict_get (paths, path))
- assert_fail ("found duplicate path name", NULL);
-
- if (!p11_dict_set (funcs, modules[i], ""))
- assert_not_reached ();
- if (!p11_dict_set (paths, path, ""))
- assert_not_reached ();
-
- free (path);
- }
-
- p11_dict_free (paths);
- p11_dict_free (funcs);
- finalize_and_free_modules (modules);
-}
-
-static CK_FUNCTION_LIST_PTR
-lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules,
- const char *name)
-{
- CK_FUNCTION_LIST_PTR match = NULL;
- CK_FUNCTION_LIST_PTR module;
- char *module_name;
- int i;
-
- for (i = 0; match == NULL && modules[i] != NULL; i++) {
- module_name = p11_kit_registered_module_to_name (modules[i]);
- assert_ptr_not_null (module_name);
- if (strcmp (module_name, name) == 0)
- match = modules[i];
- free (module_name);
- }
-
- /*
- * As a side effect, we should check that the results of this function
- * matches the above search.
- */
- module = p11_kit_registered_name_to_module (name);
- if (module != match)
- assert_fail ("different result from p11_kit_registered_name_to_module()", NULL);
-
- return match;
-}
-
-static void
-test_disable (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
-
- /*
- * The module four should be present, as we don't match any prognames
- * that it has disabled.
- */
-
- modules = initialize_and_get_modules ();
- assert (lookup_module_with_name (modules, "four") != NULL);
- finalize_and_free_modules (modules);
-
- /*
- * The module two shouldn't have been loaded, because in its config
- * file we have:
- *
- * disable-in: test-disable
- */
-
- p11_kit_set_progname ("test-disable");
-
- modules = initialize_and_get_modules ();
- assert (lookup_module_with_name (modules, "four") == NULL);
- finalize_and_free_modules (modules);
-
- p11_kit_set_progname (NULL);
-}
-
-static void
-test_disable_later (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
- CK_RV rv;
-
- /*
- * The module two shouldn't be matched, because in its config
- * file we have:
- *
- * disable-in: test-disable
- */
-
- rv = p11_kit_initialize_registered ();
- assert_num_eq (CKR_OK, rv);
-
- p11_kit_set_progname ("test-disable");
-
- modules = p11_kit_registered_modules ();
- assert (modules != NULL && modules[0] != NULL);
-
- assert (lookup_module_with_name (modules, "two") == NULL);
- finalize_and_free_modules (modules);
-
- p11_kit_set_progname (NULL);
-}
-
-static void
-test_enable (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
-
- /*
- * The module three should not be present, as we don't match the current
- * program.
- */
-
- modules = initialize_and_get_modules ();
- assert (lookup_module_with_name (modules, "three") == NULL);
- finalize_and_free_modules (modules);
-
- /*
- * The module three should be loaded here , because in its config
- * file we have:
- *
- * enable-in: test-enable
- */
-
- p11_kit_set_progname ("test-enable");
-
- modules = initialize_and_get_modules ();
- assert (lookup_module_with_name (modules, "three") != NULL);
- finalize_and_free_modules (modules);
-
- p11_kit_set_progname (NULL);
-}
-
-CK_FUNCTION_LIST module;
-
-#ifdef OS_UNIX
-
-#include <sys/wait.h>
-
-static CK_RV
-mock_C_Initialize__with_fork (CK_VOID_PTR init_args)
-{
- struct timespec ts = { 0, 100 * 1000 * 1000 };
- CK_RV rv;
- pid_t child;
- pid_t ret;
- int status;
-
- rv = mock_C_Initialize (init_args);
- assert (rv == CKR_OK);
-
- /* Fork during the initialization */
- child = fork ();
- if (child == 0) {
- close (1);
- nanosleep (&ts, NULL);
- exit (66);
- }
-
- ret = waitpid (child, &status, 0);
- assert (ret == child);
- assert (WIFEXITED (status));
- assert (WEXITSTATUS (status) == 66);
-
- return CKR_OK;
-}
-
-static void
-test_fork_initialization (void)
-{
- CK_RV rv;
-
- assert (!mock_module_initialized ());
-
- /* Build up our own function list */
- memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
- module.C_Initialize = mock_C_Initialize__with_fork;
-
- rv = p11_kit_initialize_module (&module);
- assert (rv == CKR_OK);
-
- rv = p11_kit_finalize_module (&module);
- assert (rv == CKR_OK);
-
- assert (!mock_module_initialized ());
-}
-
-#endif /* OS_UNIX */
-
-static CK_RV
-mock_C_Initialize__with_recursive (CK_VOID_PTR init_args)
-{
- /* Recursively initialize, this is broken */
- return p11_kit_initialize_module (&module);
-}
-
-static void
-test_recursive_initialization (void)
-{
- CK_RV rv;
-
- assert (!mock_module_initialized ());
-
- /* Build up our own function list */
- memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
- module.C_Initialize = mock_C_Initialize__with_recursive;
-
- rv = p11_kit_initialize_module (&module);
- assert (rv == CKR_FUNCTION_FAILED);
-
- assert (!mock_module_initialized ());
-}
-
-static p11_mutex_t race_mutex;
-static int initialization_count = 0;
-static int finalization_count = 0;
-
-static CK_RV
-mock_C_Initialize__threaded_race (CK_VOID_PTR init_args)
-{
- /* Atomically increment value */
- p11_mutex_lock (&race_mutex);
- initialization_count += 1;
- p11_mutex_unlock (&race_mutex);
-
- p11_sleep_ms (100);
- return CKR_OK;
-}
-
-static CK_RV
-mock_C_Finalize__threaded_race (CK_VOID_PTR reserved)
-{
- /* Atomically increment value */
- p11_mutex_lock (&race_mutex);
- finalization_count += 1;
- p11_mutex_unlock (&race_mutex);
-
- p11_sleep_ms (100);
- return CKR_OK;
-}
-
-static void *
-initialization_thread (void *data)
-{
- CK_RV rv;
-
- assert_str_eq (data, "thread-data");
- rv = p11_kit_initialize_module (&module);
- assert (rv == CKR_OK);
-
- return "thread-data";
-}
-
-static void *
-finalization_thread (void *data)
-{
- CK_RV rv;
-
- assert_str_eq (data, "thread-data");
- rv = p11_kit_finalize_module (&module);
- assert (rv == CKR_OK);
-
- return "thread-data";
-}
-
-static void
-test_threaded_initialization (void)
-{
- static const int num_threads = 2;
- p11_thread_t threads[num_threads];
- int ret;
- int i;
-
- assert (!mock_module_initialized ());
-
- /* Build up our own function list */
- memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
- module.C_Initialize = mock_C_Initialize__threaded_race;
- module.C_Finalize = mock_C_Finalize__threaded_race;
-
- p11_mutex_lock (&race_mutex);
- initialization_count = 0;
- finalization_count = 0;
- p11_mutex_unlock (&race_mutex);
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_create (&threads[i], initialization_thread, "thread-data");
- assert_num_eq (0, ret);
- assert (threads[i] != 0);
- }
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_join (threads[i]);
- assert_num_eq (0, ret);
- threads[i] = 0;
- }
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_create (&threads[i], finalization_thread, "thread-data");
- assert_num_eq (0, ret);
- assert (threads[i] != 0);
- }
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_join (threads[i]);
- assert_num_eq (0, ret);
- threads[i] = 0;
- }
-
- /* C_Initialize should have been called exactly once */
- p11_mutex_lock (&race_mutex);
- assert_num_eq (1, initialization_count);
- assert_num_eq (1, finalization_count);
- p11_mutex_unlock (&race_mutex);
-
- assert (!mock_module_initialized ());
-}
-
-static CK_RV
-mock_C_Initialize__test_mutexes (CK_VOID_PTR args)
-{
- CK_C_INITIALIZE_ARGS_PTR init_args;
- void *mutex = NULL;
- CK_RV rv;
-
- rv = mock_C_Initialize (NULL);
- if (rv != CKR_OK)
- return rv;
-
- assert (args != NULL);
- init_args = args;
-
- rv = (init_args->CreateMutex) (&mutex);
- assert (rv == CKR_OK);
-
- rv = (init_args->LockMutex) (mutex);
- assert (rv == CKR_OK);
-
- rv = (init_args->UnlockMutex) (mutex);
- assert (rv == CKR_OK);
-
- rv = (init_args->DestroyMutex) (mutex);
- assert (rv == CKR_OK);
-
- return CKR_OK;
-}
-
-static void
-test_mutexes (void)
-{
- CK_RV rv;
-
- assert (!mock_module_initialized ());
-
- /* Build up our own function list */
- memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
- module.C_Initialize = mock_C_Initialize__test_mutexes;
-
- rv = p11_kit_initialize_module (&module);
- assert (rv == CKR_OK);
-
- rv = p11_kit_finalize_module (&module);
- assert (rv == CKR_OK);
-
- assert (!mock_module_initialized ());
-}
-
-static void
-test_load_and_initialize (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_INFO info;
- CK_RV rv;
- int ret;
-
- rv = p11_kit_load_initialize_module (BUILDDIR "/.libs/mock-one" SHLEXT, &module);
- assert (rv == CKR_OK);
- assert (module != NULL);
-
- rv = (module->C_GetInfo) (&info);
- assert (rv == CKR_OK);
-
- ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32);
- assert (ret == 0);
-
- rv = p11_kit_finalize_module (module);
- assert_num_eq (rv, CKR_OK);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_mutex_init (&race_mutex);
- mock_module_init ();
- p11_library_init ();
-
- p11_test (test_no_duplicates, "/deprecated/test_no_duplicates");
- p11_test (test_disable, "/deprecated/test_disable");
- p11_test (test_disable_later, "/deprecated/test_disable_later");
- p11_test (test_enable, "/deprecated/test_enable");
-
-#ifdef OS_UNIX
- p11_test (test_fork_initialization, "/deprecated/test_fork_initialization");
-#endif
-
- p11_test (test_recursive_initialization, "/deprecated/test_recursive_initialization");
- p11_test (test_threaded_initialization, "/deprecated/test_threaded_initialization");
- p11_test (test_mutexes, "/deprecated/test_mutexes");
- p11_test (test_load_and_initialize, "/deprecated/test_load_and_initialize");
-
- p11_kit_be_quiet ();
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-init.c b/p11-kit/test-init.c
deleted file mode 100644
index c4fcecb..0000000
--- a/p11-kit/test-init.c
+++ /dev/null
@@ -1,420 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <sys/types.h>
-
-#include "library.h"
-#include "mock.h"
-#include "modules.h"
-#include "p11-kit.h"
-#include "private.h"
-#include "virtual.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-
-static CK_FUNCTION_LIST module;
-static p11_mutex_t race_mutex;
-
-#ifdef OS_UNIX
-
-#include <sys/wait.h>
-
-static CK_RV
-mock_C_Initialize__with_fork (CK_VOID_PTR init_args)
-{
- struct timespec ts = { 0, 100 * 1000 * 1000 };
- CK_RV rv;
- pid_t child;
- pid_t ret;
- int status;
-
- rv = mock_C_Initialize (init_args);
- assert (rv == CKR_OK);
-
- /* Fork during the initialization */
- child = fork ();
- if (child == 0) {
- close (1);
- nanosleep (&ts, NULL);
- exit (66);
- }
-
- ret = waitpid (child, &status, 0);
- assert (ret == child);
- assert (WIFEXITED (status));
- assert (WEXITSTATUS (status) == 66);
-
- return CKR_OK;
-}
-
-static void
-test_fork_initialization (void)
-{
- CK_FUNCTION_LIST_PTR result;
- CK_RV rv;
-
- mock_module_reset ();
-
- /* Build up our own function list */
- memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
- module.C_Initialize = mock_C_Initialize__with_fork;
-
- p11_lock ();
-
- rv = p11_module_load_inlock_reentrant (&module, 0, &result);
- assert (rv == CKR_OK);
-
- p11_unlock ();
-
- rv = p11_kit_module_initialize (result);
- assert (rv == CKR_OK);
-
- rv = p11_kit_module_finalize (result);
- assert (rv == CKR_OK);
-
- p11_lock ();
-
- rv = p11_module_release_inlock_reentrant (result);
- assert (rv == CKR_OK);
-
- p11_unlock ();
-}
-
-#endif /* OS_UNIX */
-
-static CK_FUNCTION_LIST *recursive_managed;
-
-static CK_RV
-mock_C_Initialize__with_recursive (CK_VOID_PTR init_args)
-{
- CK_RV rv;
-
- rv = mock_C_Initialize (init_args);
- assert (rv == CKR_OK);
-
- return p11_kit_module_initialize (recursive_managed);
-}
-
-static void
-test_recursive_initialization (void)
-{
- CK_RV rv;
-
- /* Build up our own function list */
- memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
- module.C_Initialize = mock_C_Initialize__with_recursive;
-
- p11_kit_be_quiet ();
-
- p11_lock ();
-
- rv = p11_module_load_inlock_reentrant (&module, 0, &recursive_managed);
- assert (rv == CKR_OK);
-
- p11_unlock ();
-
- rv = p11_kit_module_initialize (recursive_managed);
- assert_num_eq (CKR_FUNCTION_FAILED, rv);
-
- p11_lock ();
-
- rv = p11_module_release_inlock_reentrant (recursive_managed);
- assert (rv == CKR_OK);
-
- p11_unlock ();
-
- p11_kit_be_loud ();
-}
-
-static int initialization_count = 0;
-static int finalization_count = 0;
-
-static CK_RV
-mock_C_Initialize__threaded_race (CK_VOID_PTR init_args)
-{
- /* Atomically increment value */
- p11_mutex_lock (&race_mutex);
- initialization_count += 1;
- p11_mutex_unlock (&race_mutex);
-
- p11_sleep_ms (100);
- return CKR_OK;
-}
-
-static CK_RV
-mock_C_Finalize__threaded_race (CK_VOID_PTR reserved)
-{
- /* Atomically increment value */
- p11_mutex_lock (&race_mutex);
- finalization_count += 1;
- p11_mutex_unlock (&race_mutex);
-
- p11_sleep_ms (100);
- return CKR_OK;
-}
-
-static void *
-initialization_thread (void *data)
-{
- CK_FUNCTION_LIST *module = data;
- CK_RV rv;
-
- assert (module != NULL);
- rv = p11_kit_module_initialize (module);
- assert_num_eq (rv, CKR_OK);
-
- return module;
-}
-
-static void *
-finalization_thread (void *data)
-{
- CK_FUNCTION_LIST *module = data;
- CK_RV rv;
-
- assert (module != NULL);
- rv = p11_kit_module_finalize (module);
- assert_num_eq (rv, CKR_OK);
-
- return module;
-}
-
-static void
-test_threaded_initialization (void)
-{
- static const int num_threads = 1;
- CK_FUNCTION_LIST *data[num_threads];
- p11_thread_t threads[num_threads];
- CK_RV rv;
- int ret;
- int i;
-
- /* Build up our own function list */
- memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
- module.C_Initialize = mock_C_Initialize__threaded_race;
- module.C_Finalize = mock_C_Finalize__threaded_race;
-
- memset (&data, 0, sizeof (data));
-
- p11_mutex_lock (&race_mutex);
- initialization_count = 0;
- finalization_count = 0;
- p11_mutex_unlock (&race_mutex);
-
- p11_lock ();
-
- for (i = 0; i < num_threads; i++) {
- assert (data[i] == NULL);
- rv = p11_module_load_inlock_reentrant (&module, 0, &data[i]);
- assert (rv == CKR_OK);
- }
-
- p11_unlock ();
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_create (&threads[i], initialization_thread, data[i]);
- assert_num_eq (0, ret);
- assert (threads[i] != 0);
- }
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_join (threads[i]);
- assert_num_eq (0, ret);
- threads[i] = 0;
- }
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_create (&threads[i], finalization_thread, data[i]);
- assert_num_eq (0, ret);
- assert (threads[i] != 0);
- }
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_join (threads[i]);
- assert_num_eq (0, ret);
- threads[i] = 0;
- }
-
- p11_lock ();
-
- for (i = 0; i < num_threads; i++) {
- assert (data[i] != NULL);
- rv = p11_module_release_inlock_reentrant (data[i]);
- assert (rv == CKR_OK);
- }
-
- p11_unlock ();
-
- /* C_Initialize should have been called exactly once */
- assert_num_eq (1, initialization_count);
- assert_num_eq (1, finalization_count);
-}
-
-static CK_RV
-mock_C_Initialize__test_mutexes (CK_VOID_PTR args)
-{
- CK_C_INITIALIZE_ARGS_PTR init_args;
- void *mutex = NULL;
- CK_RV rv;
-
- assert (args != NULL);
- init_args = args;
-
- rv = (init_args->CreateMutex) (&mutex);
- assert (rv == CKR_OK);
-
- rv = (init_args->LockMutex) (mutex);
- assert (rv == CKR_OK);
-
- rv = (init_args->UnlockMutex) (mutex);
- assert (rv == CKR_OK);
-
- rv = (init_args->DestroyMutex) (mutex);
- assert (rv == CKR_OK);
-
- return CKR_OK;
-}
-
-static void
-test_mutexes (void)
-{
- CK_FUNCTION_LIST_PTR result;
- CK_RV rv;
-
- /* Build up our own function list */
- memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
- module.C_Initialize = mock_C_Initialize__test_mutexes;
-
- p11_lock ();
-
- rv = p11_module_load_inlock_reentrant (&module, 0, &result);
- assert (rv == CKR_OK);
-
- rv = p11_module_release_inlock_reentrant (result);
- assert (rv == CKR_OK);
-
- p11_unlock ();
-}
-
-static void
-test_load_and_initialize (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_INFO info;
- CK_RV rv;
- int ret;
-
- module = p11_kit_module_load (BUILDDIR "/.libs/mock-one" SHLEXT, 0);
- assert (module != NULL);
-
- rv = p11_kit_module_initialize (module);
- assert (rv == CKR_OK);
-
- rv = (module->C_GetInfo) (&info);
- assert (rv == CKR_OK);
-
- ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER ", 32);
- assert (ret == 0);
-
- rv = p11_kit_module_finalize (module);
- assert (rv == CKR_OK);
-
- p11_kit_module_release (module);
-}
-
-static void
-test_initalize_fail (void)
-{
- CK_FUNCTION_LIST failer;
- CK_FUNCTION_LIST *modules[3] = { &mock_module_no_slots, &failer, NULL };
- CK_RV rv;
-
- memcpy (&failer, &mock_module, sizeof (CK_FUNCTION_LIST));
- failer.C_Initialize = mock_C_Initialize__fails;
-
- mock_module_reset ();
- p11_kit_be_quiet ();
-
- rv = p11_kit_modules_initialize (modules, NULL);
- assert_num_eq (CKR_FUNCTION_FAILED, rv);
-
- p11_kit_be_loud ();
-
- /* Failed modules get removed from the list */
- assert_ptr_eq (&mock_module_no_slots, modules[0]);
- assert_ptr_eq (NULL, modules[1]);
- assert_ptr_eq (NULL, modules[2]);
-
- p11_kit_modules_finalize (modules);
-}
-
-static void
-test_finalize_fail (void)
-{
-
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_mutex_init (&race_mutex);
- mock_module_init ();
- p11_library_init ();
-
- /* These only work when managed */
- if (p11_virtual_can_wrap ()) {
- p11_test (test_recursive_initialization, "/init/test_recursive_initialization");
- p11_test (test_threaded_initialization, "/init/test_threaded_initialization");
- p11_test (test_mutexes, "/init/test_mutexes");
- p11_test (test_load_and_initialize, "/init/test_load_and_initialize");
-
-#ifdef OS_UNIX
- p11_test (test_fork_initialization, "/init/test_fork_initialization");
-#endif
- }
-
- p11_test (test_initalize_fail, "/init/test_initalize_fail");
- p11_test (test_finalize_fail, "/init/test_finalize_fail");
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-iter.c b/p11-kit/test-iter.c
deleted file mode 100644
index 3f5a76f..0000000
--- a/p11-kit/test-iter.c
+++ /dev/null
@@ -1,1512 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-#include "test.h"
-
-#define P11_KIT_FUTURE_UNSTABLE_API 1
-
-#include "attrs.h"
-#include "dict.h"
-#include "iter.h"
-#include "library.h"
-#include "message.h"
-#include "mock.h"
-
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static CK_FUNCTION_LIST_PTR_PTR
-initialize_and_get_modules (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
-
- p11_message_quiet ();
-
- modules = p11_kit_modules_load_and_initialize (0);
- assert (modules != NULL && modules[0] != NULL);
-
- p11_message_loud ();
-
- return modules;
-}
-
-static void
-finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules)
-{
- p11_kit_modules_finalize (modules);
- p11_kit_modules_release (modules);
-}
-
-static int
-has_handle (CK_ULONG *objects,
- int count,
- CK_ULONG handle)
-{
- int i;
- for (i = 0; i < count; i++) {
- if (objects[i] == handle)
- return 1;
- }
-
- return 0;
-}
-
-
-static void
-test_all (void)
-{
- CK_OBJECT_HANDLE objects[128];
- CK_FUNCTION_LIST_PTR *modules;
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session;
- CK_ULONG size;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, P11_KIT_ITER_BUSY_SESSIONS);
- p11_kit_iter_begin (iter, modules);
-
- at = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- assert (at < 128);
- objects[at] = p11_kit_iter_get_object (iter);
-
- module = p11_kit_iter_get_module (iter);
- assert_ptr_not_null (module);
-
- session = p11_kit_iter_get_session (iter);
- assert (session != 0);
-
- /* Do something with the object */
- size = 0;
- rv = (module->C_GetObjectSize) (session, objects[at], &size);
- assert (rv == CKR_OK);
- assert (size > 0);
-
- at++;
- }
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 3 public objects */
- assert_num_eq (9, at);
-
- assert (has_handle (objects, at, MOCK_DATA_OBJECT));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static CK_RV
-on_iter_callback (P11KitIter *iter,
- CK_BBOOL *matches,
- void *data)
-{
- CK_OBJECT_HANDLE object;
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session;
- CK_ULONG size;
- CK_RV rv;
-
- assert_str_eq (data, "callback");
-
- object = p11_kit_iter_get_object (iter);
- if (object != MOCK_PUBLIC_KEY_CAPITALIZE && object != MOCK_PUBLIC_KEY_PREFIX) {
- *matches = CK_FALSE;
- return CKR_OK;
- }
-
- module = p11_kit_iter_get_module (iter);
- assert_ptr_not_null (module);
-
- session = p11_kit_iter_get_session (iter);
- assert (session != 0);
-
- /* Do something with the object */
- size = 0;
- rv = (module->C_GetObjectSize) (session, object, &size);
- assert (rv == CKR_OK);
- assert (size > 0);
-
- return CKR_OK;
-}
-
-static void
-test_callback (void)
-{
- CK_OBJECT_HANDLE objects[128];
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_add_callback (iter, on_iter_callback, "callback", NULL);
- p11_kit_iter_begin (iter, modules);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- assert (at < 128);
- objects[at] = p11_kit_iter_get_object (iter);
- at++;
- }
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 2 public keys */
- assert_num_eq (6, at);
-
- assert (!has_handle (objects, at, MOCK_DATA_OBJECT));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static CK_RV
-on_callback_fail (P11KitIter *iter,
- CK_BBOOL *matches,
- void *data)
-{
- return CKR_DATA_INVALID;
-}
-
-static void
-test_callback_fails (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_add_callback (iter, on_callback_fail, "callback", NULL);
- p11_kit_iter_begin (iter, modules);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- at++;
-
- assert (rv == CKR_DATA_INVALID);
-
- /* Shouldn't have succeeded at all */
- assert_num_eq (0, at);
-
- p11_kit_iter_free (iter);
- finalize_and_free_modules (modules);
-}
-
-static void
-on_destroy_increment (void *data)
-{
- int *value = data;
- (*value)++;
-}
-
-static void
-test_callback_destroyer (void)
-{
- P11KitIter *iter;
- int value = 1;
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_add_callback (iter, on_callback_fail, &value, on_destroy_increment);
- p11_kit_iter_free (iter);
-
- assert_num_eq (2, value);
-}
-
-static void
-test_with_session (void)
-{
- CK_OBJECT_HANDLE objects[128];
- CK_SESSION_HANDLE session;
- CK_FUNCTION_LIST_PTR module;
- CK_SLOT_ID slot;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &mock_module, 0, session);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- assert (at < 128);
- objects[at] = p11_kit_iter_get_object (iter);
-
- slot = p11_kit_iter_get_slot (iter);
- assert (slot == MOCK_SLOT_ONE_ID);
-
- module = p11_kit_iter_get_module (iter);
- assert_ptr_eq (module, &mock_module);
-
- assert (session == p11_kit_iter_get_session (iter));
- at++;
- }
-
- assert (rv == CKR_CANCEL);
-
- /* 1 modules, each with 1 slot, and 3 public objects */
- assert_num_eq (3, at);
-
- assert (has_handle (objects, at, MOCK_DATA_OBJECT));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
-
- p11_kit_iter_free (iter);
-
- /* The session is still valid ... */
- rv = mock_module.C_CloseSession (session);
- assert (rv == CKR_OK);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_with_slot (void)
-{
- CK_OBJECT_HANDLE objects[128];
- CK_FUNCTION_LIST_PTR module;
- CK_SLOT_ID slot;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &mock_module, MOCK_SLOT_ONE_ID, 0);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- assert (at < 128);
- objects[at] = p11_kit_iter_get_object (iter);
-
- slot = p11_kit_iter_get_slot (iter);
- assert (slot == MOCK_SLOT_ONE_ID);
-
- module = p11_kit_iter_get_module (iter);
- assert_ptr_eq (module, &mock_module);
- at++;
- }
-
- assert (rv == CKR_CANCEL);
-
- /* 1 modules, each with 1 slot, and 3 public objects */
- assert_num_eq (3, at);
-
- assert (has_handle (objects, at, MOCK_DATA_OBJECT));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
-
- p11_kit_iter_free (iter);
-
- rv = (mock_module.C_Finalize) (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_with_module (void)
-{
- CK_OBJECT_HANDLE objects[128];
- CK_FUNCTION_LIST_PTR module;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &mock_module, 0, 0);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- assert (at < 128);
- objects[at] = p11_kit_iter_get_object (iter);
-
- module = p11_kit_iter_get_module (iter);
- assert_ptr_eq (module, &mock_module);
- at++;
- }
-
- assert (rv == CKR_CANCEL);
-
- /* 1 modules, each with 1 slot, and 3 public objects */
- assert_num_eq (3, at);
-
- assert (has_handle (objects, at, MOCK_DATA_OBJECT));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
-
- p11_kit_iter_free (iter);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_keep_session (void)
-{
- CK_SESSION_HANDLE session;
- P11KitIter *iter;
- CK_RV rv;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &mock_module, 0, 0);
-
- rv = p11_kit_iter_next (iter);
- assert (rv == CKR_OK);
-
- session = p11_kit_iter_keep_session (iter);
- p11_kit_iter_free (iter);
-
- /* The session is still valid ... */
- rv = mock_module.C_CloseSession (session);
- assert (rv == CKR_OK);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_unrecognized (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
- int count;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- p11_kit_uri_set_unrecognized (uri, 1);
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- count++;
-
- assert (rv == CKR_CANCEL);
-
- /* Nothing should have matched */
- assert_num_eq (0, count);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_uri_with_type (void)
-{
- CK_OBJECT_HANDLE objects[128];
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
- int at;
- int ret;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse ("pkcs11:object-type=public", P11_KIT_URI_FOR_OBJECT, uri);
- assert_num_eq (ret, P11_KIT_URI_OK);
-
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- at = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- assert (at < 128);
- objects[at] = p11_kit_iter_get_object (iter);
- at++;
- }
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 2 public keys */
- assert_num_eq (6, at);
-
- assert (!has_handle (objects, at, MOCK_DATA_OBJECT));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_set_uri (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- p11_kit_uri_set_unrecognized (uri, 1);
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_set_uri (iter, uri);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- /* Nothing should have matched */
- rv = p11_kit_iter_next (iter);
- assert_num_eq (rv, CKR_CANCEL);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_filter (void)
-{
- CK_OBJECT_HANDLE objects[128];
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- CK_BBOOL vfalse = CK_FALSE;
- CK_OBJECT_CLASS public_key = CKO_PUBLIC_KEY;
- CK_ATTRIBUTE attrs[] = {
- { CKA_PRIVATE, &vfalse, sizeof (vfalse) },
- { CKA_CLASS, &public_key, sizeof (public_key) },
- };
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_add_filter (iter, attrs, 2);
-
- p11_kit_iter_begin (iter, modules);
-
- at = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- assert (at < 128);
- objects[at] = p11_kit_iter_get_object (iter);
- at++;
- }
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 2 public keys */
- assert_num_eq (6, at);
-
- assert (!has_handle (objects, at, MOCK_DATA_OBJECT));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
- assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
- assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_session_flags (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session;
- CK_SESSION_INFO info;
- P11KitIter *iter;
- CK_RV rv;
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE);
- p11_kit_iter_begin (iter, modules);
-
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- module = p11_kit_iter_get_module (iter);
- assert_ptr_not_null (module);
-
- session = p11_kit_iter_get_session (iter);
- assert (session != 0);
-
- rv = (module->C_GetSessionInfo) (session, &info);
- assert (rv == CKR_OK);
-
- assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state);
- }
-
- assert (rv == CKR_CANCEL);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_module_match (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
- int count;
- int ret;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse ("pkcs11:library-description=MOCK%20LIBRARY", P11_KIT_URI_FOR_MODULE, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- count++;
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 3 public objects */
- assert_num_eq (9, count);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_module_mismatch (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
- int count;
- int ret;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse ("pkcs11:library-description=blah", P11_KIT_URI_FOR_MODULE, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- count++;
-
- assert (rv == CKR_CANCEL);
-
- /* Nothing should have matched */
- assert_num_eq (0, count);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_slot_match (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
- int count;
- int ret;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse ("pkcs11:slot-manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_SLOT, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- count++;
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 3 public objects */
- assert_num_eq (9, count);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_slot_mismatch (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
- int count;
- int ret;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse ("pkcs11:slot-manufacturer=blah", P11_KIT_URI_FOR_SLOT, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- count++;
-
- assert (rv == CKR_CANCEL);
-
- /* Nothing should have matched */
- assert_num_eq (0, count);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_slot_match_by_id (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- char *string;
- CK_RV rv;
- int count;
- int ret;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- ret = asprintf (&string, "pkcs11:slot-id=%lu", MOCK_SLOT_ONE_ID);
- assert (ret > 0);
- ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_SLOT, uri);
- free (string);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- count++;
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 3 public objects */
- assert_num_eq (9, count);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_slot_mismatch_by_id (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
- int count;
- int ret;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse ("pkcs11:slot-id=0", P11_KIT_URI_FOR_SLOT, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- count++;
-
- assert (rv == CKR_CANCEL);
-
- /* Nothing should have matched */
- assert_num_eq (0, count);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_slot_info (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- CK_SLOT_INFO *info;
- P11KitIter *iter;
- char *string;
- CK_RV rv;
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin (iter, modules);
-
- rv = p11_kit_iter_next (iter);
- assert_num_eq (rv, CKR_OK);
-
- info = p11_kit_iter_get_slot_info (iter);
- assert_ptr_not_null (info);
-
- string = p11_kit_space_strdup (info->slotDescription,
- sizeof (info->slotDescription));
- assert_ptr_not_null (string);
-
- assert_str_eq (string, "TEST SLOT");
-
- free (string);
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_token_match (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
- int count;
- int ret;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse ("pkcs11:manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_TOKEN, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- count++;
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 3 public objects */
- assert_num_eq (9, count);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_token_mismatch (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- P11KitUri *uri;
- CK_RV rv;
- int count;
- int ret;
-
- modules = initialize_and_get_modules ();
-
- uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse ("pkcs11:manufacturer=blah", P11_KIT_URI_FOR_TOKEN, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- iter = p11_kit_iter_new (uri, 0);
- p11_kit_uri_free (uri);
-
- p11_kit_iter_begin (iter, modules);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- count++;
-
- assert (rv == CKR_CANCEL);
-
- /* Nothing should have matched */
- assert_num_eq (0, count);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_token_info (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- CK_TOKEN_INFO *info;
- P11KitIter *iter;
- char *string;
- CK_RV rv;
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin (iter, modules);
-
- rv = p11_kit_iter_next (iter);
- assert_num_eq (rv, CKR_OK);
-
- info = p11_kit_iter_get_token (iter);
- assert_ptr_not_null (info);
-
- string = p11_kit_space_strdup (info->label, sizeof (info->label));
- assert_ptr_not_null (string);
-
- assert_str_eq (string, "TEST LABEL");
-
- free (string);
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_getslotlist_fail_first (void)
-{
- CK_FUNCTION_LIST module;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
- module.C_GetSlotList = mock_C_GetSlotList__fail_first;
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &module, 0, 0);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- at++;
-
- assert (rv == CKR_VENDOR_DEFINED);
-
- /* Should fail on the first iteration */
- assert_num_eq (0, at);
-
- p11_kit_iter_free (iter);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_getslotlist_fail_late (void)
-{
- CK_FUNCTION_LIST module;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
- module.C_GetSlotList = mock_C_GetSlotList__fail_late;
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &module, 0, 0);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- at++;
-
- assert (rv == CKR_VENDOR_DEFINED);
-
- /* Should fail on the first iteration */
- assert_num_eq (0, at);
-
- p11_kit_iter_free (iter);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_open_session_fail (void)
-{
- CK_FUNCTION_LIST module;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
- module.C_OpenSession = mock_C_OpenSession__fails;
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &module, 0, 0);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- at++;
-
- assert (rv == CKR_DEVICE_ERROR);
-
- /* Should fail on the first iteration */
- assert_num_eq (0, at);
-
- p11_kit_iter_free (iter);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_find_init_fail (void)
-{
- CK_FUNCTION_LIST module;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
- module.C_FindObjectsInit = mock_C_FindObjectsInit__fails;
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &module, 0, 0);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- at++;
-
- assert (rv == CKR_DEVICE_MEMORY);
-
- /* Should fail on the first iteration */
- assert_num_eq (0, at);
-
- p11_kit_iter_free (iter);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_find_objects_fail (void)
-{
- CK_FUNCTION_LIST module;
- P11KitIter *iter;
- CK_RV rv;
- int at;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
- module.C_FindObjects = mock_C_FindObjects__fails;
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &module, 0, 0);
-
- at= 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
- at++;
-
- assert (rv == CKR_DEVICE_REMOVED);
-
- /* Should fail on the first iteration */
- assert_num_eq (0, at);
-
- p11_kit_iter_free (iter);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_get_attributes (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- CK_OBJECT_HANDLE object;
- char label[128];
- CK_ULONG klass;
- CK_ULONG ulong;
- CK_RV rv;
- int at;
-
- CK_ATTRIBUTE template[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_LABEL, label, sizeof (label) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE attrs[3];
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin (iter, modules);
-
- at = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- assert (sizeof (attrs) == sizeof (template));
- memcpy (&attrs, &template, sizeof (attrs));
-
- rv = p11_kit_iter_get_attributes (iter, attrs, 2);
- assert (rv == CKR_OK);
-
- object = p11_kit_iter_get_object (iter);
- switch (object) {
- case MOCK_DATA_OBJECT:
- assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA);
- assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1));
- break;
- case MOCK_PUBLIC_KEY_CAPITALIZE:
- assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY);
- assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1));
- break;
- case MOCK_PUBLIC_KEY_PREFIX:
- assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY);
- assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1));
- break;
- default:
- assert_fail ("Unknown object matched", NULL);
- break;
- }
-
- at++;
- }
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 3 public objects */
- assert_num_eq (9, at);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-
-
-static void
-test_load_attributes (void)
-{
- CK_FUNCTION_LIST_PTR *modules;
- P11KitIter *iter;
- CK_ATTRIBUTE *attrs;
- CK_OBJECT_HANDLE object;
- CK_ULONG ulong;
- CK_RV rv;
- int at;
-
- CK_ATTRIBUTE types[] = {
- { CKA_CLASS },
- { CKA_LABEL },
- };
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin (iter, modules);
-
- attrs = p11_attrs_buildn (NULL, types, 2);
-
- at = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- rv = p11_kit_iter_load_attributes (iter, attrs, 2);
- assert (rv == CKR_OK);
-
- object = p11_kit_iter_get_object (iter);
- switch (object) {
- case MOCK_DATA_OBJECT:
- assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA);
- assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1));
- break;
- case MOCK_PUBLIC_KEY_CAPITALIZE:
- assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY);
- assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1));
- break;
- case MOCK_PUBLIC_KEY_PREFIX:
- assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY);
- assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1));
- break;
- default:
- assert_fail ("Unknown object matched", NULL);
- break;
- }
-
- at++;
- }
-
- p11_attrs_free (attrs);
-
- assert (rv == CKR_CANCEL);
-
- /* Three modules, each with 1 slot, and 3 public objects */
- assert_num_eq (9, at);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_load_attributes_none (void)
-{
- CK_FUNCTION_LIST module;
- P11KitIter *iter;
- CK_ATTRIBUTE *attrs;
- CK_RV rv;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &module, 0, 0);
-
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- attrs = p11_attrs_buildn (NULL, NULL, 0);
- rv = p11_kit_iter_load_attributes (iter, attrs, 0);
- assert (rv == CKR_OK);
- p11_attrs_free (attrs);
- }
-
- assert (rv == CKR_CANCEL);
-
- p11_kit_iter_free (iter);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_load_attributes_fail_first (void)
-{
- CK_ATTRIBUTE label = { CKA_LABEL, };
- CK_FUNCTION_LIST module;
- P11KitIter *iter;
- CK_ATTRIBUTE *attrs;
- CK_RV rv;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
- module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_first;
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &module, 0, 0);
-
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- attrs = p11_attrs_build (NULL, &label, NULL);
- rv = p11_kit_iter_load_attributes (iter, attrs, 1);
- assert (rv == CKR_FUNCTION_REJECTED);
- p11_attrs_free (attrs);
- }
-
- assert (rv == CKR_CANCEL);
-
- p11_kit_iter_free (iter);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_load_attributes_fail_late (void)
-{
- CK_ATTRIBUTE label = { CKA_LABEL, };
- CK_FUNCTION_LIST module;
- P11KitIter *iter;
- CK_ATTRIBUTE *attrs;
- CK_RV rv;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
- module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_late;
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_begin_with (iter, &module, 0, 0);
-
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- attrs = p11_attrs_build (NULL, &label, NULL);
- rv = p11_kit_iter_load_attributes (iter, attrs, 1);
- assert (rv == CKR_FUNCTION_FAILED);
- p11_attrs_free (attrs);
- }
-
- assert (rv == CKR_CANCEL);
-
- p11_kit_iter_free (iter);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_many (void *flags)
-{
- P11KitIterBehavior behavior;
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- p11_dict *seen;
- P11KitIter *iter;
- CK_RV rv;
- int count;
- int i;
-
- static CK_OBJECT_CLASS data = CKO_DATA;
- static CK_ATTRIBUTE object[] = {
- { CKA_VALUE, "blah", 4 },
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_ID, "ID1", 3 },
- { CKA_INVALID },
- };
-
- behavior = 0;
- if (strstr (flags, "busy-sessions"))
- behavior |= P11_KIT_ITER_BUSY_SESSIONS;
-
- mock_module_reset ();
- rv = mock_module.C_Initialize (NULL);
- assert_num_eq (rv, CKR_OK);
-
- rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert_num_eq (rv, CKR_OK);
-
- for (i = 0; i < 10000; i++)
- mock_module_add_object (MOCK_SLOT_ONE_ID, object);
-
- seen = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, free, NULL);
- iter = p11_kit_iter_new (NULL, behavior);
- p11_kit_iter_add_filter (iter, object, 3);
- p11_kit_iter_begin_with (iter, &mock_module, 0, session);
-
- count = 0;
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- handle = p11_kit_iter_get_object (iter);
- assert (p11_dict_get (seen, &handle) == NULL);
- if (!p11_dict_set (seen, memdup (&handle, sizeof (handle)), "x"))
- assert_not_reached ();
- count++;
- }
-
- assert_num_eq (rv, CKR_CANCEL);
- assert_num_eq (count, 10000);
-
- p11_kit_iter_free (iter);
- p11_dict_free (seen);
-
- rv = mock_module.C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_destroy_object (void)
-{
- CK_FUNCTION_LIST **modules;
- P11KitIter *iter;
- CK_OBJECT_HANDLE object;
- CK_SESSION_HANDLE session;
- CK_FUNCTION_LIST *module;
- CK_ULONG size;
- CK_RV rv;
-
- modules = initialize_and_get_modules ();
-
- iter = p11_kit_iter_new (NULL, P11_KIT_ITER_WANT_WRITABLE);
-
- p11_kit_iter_begin (iter, modules);
-
- /* Should have matched */
- rv = p11_kit_iter_next (iter);
- assert_num_eq (rv, CKR_OK);
-
- object = p11_kit_iter_get_object (iter);
- session = p11_kit_iter_get_session (iter);
- module = p11_kit_iter_get_module (iter);
-
- rv = (module->C_GetObjectSize) (session, object, &size);
- assert_num_eq (rv, CKR_OK);
-
- rv = p11_kit_iter_destroy_object (iter);
- assert_num_eq (rv, CKR_OK);
-
- rv = (module->C_GetObjectSize) (session, object, &size);
- assert_num_eq (rv, CKR_OBJECT_HANDLE_INVALID);
-
- p11_kit_iter_free (iter);
-
- finalize_and_free_modules (modules);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_library_init ();
- mock_module_init ();
-
- p11_test (test_all, "/iter/test_all");
- p11_test (test_unrecognized, "/iter/test_unrecognized");
- p11_test (test_uri_with_type, "/iter/test_uri_with_type");
- p11_test (test_set_uri, "/iter/set-uri");
- p11_test (test_session_flags, "/iter/test_session_flags");
- p11_test (test_callback, "/iter/test_callback");
- p11_test (test_callback_fails, "/iter/test_callback_fails");
- p11_test (test_callback_destroyer, "/iter/test_callback_destroyer");
- p11_test (test_filter, "/iter/test_filter");
- p11_test (test_with_session, "/iter/test_with_session");
- p11_test (test_with_slot, "/iter/test_with_slot");
- p11_test (test_with_module, "/iter/test_with_module");
- p11_test (test_keep_session, "/iter/test_keep_session");
- p11_test (test_token_match, "/iter/test_token_match");
- p11_test (test_token_mismatch, "/iter/test_token_mismatch");
- p11_test (test_token_info, "/iter/token-info");
- p11_test (test_slot_match, "/iter/test_slot_match");
- p11_test (test_slot_mismatch, "/iter/test_slot_mismatch");
- p11_test (test_slot_match_by_id, "/iter/test_slot_match_by_id");
- p11_test (test_slot_mismatch_by_id, "/iter/test_slot_mismatch_by_id");
- p11_test (test_slot_info, "/iter/slot-info");
- p11_test (test_module_match, "/iter/test_module_match");
- p11_test (test_module_mismatch, "/iter/test_module_mismatch");
- p11_test (test_getslotlist_fail_first, "/iter/test_getslotlist_fail_first");
- p11_test (test_getslotlist_fail_late, "/iter/test_getslotlist_fail_late");
- p11_test (test_open_session_fail, "/iter/test_open_session_fail");
- p11_test (test_find_init_fail, "/iter/test_find_init_fail");
- p11_test (test_find_objects_fail, "/iter/test_find_objects_fail");
- p11_test (test_get_attributes, "/iter/get-attributes");
- p11_test (test_load_attributes, "/iter/test_load_attributes");
- p11_test (test_load_attributes_none, "/iter/test_load_attributes_none");
- p11_test (test_load_attributes_fail_first, "/iter/test_load_attributes_fail_first");
- p11_test (test_load_attributes_fail_late, "/iter/test_load_attributes_fail_late");
- p11_testx (test_many, "", "/iter/test-many");
- p11_testx (test_many, "busy-sessions", "/iter/test-many-busy");
- p11_test (test_destroy_object, "/iter/destroy-object");
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-log.c b/p11-kit/test-log.c
deleted file mode 100644
index e7dab70..0000000
--- a/p11-kit/test-log.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "dict.h"
-#include "library.h"
-#include "log.h"
-#include "mock.h"
-#include "modules.h"
-#include "p11-kit.h"
-#include "virtual.h"
-
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-static CK_FUNCTION_LIST_PTR
-setup_mock_module (CK_SESSION_HANDLE *session)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_RV rv;
-
- p11_lock ();
- p11_log_force = true;
-
- rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module);
- assert (rv == CKR_OK);
- assert_ptr_not_null (module);
- assert (p11_virtual_is_wrapper (module));
-
- p11_unlock ();
-
- rv = p11_kit_module_initialize (module);
- assert (rv == CKR_OK);
-
- if (session) {
- rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID,
- CKF_RW_SESSION | CKF_SERIAL_SESSION,
- NULL, NULL, session);
- assert (rv == CKR_OK);
- }
-
- return module;
-}
-
-static void
-teardown_mock_module (CK_FUNCTION_LIST_PTR module)
-{
- CK_RV rv;
-
- rv = p11_kit_module_finalize (module);
- assert (rv == CKR_OK);
-
- p11_lock ();
-
- rv = p11_module_release_inlock_reentrant (module);
- assert (rv == CKR_OK);
-
- p11_unlock ();
-}
-
-/* Bring in all the mock module tests */
-#include "test-mock.c"
-
-int
-main (int argc,
- char *argv[])
-{
- p11_library_init ();
- mock_module_init ();
-
- test_mock_add_tests ("/log");
-
- p11_kit_be_quiet ();
- p11_log_output = false;
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-managed.c b/p11-kit/test-managed.c
deleted file mode 100644
index fc673ea..0000000
--- a/p11-kit/test-managed.c
+++ /dev/null
@@ -1,271 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "dict.h"
-#include "library.h"
-#include "mock.h"
-#include "modules.h"
-#include "p11-kit.h"
-#include "virtual.h"
-
-#include <sys/types.h>
-#ifdef OS_UNIX
-#include <sys/wait.h>
-#endif
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-static CK_FUNCTION_LIST_PTR
-setup_mock_module (CK_SESSION_HANDLE *session)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_RV rv;
-
- p11_lock ();
-
- rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module);
- assert (rv == CKR_OK);
- assert_ptr_not_null (module);
- assert (p11_virtual_is_wrapper (module));
-
- p11_unlock ();
-
- rv = p11_kit_module_initialize (module);
- assert (rv == CKR_OK);
-
- if (session) {
- rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID,
- CKF_RW_SESSION | CKF_SERIAL_SESSION,
- NULL, NULL, session);
- assert (rv == CKR_OK);
- }
-
- return module;
-}
-
-static void
-teardown_mock_module (CK_FUNCTION_LIST_PTR module)
-{
- CK_RV rv;
-
- rv = p11_kit_module_finalize (module);
- assert (rv == CKR_OK);
-
- p11_lock ();
-
- rv = p11_module_release_inlock_reentrant (module);
- assert (rv == CKR_OK);
-
- p11_unlock ();
-}
-
-static CK_RV
-fail_C_Initialize (void *init_reserved)
-{
- return CKR_FUNCTION_FAILED;
-}
-
-static void
-test_initialize_finalize (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_RV rv;
-
- p11_lock ();
-
- rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module);
- assert (rv == CKR_OK);
- assert_ptr_not_null (module);
- assert (p11_virtual_is_wrapper (module));
-
- p11_unlock ();
-
- rv = module->C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- rv = module->C_Initialize (NULL);
- assert (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED);
-
- rv = module->C_Finalize (NULL);
- assert (rv == CKR_OK);
-
- rv = module->C_Finalize (NULL);
- assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED);
-
- p11_lock ();
-
- rv = p11_module_release_inlock_reentrant (module);
- assert (rv == CKR_OK);
-
- p11_unlock ();
-}
-
-static void
-test_initialize_fail (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_FUNCTION_LIST base;
- CK_RV rv;
-
- memcpy (&base, &mock_module, sizeof (CK_FUNCTION_LIST));
- base.C_Initialize = fail_C_Initialize;
-
- p11_lock ();
-
- rv = p11_module_load_inlock_reentrant (&base, 0, &module);
- assert (rv == CKR_OK);
-
- p11_unlock ();
-
- rv = p11_kit_module_initialize (module);
- assert (rv == CKR_FUNCTION_FAILED);
-}
-
-static void
-test_separate_close_all_sessions (void)
-{
- CK_FUNCTION_LIST *first;
- CK_FUNCTION_LIST *second;
- CK_SESSION_HANDLE s1;
- CK_SESSION_HANDLE s2;
- CK_SESSION_INFO info;
- CK_RV rv;
-
- first = setup_mock_module (&s1);
- second = setup_mock_module (&s2);
-
- rv = first->C_GetSessionInfo (s1, &info);
- assert (rv == CKR_OK);
-
- rv = second->C_GetSessionInfo (s2, &info);
- assert (rv == CKR_OK);
-
- first->C_CloseAllSessions (MOCK_SLOT_ONE_ID);
- assert (rv == CKR_OK);
-
- rv = first->C_GetSessionInfo (s1, &info);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = second->C_GetSessionInfo (s2, &info);
- assert (rv == CKR_OK);
-
- second->C_CloseAllSessions (MOCK_SLOT_ONE_ID);
- assert (rv == CKR_OK);
-
- rv = first->C_GetSessionInfo (s1, &info);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = second->C_GetSessionInfo (s2, &info);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- teardown_mock_module (first);
- teardown_mock_module (second);
-}
-
-#ifdef OS_UNIX
-
-static void
-test_fork_and_reinitialize (void)
-{
- CK_FUNCTION_LIST *module;
- CK_INFO info;
- int status;
- CK_RV rv;
- pid_t pid;
- int i;
-
- module = setup_mock_module (NULL);
- assert_ptr_not_null (module);
-
- pid = fork ();
- assert_num_cmp (pid, >=, 0);
-
- /* The child */
- if (pid == 0) {
- rv = (module->C_Initialize) (NULL);
- assert_num_eq (CKR_OK, rv);
-
- for (i = 0; i < 32; i++) {
- rv = (module->C_GetInfo) (&info);
- assert_num_eq (CKR_OK, rv);
- }
-
- rv = (module->C_Finalize) (NULL);
- assert_num_eq (CKR_OK, rv);
-
- _exit (66);
- }
-
- for (i = 0; i < 128; i++) {
- rv = (module->C_GetInfo) (&info);
- assert_num_eq (CKR_OK, rv);
- }
-
- assert_num_eq (waitpid (pid, &status, 0), pid);
- assert_num_eq (WEXITSTATUS (status), 66);
-
- teardown_mock_module (module);
-}
-
-#endif /* OS_UNIX */
-
-/* Bring in all the mock module tests */
-#include "test-mock.c"
-
-int
-main (int argc,
- char *argv[])
-{
- mock_module_init ();
- p11_library_init ();
-
- p11_test (test_initialize_finalize, "/managed/test_initialize_finalize");
- p11_test (test_initialize_fail, "/managed/test_initialize_fail");
- p11_test (test_separate_close_all_sessions, "/managed/test_separate_close_all_sessions");
-
-#ifdef OS_UNIX
- p11_test (test_fork_and_reinitialize, "/managed/fork-and-reinitialize");
-#endif
-
- test_mock_add_tests ("/managed");
-
- p11_kit_be_quiet ();
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-mock.c b/p11-kit/test-mock.c
deleted file mode 100644
index 8454f1f..0000000
--- a/p11-kit/test-mock.c
+++ /dev/null
@@ -1,1685 +0,0 @@
-/*
- * Copyright (c) 2012 Stefan Walter
- * Copyright (c) 2012-2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "test.h"
-
-#include "library.h"
-#include "mock.h"
-#include "p11-kit.h"
-
-#include <sys/types.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static void
-test_get_info (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_INFO info;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_GetInfo) (&info);
- assert_num_eq (rv, CKR_OK);
- assert_num_eq (MOCK_INFO.cryptokiVersion.major, info.cryptokiVersion.major);
- assert_num_eq (MOCK_INFO.cryptokiVersion.minor, info.cryptokiVersion.minor);
- assert (memcmp (MOCK_INFO.manufacturerID, info.manufacturerID, sizeof (info.manufacturerID)) == 0);
- assert_num_eq (MOCK_INFO.flags, info.flags);
- assert (memcmp (MOCK_INFO.libraryDescription, info.libraryDescription, sizeof (info.libraryDescription)) == 0);
- assert_num_eq (MOCK_INFO.libraryVersion.major, info.libraryVersion.major);
- assert_num_eq (MOCK_INFO.libraryVersion.minor, info.libraryVersion.minor);
-
- teardown_mock_module (module);
-}
-
-static void
-test_get_slot_list (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SLOT_ID slot_list[8];
- CK_ULONG count = 0;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- /* Normal module has 2 slots, one with token present */
- rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count);
- assert (rv == CKR_OK);
- assert_num_eq (MOCK_SLOTS_PRESENT, count);
- rv = (module->C_GetSlotList) (CK_FALSE, NULL, &count);
- assert (rv == CKR_OK);
- assert_num_eq (MOCK_SLOTS_ALL, count);
-
- count = 8;
- rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count);
- assert (rv == CKR_OK);
- assert_num_eq (MOCK_SLOTS_PRESENT, count);
- assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]);
-
- count = 8;
- rv = (module->C_GetSlotList) (CK_FALSE, slot_list, &count);
- assert (rv == CKR_OK);
- assert_num_eq (MOCK_SLOTS_ALL, count);
- assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]);
- assert_num_eq (MOCK_SLOT_TWO_ID, slot_list[1]);
-
- teardown_mock_module (module);
-}
-
-static void
-test_get_slot_info (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SLOT_INFO info;
- char *string;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_GetSlotInfo) (MOCK_SLOT_ONE_ID, &info);
- assert (rv == CKR_OK);
- string = p11_kit_space_strdup (info.slotDescription, sizeof (info.slotDescription));
- assert_str_eq ("TEST SLOT", string);
- free (string);
- string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID));
- assert_str_eq ("TEST MANUFACTURER", string);
- free (string);
- assert_num_eq (CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, info.flags);
- assert_num_eq (55, info.hardwareVersion.major);
- assert_num_eq (155, info.hardwareVersion.minor);
- assert_num_eq (65, info.firmwareVersion.major);
- assert_num_eq (165, info.firmwareVersion.minor);
-
- rv = (module->C_GetSlotInfo) (MOCK_SLOT_TWO_ID, &info);
- assert (rv == CKR_OK);
- assert_num_eq (CKF_REMOVABLE_DEVICE, info.flags);
-
- rv = (module->C_GetSlotInfo) (0, &info);
- assert (rv == CKR_SLOT_ID_INVALID);
-
- teardown_mock_module (module);
-}
-
-static void
-test_get_token_info (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_TOKEN_INFO info;
- char *string;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_GetTokenInfo) (MOCK_SLOT_ONE_ID, &info);
- assert (rv == CKR_OK);
-
- string = p11_kit_space_strdup (info.label, sizeof (info.label));
- assert_str_eq ("TEST LABEL", string);
- free (string);
- string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID));
- assert_str_eq ("TEST MANUFACTURER", string);
- free (string);
- string = p11_kit_space_strdup (info.model, sizeof (info.model));
- assert_str_eq ("TEST MODEL", string);
- free (string);
- string = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber));
- assert_str_eq ("TEST SERIAL", string);
- free (string);
- assert_num_eq (CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, info.flags);
- assert_num_eq (1, info.ulMaxSessionCount);
- assert_num_eq (2, info.ulSessionCount);
- assert_num_eq (3, info.ulMaxRwSessionCount);
- assert_num_eq (4, info.ulRwSessionCount);
- assert_num_eq (5, info.ulMaxPinLen);
- assert_num_eq (6, info.ulMinPinLen);
- assert_num_eq (7, info.ulTotalPublicMemory);
- assert_num_eq (8, info.ulFreePublicMemory);
- assert_num_eq (9, info.ulTotalPrivateMemory);
- assert_num_eq (10, info.ulFreePrivateMemory);
- assert_num_eq (75, info.hardwareVersion.major);
- assert_num_eq (175, info.hardwareVersion.minor);
- assert_num_eq (85, info.firmwareVersion.major);
- assert_num_eq (185, info.firmwareVersion.minor);
- assert (memcmp (info.utcTime, "1999052509195900", sizeof (info.utcTime)) == 0);
-
- rv = (module->C_GetTokenInfo) (MOCK_SLOT_TWO_ID, &info);
- assert (rv == CKR_TOKEN_NOT_PRESENT);
-
- rv = (module->C_GetTokenInfo) (0, &info);
- assert (rv == CKR_SLOT_ID_INVALID);
-
- teardown_mock_module (module);
-}
-
-static void
-test_get_mechanism_list (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_MECHANISM_TYPE mechs[8];
- CK_ULONG count = 0;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, NULL, &count);
- assert (rv == CKR_OK);
- assert_num_eq (2, count);
- rv = (module->C_GetMechanismList) (MOCK_SLOT_TWO_ID, NULL, &count);
- assert (rv == CKR_TOKEN_NOT_PRESENT);
- rv = (module->C_GetMechanismList) (0, NULL, &count);
- assert (rv == CKR_SLOT_ID_INVALID);
-
- count = 8;
- rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, mechs, &count);
- assert (rv == CKR_OK);
- assert_num_eq (2, count);
- assert_num_eq (mechs[0], CKM_MOCK_CAPITALIZE);
- assert_num_eq (mechs[1], CKM_MOCK_PREFIX);
-
- teardown_mock_module (module);
-}
-
-static void
-test_get_mechanism_info (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_MECHANISM_INFO info;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_CAPITALIZE, &info);
- assert_num_eq (rv, CKR_OK);
- assert_num_eq (512, info.ulMinKeySize);
- assert_num_eq (4096, info.ulMaxKeySize);
- assert_num_eq (CKF_ENCRYPT | CKF_DECRYPT, info.flags);
-
- rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_PREFIX, &info);
- assert (rv == CKR_OK);
- assert_num_eq (2048, info.ulMinKeySize);
- assert_num_eq (2048, info.ulMaxKeySize);
- assert_num_eq (CKF_SIGN | CKF_VERIFY, info.flags);
-
- rv = (module->C_GetMechanismInfo) (MOCK_SLOT_TWO_ID, CKM_MOCK_PREFIX, &info);
- assert (rv == CKR_TOKEN_NOT_PRESENT);
- rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, 0, &info);
- assert (rv == CKR_MECHANISM_INVALID);
- rv = (module->C_GetMechanismInfo) (0, CKM_MOCK_PREFIX, &info);
- assert (rv == CKR_SLOT_ID_INVALID);
-
- teardown_mock_module (module);
-}
-
-static void
-test_init_token (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");
- assert (rv == CKR_OK);
-
- rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"OTHER", 5, (CK_UTF8CHAR_PTR)"TEST LABEL");
- assert (rv == CKR_PIN_INVALID);
- rv = (module->C_InitToken) (MOCK_SLOT_TWO_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");
- assert (rv == CKR_TOKEN_NOT_PRESENT);
- rv = (module->C_InitToken) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");
- assert (rv == CKR_SLOT_ID_INVALID);
-
- teardown_mock_module (module);
-}
-
-static void
-test_wait_for_slot_event (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SLOT_ID slot;
- CK_RV rv;
-
-#ifdef MOCK_SKIP_WAIT_TEST
- return;
-#endif
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_WaitForSlotEvent) (0, &slot, NULL);
- assert (rv == CKR_OK);
- assert_num_eq (slot, MOCK_SLOT_TWO_ID);
-
- rv = (module->C_WaitForSlotEvent) (CKF_DONT_BLOCK, &slot, NULL);
- assert (rv == CKR_NO_EVENT);
-
- teardown_mock_module (module);
-}
-
-static void
-test_open_close_session (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_OpenSession) (MOCK_SLOT_TWO_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_TOKEN_NOT_PRESENT);
- rv = (module->C_OpenSession) (0, CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_SLOT_ID_INVALID);
-
- rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
- assert (session != 0);
-
- rv = (module->C_CloseSession) (session);
- assert (rv == CKR_OK);
-
- rv = (module->C_CloseSession) (session);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- teardown_mock_module (module);
-}
-
-static void
-test_close_all_sessions (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
- assert (session != 0);
-
- rv = (module->C_CloseAllSessions) (MOCK_SLOT_ONE_ID);
- assert (rv == CKR_OK);
-
- rv = (module->C_CloseSession) (session);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- teardown_mock_module (module);
-}
-
-static void
-test_get_function_status (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_GetFunctionStatus) (session);
- assert (rv == CKR_FUNCTION_NOT_PARALLEL);
-
- teardown_mock_module (module);
-}
-
-static void
-test_cancel_function (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_CancelFunction) (session);
- assert (rv == CKR_FUNCTION_NOT_PARALLEL);
-
- teardown_mock_module (module);
-}
-
-static void
-test_get_session_info (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_SESSION_INFO info;
- CK_RV rv;
-
- module = setup_mock_module (NULL);
-
- rv = (module->C_GetSessionInfo) (0, &info);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
- assert (session != 0);
-
- rv = (module->C_GetSessionInfo) (session, &info);
- assert (rv == CKR_OK);
- assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID);
- assert_num_eq (CKS_RO_PUBLIC_SESSION, info.state);
- assert_num_eq (CKF_SERIAL_SESSION, info.flags);
- assert_num_eq (1414, info.ulDeviceError);
-
- rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
- assert (session != 0);
-
- rv = (module->C_GetSessionInfo) (session, &info);
- assert (rv == CKR_OK);
- assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID);
- assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state);
- assert_num_eq (CKF_SERIAL_SESSION | CKF_RW_SESSION, info.flags);
- assert_num_eq (1414, info.ulDeviceError);
-
- teardown_mock_module (module);
-}
-
-static void
-test_init_pin (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_InitPIN) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"TEST PIN", 8);
- assert (rv == CKR_OK);
-
- rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"OTHER", 5);
- assert (rv == CKR_PIN_INVALID);
-
- teardown_mock_module (module);
-}
-
-static void
-test_set_pin (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_SetPIN) (0, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8);
- assert (rv == CKR_OK);
-
- rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"other", 5, (CK_UTF8CHAR_PTR)"OTHER", 5);
- assert (rv == CKR_PIN_INCORRECT);
-
- teardown_mock_module (module);
-}
-
-static void
-test_operation_state (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_BYTE state[128];
- CK_ULONG state_len;
- CK_SESSION_HANDLE session = 0;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- state_len = sizeof (state);
- rv = (module->C_GetOperationState) (0, state, &state_len);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- state_len = sizeof (state);
- rv = (module->C_GetOperationState) (session, state, &state_len);
- assert (rv == CKR_OK);
-
- rv = (module->C_SetOperationState) (session, state, state_len, 355, 455);
- assert (rv == CKR_OK);
-
- rv = (module->C_SetOperationState) (0, state, state_len, 355, 455);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- teardown_mock_module (module);
-}
-
-static void
-test_login_logout (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_Login) (0, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"bo", 2);
- assert (rv == CKR_PIN_INCORRECT);
-
- rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- rv = (module->C_Logout) (session);
- assert (rv == CKR_OK);
-
- rv = (module->C_Logout) (session);
- assert (rv == CKR_USER_NOT_LOGGED_IN);
-
- teardown_mock_module (module);
-}
-
-static void
-test_get_attribute_value (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_ATTRIBUTE attrs[8];
- char label[32];
- CK_OBJECT_CLASS klass;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- attrs[0].type = CKA_CLASS;
- attrs[0].pValue = &klass;
- attrs[0].ulValueLen = sizeof (klass);
- attrs[1].type = CKA_LABEL;
- attrs[1].pValue = label;
- attrs[1].ulValueLen = 2; /* too small */
- attrs[2].type = CKA_BITS_PER_PIXEL;
- attrs[2].pValue = NULL;
- attrs[2].ulValueLen = 0;
-
- rv = (module->C_GetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 3);
- assert (rv == CKR_USER_NOT_LOGGED_IN);
-
- rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2);
- assert (rv == CKR_BUFFER_TOO_SMALL);
-
- /* Get right size */
- attrs[1].pValue = NULL;
- attrs[1].ulValueLen = 0;
-
- rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2);
- assert (rv == CKR_OK);
-
- rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3);
- assert (rv == CKR_ATTRIBUTE_TYPE_INVALID);
-
- assert_num_eq (CKO_PUBLIC_KEY, klass);
- assert_num_eq (21, attrs[1].ulValueLen);
- assert_ptr_eq (NULL, attrs[1].pValue);
- attrs[1].pValue = label;
- attrs[1].ulValueLen = sizeof (label);
- assert ((CK_ULONG)-1 == attrs[2].ulValueLen);
- assert_ptr_eq (NULL, attrs[2].pValue);
-
- rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3);
- assert (rv == CKR_ATTRIBUTE_TYPE_INVALID);
-
- assert_num_eq (CKO_PUBLIC_KEY, klass);
- assert_num_eq (21, attrs[1].ulValueLen);
- assert_ptr_eq (label, attrs[1].pValue);
- assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0);
- assert ((CK_ULONG)-1 == attrs[2].ulValueLen);
- assert_ptr_eq (NULL, attrs[2].pValue);
-
- teardown_mock_module (module);
-}
-
-static void
-test_set_attribute_value (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_ATTRIBUTE attrs[8];
- char label[32];
- CK_ULONG bits;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- strcpy (label, "Blahooo");
- bits = 1555;
-
- attrs[0].type = CKA_LABEL;
- attrs[0].pValue = label;
- attrs[0].ulValueLen = strlen (label);
- attrs[1].type = CKA_BITS_PER_PIXEL;
- attrs[1].pValue = &bits;
- attrs[1].ulValueLen = sizeof (bits);
-
- rv = (module->C_SetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 2);
- assert (rv == CKR_USER_NOT_LOGGED_IN);
-
- rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2);
- assert (rv == CKR_OK);
-
- memset (label, 0, sizeof (label));
- bits = 0;
-
- rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2);
- assert (rv == CKR_OK);
-
- assert_num_eq (bits, 1555);
- assert_num_eq (7, attrs[0].ulValueLen);
- assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_create_object (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_OBJECT_HANDLE object;
- CK_ATTRIBUTE attrs[8];
- char label[32];
- CK_ULONG bits;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- strcpy (label, "Blahooo");
- bits = 1555;
-
- attrs[0].type = CKA_LABEL;
- attrs[0].pValue = label;
- attrs[0].ulValueLen = strlen (label);
- attrs[1].type = CKA_BITS_PER_PIXEL;
- attrs[1].pValue = &bits;
- attrs[1].ulValueLen = sizeof (bits);
-
- rv = (module->C_CreateObject) (0, attrs, 2, &object);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_CreateObject) (session, attrs, 2, &object);
- assert (rv == CKR_OK);
-
- attrs[0].ulValueLen = sizeof (label);
- memset (label, 0, sizeof (label));
- bits = 0;
-
- rv = (module->C_GetAttributeValue) (session, object, attrs, 2);
- assert (rv == CKR_OK);
-
- assert_num_eq (bits, 1555);
- assert_num_eq (7, attrs[0].ulValueLen);
- assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_copy_object (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_OBJECT_HANDLE object;
- CK_ATTRIBUTE attrs[8];
- char label[32];
- CK_ULONG bits;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- bits = 1555;
-
- attrs[0].type = CKA_BITS_PER_PIXEL;
- attrs[0].pValue = &bits;
- attrs[0].ulValueLen = sizeof (bits);
-
- rv = (module->C_CopyObject) (session, 1333, attrs, 1, &object);
- assert (rv == CKR_OBJECT_HANDLE_INVALID);
-
- rv = (module->C_CopyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1, &object);
- assert (rv == CKR_OK);
-
- attrs[1].type = CKA_LABEL;
- attrs[1].pValue = label;
- attrs[1].ulValueLen = sizeof (label);
- bits = 0;
-
- rv = (module->C_GetAttributeValue) (session, object, attrs, 2);
- assert (rv == CKR_OK);
-
- assert_num_eq (bits, 1555);
- assert_num_eq (21, attrs[1].ulValueLen);
- assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_destroy_object (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_ATTRIBUTE attrs[8];
- char label[32];
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- attrs[0].type = CKA_LABEL;
- attrs[0].pValue = label;
- attrs[0].ulValueLen = sizeof (label);
-
- rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1);
- assert (rv == CKR_OK);
-
- rv = (module->C_DestroyObject) (0, MOCK_PUBLIC_KEY_CAPITALIZE);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_DestroyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE);
- assert (rv == CKR_OK);
-
- rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1);
- assert (rv == CKR_OBJECT_HANDLE_INVALID);
-
- teardown_mock_module (module);
-}
-
-static void
-test_get_object_size (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_ULONG size;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_GetObjectSize) (session, 1333, &size);
- assert (rv == CKR_OBJECT_HANDLE_INVALID);
-
- rv = (module->C_GetObjectSize) (session, MOCK_PUBLIC_KEY_CAPITALIZE, &size);
- assert (rv == CKR_OK);
-
- /* The number here is the length of all attributes added up */
- assert_num_eq (sizeof (CK_ULONG) == 8 ? 44 : 36, size);
-
- teardown_mock_module (module);
-}
-
-static void
-test_find_objects (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY;
- CK_ATTRIBUTE attr = { CKA_CLASS, &klass, sizeof (klass) };
- CK_OBJECT_HANDLE objects[16];
- CK_ULONG count;
- CK_ULONG i;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_FindObjectsInit) (0, &attr, 1);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_FindObjectsInit) (session, &attr, 1);
- assert (rv == CKR_OK);
-
- rv = (module->C_FindObjects) (0, objects, 16, &count);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_FindObjects) (session, objects, 16, &count);
- assert (rv == CKR_OK);
-
- assert (count < 16);
-
- /* Make sure we get the capitalize public key */
- for (i = 0; i < count; i++) {
- if (objects[i] == MOCK_PUBLIC_KEY_CAPITALIZE)
- break;
- }
- assert (i != count);
-
- /* Make sure we get the prefix public key */
- for (i = 0; i < count; i++) {
- if (objects[i] == MOCK_PUBLIC_KEY_PREFIX)
- break;
- }
- assert (i != count);
-
- /* Make sure all public keys */
- for (i = 0; i < count; i++) {
- klass = (CK_ULONG)-1;
- rv = (module->C_GetAttributeValue) (session, objects[i], &attr, 1);
- assert (rv == CKR_OK);
- assert_num_eq (CKO_PUBLIC_KEY, klass);
- }
-
- rv = (module->C_FindObjectsFinal) (session);
- assert (rv == CKR_OK);
-
- rv = (module->C_FindObjectsFinal) (session);
- assert (rv == CKR_OPERATION_NOT_INITIALIZED);
-
- teardown_mock_module (module);
-}
-
-static void
-test_encrypt (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
- CK_BYTE data[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX);
- assert (rv == CKR_KEY_HANDLE_INVALID);
-
- rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_Encrypt) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (4, length);
- assert (memcmp (data, "BLAH", 4) == 0);
-
- rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_EncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_EncryptUpdate) (session, (CK_BYTE_PTR)"sLurm", 5, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (5, length);
- assert (memcmp (data, "SLURM", 5) == 0);
-
- length = sizeof (data);
- rv = (module->C_EncryptFinal) (0, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_EncryptFinal) (session, data, &length);
- assert (rv == CKR_OK);
-
- teardown_mock_module (module);
-}
-
-static void
-test_decrypt (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
- CK_BYTE data[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX);
- assert (rv == CKR_KEY_HANDLE_INVALID);
-
- rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_Decrypt) (0, (CK_BYTE_PTR)"bLAH", 4, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (4, length);
- assert (memcmp (data, "blah", 4) == 0);
-
- rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_DecryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_DecryptUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (5, length);
- assert (memcmp (data, "slurm", 5) == 0);
-
- length = sizeof (data);
- rv = (module->C_DecryptFinal) (0, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_DecryptFinal) (session, data, &length);
- assert (rv == CKR_OK);
-
- teardown_mock_module (module);
-}
-
-static void
-test_digest (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_COUNT, NULL, 0 };
- CK_BYTE digest[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_DigestInit) (0, &mech);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_DigestInit) (session, &mech);
- assert (rv == CKR_OK);
-
- length = sizeof (digest);
- rv = (module->C_Digest) (0, (CK_BYTE_PTR)"bLAH", 4, digest, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (digest);
- rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (1, length);
- assert (memcmp (digest, "4", 1) == 0);
-
- rv = (module->C_DigestInit) (session, &mech);
- assert (rv == CKR_OK);
-
- rv = (module->C_DigestUpdate) (0, (CK_BYTE_PTR)"blah", 4);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5);
- assert (rv == CKR_OK);
-
- /* Adds the the value of object handle to hash: 6 */
- assert_num_eq (6, MOCK_PUBLIC_KEY_PREFIX);
- rv = (module->C_DigestKey) (session, MOCK_PUBLIC_KEY_PREFIX);
- assert (rv == CKR_OK);
-
- rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"Other", 5);
- assert (rv == CKR_OK);
-
- length = sizeof (digest);
- rv = (module->C_DigestFinal) (0, digest, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (digest);
- rv = (module->C_DigestFinal) (session, digest, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (2, length);
- assert (memcmp (digest, "16", 2) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_sign (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 };
- CK_BYTE signature[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- rv = (module->C_SignInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX);
- assert (rv == CKR_OK);
-
- rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- length = sizeof (signature);
- rv = (module->C_Sign) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (signature);
- rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (13, length);
- assert (memcmp (signature, "prefix:value4", 13) == 0);
-
- rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX);
- assert (rv == CKR_OK);
-
- rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- rv = (module->C_SignUpdate) (0, (CK_BYTE_PTR)"blah", 4);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5);
- assert (rv == CKR_OK);
-
- rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"Other", 5);
- assert (rv == CKR_OK);
-
- length = sizeof (signature);
- rv = (module->C_SignFinal) (0, signature, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (signature);
- rv = (module->C_SignFinal) (session, signature, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (14, length);
- assert (memcmp (signature, "prefix:value10", 2) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_sign_recover (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 };
- CK_BYTE signature[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- rv = (module->C_SignRecoverInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_SignRecoverInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX);
- assert (rv == CKR_OK);
-
- rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- length = sizeof (signature);
- rv = (module->C_SignRecover) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (signature);
- rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (16, length);
- assert (memcmp (signature, "prefix:valueBLAh", 16) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_verify (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 };
- CK_BYTE signature[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_VerifyInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX);
- assert (rv == CKR_OK);
-
- length = 13;
- memcpy (signature, "prefix:value4", length);
- rv = (module->C_Verify) (0, (CK_BYTE_PTR)"bLAH", 4, signature, 5);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_Verify) (session, (CK_BYTE_PTR)"BLAh", 4, signature, length);
- assert (rv == CKR_OK);
-
- rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX);
- assert (rv == CKR_OK);
-
- rv = (module->C_VerifyUpdate) (0, (CK_BYTE_PTR)"blah", 4);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5);
- assert (rv == CKR_OK);
-
- rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"Other", 5);
- assert (rv == CKR_OK);
-
- length = 14;
- memcpy (signature, "prefix:value10", length);
-
- rv = (module->C_VerifyFinal) (session, signature, 5);
- assert (rv == CKR_SIGNATURE_LEN_RANGE);
-
- rv = (module->C_VerifyFinal) (session, signature, length);
- assert (rv == CKR_OK);
-
- teardown_mock_module (module);
-}
-
-static void
-test_verify_recover (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 };
- CK_BYTE data[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_VerifyRecoverInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_VerifyRecoverInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_VerifyRecover) (0, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (4, length);
- assert (memcmp (data, "BLah", 4) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_digest_encrypt (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
- CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 };
- CK_BYTE data[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE);
- assert (rv == CKR_OK);
-
- rv = (module->C_DigestInit) (session, &dmech);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_DigestEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_DigestEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (4, length);
- assert (memcmp (data, "BLAH", 4) == 0);
-
- length = sizeof (data);
- rv = (module->C_EncryptFinal) (session, data, &length);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_DigestFinal) (session, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (1, length);
- assert (memcmp (data, "4", 1) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_decrypt_digest (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
- CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 };
- CK_BYTE data[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE);
- assert (rv == CKR_OK);
-
- rv = (module->C_DigestInit) (session, &dmech);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_DecryptDigestUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_DecryptDigestUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (4, length);
- assert (memcmp (data, "blah", 4) == 0);
-
- length = sizeof (data);
- rv = (module->C_DecryptFinal) (session, data, &length);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_DigestFinal) (session, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (1, length);
- assert (memcmp (data, "4", 1) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_sign_encrypt (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
- CK_MECHANISM smech = { CKM_MOCK_PREFIX, "p:", 2 };
- CK_BYTE data[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE);
- assert (rv == CKR_OK);
-
- rv = (module->C_SignInit) (session, &smech, MOCK_PRIVATE_KEY_PREFIX);
- assert (rv == CKR_OK);
-
- rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_SignEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_SignEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (4, length);
- assert (memcmp (data, "BLAH", 4) == 0);
-
- length = sizeof (data);
- rv = (module->C_EncryptFinal) (session, data, &length);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_SignFinal) (session, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (8, length);
- assert (memcmp (data, "p:value4", 1) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_decrypt_verify (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
- CK_MECHANISM vmech = { CKM_MOCK_PREFIX, "p:", 2 };
- CK_BYTE data[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
- assert (rv == CKR_OK);
-
- rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE);
- assert (rv == CKR_OK);
-
- rv = (module->C_VerifyInit) (session, &vmech, MOCK_PUBLIC_KEY_PREFIX);
- assert (rv == CKR_OK);
-
- length = sizeof (data);
- rv = (module->C_DecryptVerifyUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- length = sizeof (data);
- rv = (module->C_DecryptVerifyUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (4, length);
- assert (memcmp (data, "blah", 4) == 0);
-
- length = sizeof (data);
- rv = (module->C_DecryptFinal) (session, data, &length);
- assert (rv == CKR_OK);
-
- rv = (module->C_VerifyFinal) (session, (CK_BYTE_PTR)"p:value4", 8);
- assert (rv == CKR_OK);
-
- teardown_mock_module (module);
-}
-
-static void
-test_generate_key (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_OBJECT_HANDLE object;
- CK_MECHANISM mech = { CKM_MOCK_GENERATE, NULL, 0 };
- CK_ATTRIBUTE attrs[8];
- char label[32];
- char value[64];
- CK_ULONG bits;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- strcpy (label, "Blahooo");
- bits = 1555;
-
- attrs[0].type = CKA_LABEL;
- attrs[0].pValue = label;
- attrs[0].ulValueLen = strlen (label);
- attrs[1].type = CKA_BITS_PER_PIXEL;
- attrs[1].pValue = &bits;
- attrs[1].ulValueLen = sizeof (bits);
-
- rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object);
- assert (rv == CKR_MECHANISM_PARAM_INVALID);
-
- mech.pParameter = "generate";
- mech.ulParameterLen = 9;
-
- rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object);
- assert (rv == CKR_OK);
-
- attrs[0].ulValueLen = sizeof (label);
- memset (label, 0, sizeof (label));
- bits = 0;
- attrs[2].type = CKA_VALUE;
- attrs[2].pValue = value;
- attrs[2].ulValueLen = sizeof (value);
-
- rv = (module->C_GetAttributeValue) (session, object, attrs, 3);
- assert (rv == CKR_OK);
-
- assert_num_eq (bits, 1555);
- assert_num_eq (7, attrs[0].ulValueLen);
- assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
- assert_num_eq (9, attrs[2].ulValueLen);
- assert (memcmp (value, "generated", attrs[2].ulValueLen) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_generate_key_pair (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_OBJECT_HANDLE pub_object;
- CK_OBJECT_HANDLE priv_object;
- CK_MECHANISM mech = { CKM_MOCK_GENERATE, "generated", 9 };
- CK_ATTRIBUTE pub_attrs[8];
- CK_ATTRIBUTE priv_attrs[8];
- char pub_label[32];
- char pub_value[64];
- char priv_label[32];
- char priv_value[64];
- CK_ULONG pub_bits;
- CK_ULONG priv_bits;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- strcpy (pub_label, "Blahooo");
- pub_bits = 1555;
- pub_attrs[0].type = CKA_LABEL;
- pub_attrs[0].pValue = pub_label;
- pub_attrs[0].ulValueLen = strlen (pub_label);
- pub_attrs[1].type = CKA_BITS_PER_PIXEL;
- pub_attrs[1].pValue = &pub_bits;
- pub_attrs[1].ulValueLen = sizeof (pub_bits);
-
- strcpy (priv_label, "Private");
- priv_bits = 1666;
- priv_attrs[0].type = CKA_LABEL;
- priv_attrs[0].pValue = priv_label;
- priv_attrs[0].ulValueLen = strlen (priv_label);
- priv_attrs[1].type = CKA_BITS_PER_PIXEL;
- priv_attrs[1].pValue = &priv_bits;
- priv_attrs[1].ulValueLen = sizeof (priv_bits);
-
- rv = (module->C_GenerateKeyPair) (0, &mech, pub_attrs, 2, priv_attrs, 2,
- &pub_object, &priv_object);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- mech.pParameter = "generate";
- mech.ulParameterLen = 9;
-
- rv = (module->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 2,
- &pub_object, &priv_object);
- assert (rv == CKR_OK);
-
- pub_bits = 0;
- pub_attrs[0].ulValueLen = sizeof (pub_label);
- memset (pub_label, 0, sizeof (pub_label));
- pub_attrs[2].type = CKA_VALUE;
- pub_attrs[2].pValue = pub_value;
- pub_attrs[2].ulValueLen = sizeof (pub_value);
-
- rv = (module->C_GetAttributeValue) (session, pub_object, pub_attrs, 3);
- assert (rv == CKR_OK);
-
- assert_num_eq (1555, pub_bits);
- assert_num_eq (7, pub_attrs[0].ulValueLen);
- assert (memcmp (pub_label, "Blahooo", pub_attrs[0].ulValueLen) == 0);
- assert_num_eq (9, pub_attrs[2].ulValueLen);
- assert (memcmp (pub_value, "generated", pub_attrs[2].ulValueLen) == 0);
-
- priv_bits = 0;
- priv_attrs[0].ulValueLen = sizeof (priv_label);
- memset (priv_label, 0, sizeof (priv_label));
- priv_attrs[2].type = CKA_VALUE;
- priv_attrs[2].pValue = priv_value;
- priv_attrs[2].ulValueLen = sizeof (priv_value);
-
- rv = (module->C_GetAttributeValue) (session, priv_object, priv_attrs, 3);
- assert (rv == CKR_OK);
-
- assert_num_eq (1666, priv_bits);
- assert_num_eq (7, priv_attrs[0].ulValueLen);
- assert (memcmp (priv_label, "Private", priv_attrs[0].ulValueLen) == 0);
- assert_num_eq (9, priv_attrs[2].ulValueLen);
- assert (memcmp (priv_value, "generated", priv_attrs[2].ulValueLen) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_wrap_key (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 };
- CK_BYTE data[128];
- CK_ULONG length;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- length = sizeof (data);
- rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length);
- assert (rv == CKR_MECHANISM_PARAM_INVALID);
-
- mech.pParameter = "wrap";
- mech.ulParameterLen = 4;
-
- rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length);
- assert (rv == CKR_OK);
-
- assert_num_eq (5, length);
- assert (memcmp (data, "value", 5) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_unwrap_key (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_OBJECT_HANDLE object;
- CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 };
- CK_ATTRIBUTE attrs[8];
- char label[32];
- char value[64];
- CK_ULONG bits;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- strcpy (label, "Blahooo");
- bits = 1555;
-
- attrs[0].type = CKA_LABEL;
- attrs[0].pValue = label;
- attrs[0].ulValueLen = strlen (label);
- attrs[1].type = CKA_BITS_PER_PIXEL;
- attrs[1].pValue = &bits;
- attrs[1].ulValueLen = sizeof (bits);
-
- rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX,
- (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object);
- assert (rv == CKR_MECHANISM_PARAM_INVALID);
-
- mech.pParameter = "wrap";
- mech.ulParameterLen = 4;
-
- rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX,
- (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object);
- assert (rv == CKR_OK);
-
- attrs[0].ulValueLen = sizeof (label);
- memset (label, 0, sizeof (label));
- bits = 0;
- attrs[2].type = CKA_VALUE;
- attrs[2].pValue = value;
- attrs[2].ulValueLen = sizeof (value);
-
- rv = (module->C_GetAttributeValue) (session, object, attrs, 3);
- assert (rv == CKR_OK);
-
- assert_num_eq (bits, 1555);
- assert_num_eq (7, attrs[0].ulValueLen);
- assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
- assert_num_eq (5, attrs[2].ulValueLen);
- assert (memcmp (value, "wheee", attrs[2].ulValueLen) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_derive_key (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_OBJECT_HANDLE object;
- CK_MECHANISM mech = { CKM_MOCK_DERIVE, NULL, 0 };
- CK_ATTRIBUTE attrs[8];
- char label[32];
- char value[64];
- CK_ULONG bits;
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- strcpy (label, "Blahooo");
- bits = 1555;
-
- attrs[0].type = CKA_LABEL;
- attrs[0].pValue = label;
- attrs[0].ulValueLen = strlen (label);
- attrs[1].type = CKA_BITS_PER_PIXEL;
- attrs[1].pValue = &bits;
- attrs[1].ulValueLen = sizeof (bits);
-
- rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX,
- attrs, 2, &object);
- assert (rv == CKR_MECHANISM_PARAM_INVALID);
-
- mech.pParameter = "derive";
- mech.ulParameterLen = 6;
-
- rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX,
- attrs, 2, &object);
- assert (rv == CKR_OK);
-
- attrs[0].ulValueLen = sizeof (label);
- memset (label, 0, sizeof (label));
- bits = 0;
- attrs[2].type = CKA_VALUE;
- attrs[2].pValue = value;
- attrs[2].ulValueLen = sizeof (value);
-
- rv = (module->C_GetAttributeValue) (session, object, attrs, 3);
- assert (rv == CKR_OK);
-
- assert_num_eq (bits, 1555);
- assert_num_eq (7, attrs[0].ulValueLen);
- assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
- assert_num_eq (7, attrs[2].ulValueLen);
- assert (memcmp (value, "derived", attrs[2].ulValueLen) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_random (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_SESSION_HANDLE session = 0;
- CK_BYTE data[10];
- CK_RV rv;
-
- module = setup_mock_module (&session);
-
- rv = (module->C_SeedRandom) (0, (CK_BYTE_PTR)"seed", 4);
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_SeedRandom) (session, (CK_BYTE_PTR)"seed", 4);
- assert (rv == CKR_OK);
-
- rv = (module->C_GenerateRandom) (0, data, sizeof (data));
- assert (rv == CKR_SESSION_HANDLE_INVALID);
-
- rv = (module->C_GenerateRandom) (session, data, sizeof (data));
- assert (rv == CKR_OK);
-
- assert (memcmp (data, "seedseedse", sizeof (data)) == 0);
-
- teardown_mock_module (module);
-}
-
-static void
-test_mock_add_tests (const char *prefix)
-{
- p11_fixture (NULL, NULL);
- p11_test (test_get_info, "%s/test_get_info", prefix);
- p11_test (test_get_slot_list, "%s/test_get_slot_list", prefix);
- p11_test (test_get_slot_info, "%s/test_get_slot_info", prefix);
- p11_test (test_get_token_info, "%s/test_get_token_info", prefix);
- p11_test (test_get_mechanism_list, "%s/test_get_mechanism_list", prefix);
- p11_test (test_get_mechanism_info, "%s/test_get_mechanism_info", prefix);
- p11_test (test_init_token, "%s/test_init_token", prefix);
- p11_test (test_wait_for_slot_event, "%s/test_wait_for_slot_event", prefix);
- p11_test (test_open_close_session, "%s/test_open_close_session", prefix);
- p11_test (test_close_all_sessions, "%s/test_close_all_sessions", prefix);
- p11_test (test_get_function_status, "%s/test_get_function_status", prefix);
- p11_test (test_cancel_function, "%s/test_cancel_function", prefix);
- p11_test (test_get_session_info, "%s/test_get_session_info", prefix);
- p11_test (test_init_pin, "%s/test_init_pin", prefix);
- p11_test (test_set_pin, "%s/test_set_pin", prefix);
- p11_test (test_operation_state, "%s/test_operation_state", prefix);
- p11_test (test_login_logout, "%s/test_login_logout", prefix);
- p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix);
- p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix);
- p11_test (test_create_object, "%s/test_create_object", prefix);
- p11_test (test_copy_object, "%s/test_copy_object", prefix);
- p11_test (test_destroy_object, "%s/test_destroy_object", prefix);
- p11_test (test_get_object_size, "%s/test_get_object_size", prefix);
- p11_test (test_find_objects, "%s/test_find_objects", prefix);
- p11_test (test_encrypt, "%s/test_encrypt", prefix);
- p11_test (test_decrypt, "%s/test_decrypt", prefix);
- p11_test (test_digest, "%s/test_digest", prefix);
- p11_test (test_sign, "%s/test_sign", prefix);
- p11_test (test_sign_recover, "%s/test_sign_recover", prefix);
- p11_test (test_verify, "%s/test_verify", prefix);
- p11_test (test_verify_recover, "%s/test_verify_recover", prefix);
- p11_test (test_digest_encrypt, "%s/test_digest_encrypt", prefix);
- p11_test (test_decrypt_digest, "%s/test_decrypt_digest", prefix);
- p11_test (test_sign_encrypt, "%s/test_sign_encrypt", prefix);
- p11_test (test_decrypt_verify, "%s/test_decrypt_verify", prefix);
- p11_test (test_generate_key, "%s/test_generate_key", prefix);
- p11_test (test_generate_key_pair, "%s/test_generate_key_pair", prefix);
- p11_test (test_wrap_key, "%s/test_wrap_key", prefix);
- p11_test (test_unwrap_key, "%s/test_unwrap_key", prefix);
- p11_test (test_derive_key, "%s/test_derive_key", prefix);
- p11_test (test_random, "%s/test_random", prefix);
-}
diff --git a/p11-kit/test-modules.c b/p11-kit/test-modules.c
deleted file mode 100644
index 837e7ff..0000000
--- a/p11-kit/test-modules.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/*
- * Copyright (c) 2012, 2015 Red Hat Inc
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <libgen.h>
-
-#include "debug.h"
-#include "library.h"
-#include "p11-kit.h"
-#include "private.h"
-#include "dict.h"
-
-static CK_FUNCTION_LIST_PTR_PTR
-initialize_and_get_modules (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
-
- modules = p11_kit_modules_load_and_initialize (0);
- assert (modules != NULL && modules[0] != NULL);
-
- return modules;
-}
-
-static void
-finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules)
-{
- p11_kit_modules_finalize_and_release (modules);
-}
-
-static void
-test_no_duplicates (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
- p11_dict *paths;
- p11_dict *funcs;
- char *path;
- int i;
-
- modules = initialize_and_get_modules ();
- paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
- funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL);
-
- /* The loaded modules should not contain duplicates */
- for (i = 0; modules[i] != NULL; i++) {
- path = p11_kit_config_option (modules[i], "module");
-
- if (p11_dict_get (funcs, modules[i]))
- assert_fail ("found duplicate function list pointer", NULL);
- if (p11_dict_get (paths, path))
- assert_fail ("found duplicate path name", NULL);
-
- if (!p11_dict_set (funcs, modules[i], ""))
- assert_not_reached ();
- if (!p11_dict_set (paths, path, ""))
- assert_not_reached ();
-
- free (path);
- }
-
- p11_dict_free (paths);
- p11_dict_free (funcs);
- finalize_and_free_modules (modules);
-}
-
-static CK_FUNCTION_LIST_PTR
-lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules,
- const char *name)
-{
- CK_FUNCTION_LIST_PTR match = NULL;
- CK_FUNCTION_LIST_PTR module;
- char *module_name;
- int i;
-
- for (i = 0; match == NULL && modules[i] != NULL; i++) {
- module_name = p11_kit_module_get_name (modules[i]);
- assert_ptr_not_null (module_name);
- if (strcmp (module_name, name) == 0)
- match = modules[i];
- free (module_name);
- }
-
- /*
- * As a side effect, we should check that the results of this function
- * matches the above search.
- */
- module = p11_kit_module_for_name (modules, name);
- if (module != match)
- assert_fail ("different result from p11_kit_module_for_name ()", NULL);
-
- return match;
-}
-
-static CK_FUNCTION_LIST_PTR
-lookup_module_with_filename (CK_FUNCTION_LIST_PTR_PTR modules,
- const char *name)
-{
- CK_FUNCTION_LIST_PTR match = NULL;
- char *module_name;
- int i;
-
- for (i = 0; match == NULL && modules[i] != NULL; i++) {
- module_name = p11_kit_module_get_filename (modules[i]);
- assert_ptr_not_null (module_name);
- if (strcmp (basename(module_name), name) == 0)
- match = modules[i];
- free (module_name);
- }
-
- return match;
-}
-
-static void
-test_disable (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
-
- /*
- * The module four should be present, as we don't match any prognames
- * that it has disabled.
- */
-
- modules = initialize_and_get_modules ();
- assert (lookup_module_with_name (modules, "four") != NULL);
- finalize_and_free_modules (modules);
-
- /*
- * The module two shouldn't have been loaded, because in its config
- * file we have:
- *
- * disable-in: test-disable
- */
-
- p11_kit_set_progname ("test-disable");
-
- modules = initialize_and_get_modules ();
- assert (lookup_module_with_name (modules, "four") == NULL);
- finalize_and_free_modules (modules);
-
- p11_kit_set_progname (NULL);
-}
-
-static void
-test_filename (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
-
- /*
- * The module four should be present, as we don't match any prognames
- * that it has disabled.
- */
-
- modules = initialize_and_get_modules ();
-#ifndef _WIN32
- assert (lookup_module_with_filename (modules, "mock-four.so") != NULL);
-#endif
- finalize_and_free_modules (modules);
-}
-
-static void
-test_disable_later (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
-
- /*
- * The module two shouldn't be matched, because in its config
- * file we have:
- *
- * disable-in: test-disable
- */
-
- p11_kit_set_progname ("test-disable");
-
- modules = p11_kit_modules_load_and_initialize (0);
- assert (modules != NULL && modules[0] != NULL);
-
- assert (lookup_module_with_name (modules, "two") == NULL);
- finalize_and_free_modules (modules);
-
- p11_kit_set_progname (NULL);
-}
-
-static void
-test_enable (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
-
- /*
- * The module three should not be present, as we don't match the current
- * program.
- */
-
- modules = initialize_and_get_modules ();
- assert (lookup_module_with_name (modules, "three") == NULL);
- finalize_and_free_modules (modules);
-
- /*
- * The module three should be loaded here , because in its config
- * file we have:
- *
- * enable-in: test-enable
- */
-
- p11_kit_set_progname ("test-enable");
-
- modules = initialize_and_get_modules ();
- assert (lookup_module_with_name (modules, "three") != NULL);
- finalize_and_free_modules (modules);
-
- p11_kit_set_progname (NULL);
-}
-
-static void
-test_priority (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
- char *name;
- int i;
-
- /*
- * The expected order.
- * - four is marked with a priority of 4, the highest therefore first
- * - three is marked with a priority of 3, next highest
- * - one and two do not have priority marked, so they default to zero
- * and fallback to sorting alphabetically. 'o' comes before 't'
- */
-
- const char *expected[] = { "four", "three", "one", "two.badname" };
-
- /* This enables module three */
- p11_kit_set_progname ("test-enable");
-
- modules = initialize_and_get_modules ();
-
- /* The loaded modules should not contain duplicates */
- for (i = 0; modules[i] != NULL; i++) {
- name = p11_kit_module_get_name (modules[i]);
- assert_ptr_not_null (name);
-
- /* Either one of these can be loaded, as this is a duplicate module */
- if (strcmp (name, "two-duplicate") == 0) {
- free (name);
- name = strdup ("two.badname");
- }
-
- assert_str_eq (expected[i], name);
- free (name);
- }
-
- assert_num_eq (4, i);
- finalize_and_free_modules (modules);
-}
-
-static void
-test_module_name (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
- CK_FUNCTION_LIST_PTR module;
- char *name;
-
- /*
- * The module three should not be present, as we don't match the current
- * program.
- */
-
- modules = initialize_and_get_modules ();
-
- module = p11_kit_module_for_name (modules, "one");
- assert_ptr_not_null (module);
- name = p11_kit_module_get_name (module);
- assert_str_eq ("one", name);
- free (name);
-
- module = p11_kit_module_for_name (modules, "invalid");
- assert_ptr_eq (NULL, module);
-
- module = p11_kit_module_for_name (NULL, "one");
- assert_ptr_eq (NULL, module);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_module_flags (void)
-{
- CK_FUNCTION_LIST **modules;
- CK_FUNCTION_LIST **unmanaged;
- int flags;
-
- /*
- * The module three should not be present, as we don't match the current
- * program.
- */
-
- modules = initialize_and_get_modules ();
-
- flags = p11_kit_module_get_flags (modules[0]);
- assert_num_eq (0, flags);
-
- unmanaged = p11_kit_modules_load (NULL, P11_KIT_MODULE_UNMANAGED);
- assert (unmanaged != NULL && unmanaged[0] != NULL);
-
- flags = p11_kit_module_get_flags (unmanaged[0]);
- assert_num_eq (P11_KIT_MODULE_UNMANAGED, flags);
-
- finalize_and_free_modules (modules);
- p11_kit_modules_release (unmanaged);
-}
-
-static void
-test_module_trusted_only (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
- char *name;
-
- modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
- assert_ptr_not_null (modules);
- assert_ptr_not_null (modules[0]);
- assert (modules[1] == NULL);
-
- name = p11_kit_module_get_name (modules[0]);
- assert_str_eq (name, "one");
- free (name);
-
- assert_num_eq (p11_kit_module_get_flags (modules[0]), P11_KIT_MODULE_TRUSTED);
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_module_trust_flags (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
- char *name;
- int flags;
- int i;
-
- modules = initialize_and_get_modules ();
- assert_ptr_not_null (modules);
-
- for (i = 0; modules[i] != NULL; i++) {
- name = p11_kit_module_get_name (modules[i]);
- assert_ptr_not_null (name);
-
- flags = p11_kit_module_get_flags (modules[i]);
- if (strcmp (name, "one") == 0) {
- assert_num_eq (flags, P11_KIT_MODULE_TRUSTED);
- } else {
- assert_num_eq (flags, 0);
- }
-
- free (name);
- }
-
- finalize_and_free_modules (modules);
-}
-
-static void
-test_config_option (void)
-{
- CK_FUNCTION_LIST_PTR_PTR modules;
- CK_FUNCTION_LIST_PTR module;
- char *value;
-
- /*
- * The module three should not be present, as we don't match the current
- * program.
- */
-
- modules = initialize_and_get_modules ();
-
- value = p11_kit_config_option (NULL, "new");
- assert_str_eq ("world", value);
- free (value);
-
- module = p11_kit_module_for_name (modules, "one");
- assert_ptr_not_null (module);
-
- value = p11_kit_config_option (module, "setting");
- assert_str_eq ("user1", value);
- free (value);
-
- value = p11_kit_config_option (NULL, "invalid");
- assert_ptr_eq (NULL, value);
-
- value = p11_kit_config_option (module, "invalid");
- assert_ptr_eq (NULL, value);
-
- /* Invalid but non-NULL module pointer */
- value = p11_kit_config_option (module + 1, "setting");
- assert_ptr_eq (NULL, value);
-
- finalize_and_free_modules (modules);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_library_init ();
-
- p11_test (test_filename, "/modules/test_filename");
- p11_test (test_no_duplicates, "/modules/test_no_duplicates");
- p11_test (test_disable, "/modules/test_disable");
- p11_test (test_disable_later, "/modules/test_disable_later");
- p11_test (test_enable, "/modules/test_enable");
- p11_test (test_priority, "/modules/test_priority");
- p11_test (test_module_name, "/modules/test_module_name");
- p11_test (test_module_flags, "/modules/test_module_flags");
- p11_test (test_config_option, "/modules/test_config_option");
- p11_test (test_module_trusted_only, "/modules/trusted-only");
- p11_test (test_module_trust_flags, "/modules/trust-flags");
-
- p11_kit_be_quiet ();
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-pin.c b/p11-kit/test-pin.c
deleted file mode 100644
index 27e20c8..0000000
--- a/p11-kit/test-pin.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "library.h"
-
-#include <assert.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "p11-kit/pin.h"
-#include "p11-kit/private.h"
-
-static P11KitPin *
-callback_one (const char *pin_source, P11KitUri *pin_uri, const char *pin_description,
- P11KitPinFlags pin_flags, void *callback_data)
-{
- int *data = callback_data;
- assert (*data == 33);
- return p11_kit_pin_new_for_buffer ((unsigned char*)strdup ("one"), 3, free);
-}
-
-static P11KitPin*
-callback_other (const char *pin_source, P11KitUri *pin_uri, const char *pin_description,
- P11KitPinFlags pin_flags, void *callback_data)
-{
- char *data = callback_data;
- return p11_kit_pin_new_for_string (data);
-}
-
-static void
-destroy_data (void *callback_data)
-{
- int *data = callback_data;
- (*data)++;
-}
-
-static void
-test_pin_register_unregister (void)
-{
- int data = 33;
-
- p11_kit_pin_register_callback ("/the/pin_source", callback_one,
- &data, destroy_data);
-
- p11_kit_pin_unregister_callback ("/the/pin_source", callback_one,
- &data);
-
- assert_num_eq (34, data);
-}
-
-static void
-test_pin_read (void)
-{
- P11KitUri *uri;
- P11KitPin *pin;
- int data = 33;
- size_t length;
- const unsigned char *ptr;
-
- p11_kit_pin_register_callback ("/the/pin_source", callback_one,
- &data, destroy_data);
-
- uri = p11_kit_uri_new ();
- pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
- p11_kit_uri_free (uri);
-
- assert_ptr_not_null (pin);
- ptr = p11_kit_pin_get_value (pin, &length);
- assert_num_eq (3, length);
- assert (memcmp (ptr, "one", 3) == 0);
-
- p11_kit_pin_unregister_callback ("/the/pin_source", callback_one,
- &data);
-
- p11_kit_pin_unref (pin);
-}
-
-static void
-test_pin_read_no_match (void)
-{
- P11KitUri *uri;
- P11KitPin *pin;
-
- uri = p11_kit_uri_new ();
- pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
- p11_kit_uri_free (uri);
-
- assert_ptr_eq (NULL, pin);
-}
-
-static void
-test_pin_register_duplicate (void)
-{
- P11KitUri *uri;
- P11KitPin *pin;
- char *value = "secret";
- int data = 33;
- size_t length;
- const unsigned char *ptr;
-
- uri = p11_kit_uri_new ();
-
- p11_kit_pin_register_callback ("/the/pin_source", callback_one,
- &data, destroy_data);
-
- p11_kit_pin_register_callback ("/the/pin_source", callback_other,
- value, NULL);
-
- pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
-
- assert_ptr_not_null (pin);
- ptr = p11_kit_pin_get_value (pin, &length);
- assert_num_eq (6, length);
- assert (memcmp (ptr, "secret", length) == 0);
- p11_kit_pin_unref (pin);
-
- p11_kit_pin_unregister_callback ("/the/pin_source", callback_other,
- value);
-
- pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
-
- assert_ptr_not_null (pin);
- ptr = p11_kit_pin_get_value (pin, &length);
- assert_num_eq (3, length);
- assert (memcmp (ptr, "one", length) == 0);
- p11_kit_pin_unref (pin);
-
- p11_kit_pin_unregister_callback ("/the/pin_source", callback_one,
- &data);
-
- pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
-
- assert_ptr_eq (NULL, pin);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_pin_register_fallback (void)
-{
- char *value = "secret";
- P11KitUri *uri;
- P11KitPin *pin;
- int data = 33;
- size_t length;
- const unsigned char *ptr;
-
- uri = p11_kit_uri_new ();
-
- p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, callback_one,
- &data, destroy_data);
-
- pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
-
- assert_ptr_not_null (pin);
- ptr = p11_kit_pin_get_value (pin, &length);
- assert_num_eq (3, length);
- assert (memcmp (ptr, "one", length) == 0);
- p11_kit_pin_unref (pin);
-
- p11_kit_pin_register_callback ("/the/pin_source", callback_other,
- value, NULL);
-
- pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
-
- assert_ptr_not_null (pin);
- ptr = p11_kit_pin_get_value (pin, &length);
- assert_num_eq (6, length);
- assert (memcmp (ptr, "secret", length) == 0);
- p11_kit_pin_unref (pin);
-
- p11_kit_pin_unregister_callback ("/the/pin_source", callback_other,
- value);
-
- p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, callback_one,
- &data);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_pin_file (void)
-{
- P11KitUri *uri;
- P11KitPin *pin;
- size_t length;
- const unsigned char *ptr;
-
- uri = p11_kit_uri_new ();
-
- p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
- NULL, NULL);
-
- pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
-
- assert_ptr_not_null (pin);
- ptr = p11_kit_pin_get_value (pin, &length);
- assert_num_eq (12, length);
- assert (memcmp (ptr, "yogabbagabba", length) == 0);
- p11_kit_pin_unref (pin);
-
- pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/nonexistant", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
-
- assert_ptr_eq (NULL, pin);
-
- p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
- NULL);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_pin_file_large (void)
-{
- P11KitUri *uri;
- P11KitPin *pin;
- int error;
-
- uri = p11_kit_uri_new ();
-
- p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
- NULL, NULL);
-
- pin = p11_kit_pin_request (SRCDIR "/p11-kit/fixtures/test-pinfile-large", uri, "The token",
- P11_KIT_PIN_FLAGS_USER_LOGIN);
-
- error = errno;
- assert_ptr_eq (NULL, pin);
- assert_num_eq (EFBIG, error);
-
- p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
- NULL);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_pin_ref_unref (void)
-{
- P11KitPin *pin;
- P11KitPin *check;
-
- pin = p11_kit_pin_new_for_string ("crack of lies");
-
- check = p11_kit_pin_ref (pin);
- assert_ptr_eq (pin, check);
-
- p11_kit_pin_unref (pin);
- p11_kit_pin_unref (check);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_library_init ();
-
- p11_test (test_pin_register_unregister, "/pin/test_pin_register_unregister");
- p11_test (test_pin_read, "/pin/test_pin_read");
- p11_test (test_pin_read_no_match, "/pin/test_pin_read_no_match");
- p11_test (test_pin_register_duplicate, "/pin/test_pin_register_duplicate");
- p11_test (test_pin_register_fallback, "/pin/test_pin_register_fallback");
- p11_test (test_pin_file, "/pin/test_pin_file");
- p11_test (test_pin_file_large, "/pin/test_pin_file_large");
- p11_test (test_pin_ref_unref, "/pin/test_pin_ref_unref");
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-progname.c b/p11-kit/test-progname.c
deleted file mode 100644
index 76b136d..0000000
--- a/p11-kit/test-progname.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 2012 Stefan Walter
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "library.h"
-
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "p11-kit/uri.h"
-#include "p11-kit/p11-kit.h"
-#include "p11-kit/private.h"
-
-static void
-test_progname_default (void)
-{
- const char *progname;
-
- progname = _p11_get_progname_unlocked ();
- assert_str_eq ("test-progname", progname);
-}
-
-static void
-test_progname_set (void)
-{
- const char *progname;
-
- p11_kit_set_progname ("love-generation");
-
- progname = _p11_get_progname_unlocked ();
- assert_str_eq ("love-generation", progname);
-
- _p11_set_progname_unlocked (NULL);
-
- progname = _p11_get_progname_unlocked ();
- assert_str_eq ("test-progname", progname);
-}
-
-/* Defined in util.c */
-extern char p11_my_progname[];
-
-int
-main (int argc,
- char *argv[])
-{
- p11_library_init ();
-
- p11_test (test_progname_default, "/progname/test_progname_default");
- p11_test (test_progname_set, "/progname/test_progname_set");
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-proxy.c b/p11-kit/test-proxy.c
deleted file mode 100644
index 0fb270b..0000000
--- a/p11-kit/test-proxy.c
+++ /dev/null
@@ -1,296 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#define CRYPTOKI_EXPORTS
-
-#include "config.h"
-#include "test.h"
-
-#include "library.h"
-#include "mock.h"
-#include "p11-kit.h"
-#include "pkcs11.h"
-#include "proxy.h"
-
-#include <sys/types.h>
-
-#include <assert.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-#ifndef _WIN32
-#include <sys/wait.h>
-#endif
-
-/* This is the proxy module entry point in proxy.c, and linked to this test */
-CK_RV C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list);
-
-static CK_SLOT_ID mock_slot_one_id;
-static CK_SLOT_ID mock_slot_two_id;
-static CK_ULONG mock_slots_present;
-static CK_ULONG mock_slots_all;
-
-static void
-test_initialize_finalize (void)
-{
- CK_FUNCTION_LIST_PTR proxy;
- CK_RV rv;
-
- rv = C_GetFunctionList (&proxy);
- assert (rv == CKR_OK);
-
- assert (p11_proxy_module_check (proxy));
-
- rv = proxy->C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- rv = proxy->C_Finalize (NULL);
- assert_num_eq (rv, CKR_OK);
-
- p11_proxy_module_cleanup ();
-}
-
-static void
-test_initialize_multiple (void)
-{
- CK_FUNCTION_LIST_PTR proxy;
- CK_RV rv;
-
- rv = C_GetFunctionList (&proxy);
- assert (rv == CKR_OK);
-
- assert (p11_proxy_module_check (proxy));
-
- rv = proxy->C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- rv = proxy->C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- rv = proxy->C_Finalize (NULL);
- assert (rv == CKR_OK);
-
- rv = proxy->C_Finalize (NULL);
- assert (rv == CKR_OK);
-
- rv = proxy->C_Finalize (NULL);
- assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED);
-
- p11_proxy_module_cleanup ();
-}
-
-#ifndef _WIN32
-static void
-test_deinit_after_fork (void)
-{
- CK_FUNCTION_LIST_PTR proxy;
- CK_RV rv;
- pid_t pid;
- int st;
-
- rv = C_GetFunctionList (&proxy);
- assert (rv == CKR_OK);
-
- assert (p11_proxy_module_check (proxy));
-
- rv = proxy->C_Initialize(NULL);
- assert_num_eq (rv, CKR_OK);
-
- pid = fork ();
- if (!pid) {
- exit(0);
- }
- assert (pid != -1);
- waitpid(pid, &st, 0);
-
- rv = proxy->C_Finalize (NULL);
- assert_num_eq (rv, CKR_OK);
-
- p11_proxy_module_cleanup ();
-
- /* If the assertion fails, p11_kit_failed() doesn't return. So make
- * sure we do all the cleanup before the (expected) failure, or it
- * causes all the *later* tests to fail too! */
- if (!WIFEXITED (st) || WEXITSTATUS(st) != 0)
- assert_fail("Child failed to C_Initialize() and C_Finalize()", NULL);
-
-}
-
-static void
-test_initialize_child (void)
-{
- CK_FUNCTION_LIST_PTR proxy;
- CK_RV rv;
- pid_t pid;
- int st;
-
- rv = C_GetFunctionList (&proxy);
- assert (rv == CKR_OK);
-
- assert (p11_proxy_module_check (proxy));
-
- rv = proxy->C_Initialize(NULL);
- assert_num_eq (rv, CKR_OK);
-
- pid = fork ();
- if (!pid) {
- /* The PKCS#11 Usage Guide (v2.40) advocates in §2.5.2 that
- * a child should call C_Initialize() after forking, and
- * then immediately C_Finalize() if it's not going to do
- * anything more with the PKCS#11 token. In a multi-threaded
- * program this is a violation of the POSIX standard, which
- * puts strict limits on what you're allowed to do between
- * fork and an eventual exec or exit. But some things (like
- * pkcs11-helper and thus OpenVPN) do it anyway, and we
- * need to cope... */
-
- /* https://bugs.freedesktop.org/show_bug.cgi?id=90289 reports
- * a deadlock when this happens. Catch it with SIGALRM... */
- alarm(1);
-
- rv = proxy->C_Initialize(NULL);
- assert_num_eq (rv, CKR_OK);
-
- rv = proxy->C_Finalize (NULL);
- assert_num_eq (rv, CKR_OK);
-
- exit(0);
- }
- assert (pid != -1);
- waitpid(pid, &st, 0);
-
- rv = proxy->C_Finalize (NULL);
- assert_num_eq (rv, CKR_OK);
-
- p11_proxy_module_cleanup ();
-
- /* If the assertion fails, p11_kit_failed() doesn't return. So make
- * sure we do all the cleanup before the (expected) failure, or it
- * causes all the *later* tests to fail too! */
- if (!WIFEXITED (st) || WEXITSTATUS(st) != 0)
- assert_fail("Child failed to C_Initialize() and C_Finalize()", NULL);
-
-}
-#endif
-
-static CK_FUNCTION_LIST_PTR
-setup_mock_module (CK_SESSION_HANDLE *session)
-{
- CK_FUNCTION_LIST_PTR proxy;
- CK_SLOT_ID slots[32];
- CK_RV rv;
-
- rv = C_GetFunctionList (&proxy);
- assert (rv == CKR_OK);
-
- assert (p11_proxy_module_check (proxy));
-
- rv = proxy->C_Initialize (NULL);
- assert (rv == CKR_OK);
-
- mock_slots_all = 32;
- rv = proxy->C_GetSlotList (CK_FALSE, slots, &mock_slots_all);
- assert (rv == CKR_OK);
- assert_num_cmp (mock_slots_all, >=, 2);
-
- /* Assume this is the slot we want to deal with */
- mock_slot_one_id = slots[0];
- mock_slot_two_id = slots[1];
-
- rv = proxy->C_GetSlotList (CK_TRUE, NULL, &mock_slots_present);
- assert (rv == CKR_OK);
- assert (mock_slots_present > 1);
-
- if (session) {
- rv = (proxy->C_OpenSession) (mock_slot_one_id,
- CKF_RW_SESSION | CKF_SERIAL_SESSION,
- NULL, NULL, session);
- assert (rv == CKR_OK);
- }
-
- return proxy;
-}
-
-static void
-teardown_mock_module (CK_FUNCTION_LIST_PTR module)
-{
- CK_RV rv;
-
- rv = module->C_Finalize (NULL);
- assert (rv == CKR_OK);
-}
-
-/*
- * We redefine the mock module slot id so that the tests in test-mock.c
- * use the proxy mapped slot id rather than the hard coded one
- */
-#define MOCK_SLOT_ONE_ID mock_slot_one_id
-#define MOCK_SLOT_TWO_ID mock_slot_two_id
-#define MOCK_SLOTS_PRESENT mock_slots_present
-#define MOCK_SLOTS_ALL mock_slots_all
-#define MOCK_INFO mock_info
-#define MOCK_SKIP_WAIT_TEST
-
-static const CK_INFO mock_info = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
- "PKCS#11 Kit ",
- 0,
- "PKCS#11 Kit Proxy Module ",
- { 1, 1 }
-};
-
-/* Bring in all the mock module tests */
-#include "test-mock.c"
-
-int
-main (int argc,
- char *argv[])
-{
- p11_library_init ();
- p11_kit_be_quiet ();
-
- p11_test (test_initialize_finalize, "/proxy/initialize-finalize");
- p11_test (test_initialize_multiple, "/proxy/initialize-multiple");
-#ifndef _WIN32
- p11_test (test_deinit_after_fork, "/proxy/deinit-after-fork");
- p11_test (test_initialize_child, "/proxy/initialize-child");
-#endif
-
- test_mock_add_tests ("/proxy");
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-rpc.c b/p11-kit/test-rpc.c
deleted file mode 100644
index c9f8333..0000000
--- a/p11-kit/test-rpc.c
+++ /dev/null
@@ -1,1061 +0,0 @@
-/*
- * Copyright (c) 2012 Stefan Walter
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "debug.h"
-#include "library.h"
-#include "message.h"
-#include "mock.h"
-#include "p11-kit.h"
-#include "private.h"
-#include "rpc.h"
-#include "rpc-message.h"
-#include "virtual.h"
-
-#include <sys/types.h>
-#ifdef OS_UNIX
-#include <sys/wait.h>
-#endif
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static void
-test_new_free (void)
-{
- p11_buffer *buf;
-
- buf = p11_rpc_buffer_new (0);
-
- assert_ptr_not_null (buf->data);
- assert_num_eq (0, buf->len);
- assert_num_eq (0, buf->flags);
- assert (buf->size == 0);
- assert_ptr_not_null (buf->ffree);
- assert_ptr_not_null (buf->frealloc);
-
- p11_rpc_buffer_free (buf);
-}
-
-static void
-test_uint16 (void)
-{
- p11_buffer buffer;
- uint16_t val = 0xFFFF;
- size_t next;
- bool ret;
-
- p11_buffer_init (&buffer, 0);
-
- next = 0;
- ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val);
- assert_num_eq (false, ret);
- assert_num_eq (0, next);
- assert_num_eq (0xFFFF, val);
-
- p11_buffer_reset (&buffer, 0);
-
- ret = p11_rpc_buffer_set_uint16 (&buffer, 0, 0x6789);
- assert_num_eq (false, ret);
-
- p11_buffer_reset (&buffer, 0);
-
- p11_buffer_add (&buffer, (unsigned char *)"padding", 7);
-
- p11_rpc_buffer_add_uint16 (&buffer, 0x6789);
- assert_num_eq (9, buffer.len);
- assert (!p11_buffer_failed (&buffer));
-
- next = 7;
- ret = p11_rpc_buffer_get_uint16 (&buffer, &next, &val);
- assert_num_eq (true, ret);
- assert_num_eq (9, next);
- assert_num_eq (0x6789, val);
-
- p11_buffer_uninit (&buffer);
-}
-
-static void
-test_uint16_static (void)
-{
- p11_buffer buf = { (unsigned char *)"pad0\x67\x89", 6, };
- uint16_t val = 0xFFFF;
- size_t next;
- bool ret;
-
- next = 4;
- ret = p11_rpc_buffer_get_uint16 (&buf, &next, &val);
- assert_num_eq (true, ret);
- assert_num_eq (6, next);
- assert_num_eq (0x6789, val);
-}
-
-static void
-test_uint32 (void)
-{
- p11_buffer buffer;
- uint32_t val = 0xFFFFFFFF;
- size_t next;
- bool ret;
-
- p11_buffer_init (&buffer, 0);
-
- next = 0;
- ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val);
- assert_num_eq (false, ret);
- assert_num_eq (0, next);
- assert_num_eq (0xFFFFFFFF, val);
-
- p11_buffer_reset (&buffer, 0);
-
- ret = p11_rpc_buffer_set_uint32 (&buffer, 0, 0x12345678);
- assert_num_eq (false, ret);
-
- p11_buffer_reset (&buffer, 0);
-
- p11_buffer_add (&buffer, (unsigned char *)"padding", 7);
-
- p11_rpc_buffer_add_uint32 (&buffer, 0x12345678);
- assert_num_eq (11, buffer.len);
- assert (!p11_buffer_failed (&buffer));
-
- next = 7;
- ret = p11_rpc_buffer_get_uint32 (&buffer, &next, &val);
- assert_num_eq (true, ret);
- assert_num_eq (11, next);
- assert_num_eq (0x12345678, val);
-
- p11_buffer_uninit (&buffer);
-}
-
-static void
-test_uint32_static (void)
-{
- p11_buffer buf = { (unsigned char *)"pad0\x23\x45\x67\x89", 8, };
- uint32_t val = 0xFFFFFFFF;
- size_t next;
- bool ret;
-
- next = 4;
- ret = p11_rpc_buffer_get_uint32 (&buf, &next, &val);
- assert_num_eq (true, ret);
- assert_num_eq (8, next);
- assert_num_eq (0x23456789, val);
-}
-
-static void
-test_uint64 (void)
-{
- p11_buffer buffer;
- uint64_t val = 0xFFFFFFFFFFFFFFFF;
- size_t next;
- bool ret;
-
- p11_buffer_init (&buffer, 0);
-
- next = 0;
- ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val);
- assert_num_eq (0, ret);
- assert_num_eq (0, next);
- assert (0xFFFFFFFFFFFFFFFF == val);
-
- p11_buffer_reset (&buffer, 0);
-
- p11_buffer_add (&buffer, (unsigned char *)"padding", 7);
-
- p11_rpc_buffer_add_uint64 (&buffer, 0x0123456708ABCDEF);
- assert_num_eq (15, buffer.len);
- assert (!p11_buffer_failed (&buffer));
-
- next = 7;
- ret = p11_rpc_buffer_get_uint64 (&buffer, &next, &val);
- assert_num_eq (true, ret);
- assert_num_eq (15, next);
- assert (0x0123456708ABCDEF == val);
-
- p11_buffer_uninit (&buffer);
-}
-
-static void
-test_uint64_static (void)
-{
- p11_buffer buf = { (unsigned char *)"pad0\x89\x67\x45\x23\x11\x22\x33\x44", 12, };
- uint64_t val = 0xFFFFFFFFFFFFFFFF;
- size_t next;
- bool ret;
-
- next = 4;
- ret = p11_rpc_buffer_get_uint64 (&buf, &next, &val);
- assert_num_eq (true, ret);
- assert_num_eq (12, next);
- assert (0x8967452311223344 == val);
-}
-
-static void
-test_byte_array (void)
-{
- p11_buffer buffer;
- unsigned char bytes[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F };
-
- const unsigned char *val;
- size_t length = ~0;
- size_t next;
- bool ret;
-
- p11_buffer_init (&buffer, 0);
-
- /* Invalid read */
-
- next = 0;
- ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length);
- assert_num_eq (false, ret);
- assert_num_eq (0, next);
- assert_num_eq (~0, length);
-
- /* Test full array */
-
- p11_buffer_reset (&buffer, 0);
- p11_buffer_add (&buffer, (unsigned char *)"padding", 7);
-
- p11_rpc_buffer_add_byte_array (&buffer, bytes, 32);
- assert_num_eq (43, buffer.len);
- assert (!p11_buffer_failed (&buffer));
-
- next = 7;
- ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length);
- assert_num_eq (true, ret);
- assert_num_eq (43, next);
- assert_num_eq (32, length);
- assert (memcmp (val, bytes, 32) == 0);
-
- p11_buffer_uninit (&buffer);
-}
-
-static void
-test_byte_array_null (void)
-{
- p11_buffer buffer;
- const unsigned char *val;
- size_t length = ~0;
- size_t next;
- bool ret;
-
- p11_buffer_init (&buffer, 0);
-
- p11_buffer_reset (&buffer, 0);
- p11_buffer_add (&buffer, (unsigned char *)"padding", 7);
-
- p11_rpc_buffer_add_byte_array (&buffer, NULL, 0);
- assert_num_eq (11, buffer.len);
- assert (!p11_buffer_failed (&buffer));
-
- next = 7;
- ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length);
- assert_num_eq (true, ret);
- assert_num_eq (11, next);
- assert_num_eq (0, length);
- assert_ptr_eq (NULL, (void*)val);
-
- p11_buffer_uninit (&buffer);
-}
-
-static void
-test_byte_array_too_long (void)
-{
- p11_buffer buffer;
- const unsigned char *val = NULL;
- size_t length = ~0;
- size_t next;
- bool ret;
-
- p11_buffer_init (&buffer, 0);
-
- p11_buffer_reset (&buffer, 0);
- p11_buffer_add (&buffer, (unsigned char *)"padding", 7);
- assert (!p11_buffer_failed (&buffer));
-
- /* Passing a too short buffer here shouldn't matter, as length is checked for sanity */
- p11_rpc_buffer_add_byte_array (&buffer, (unsigned char *)"", 0x9fffffff);
- assert (p11_buffer_failed (&buffer));
-
- /* Force write a too long byte arary to buffer */
- p11_buffer_reset (&buffer, 0);
- p11_rpc_buffer_add_uint32 (&buffer, 0x9fffffff);
-
- next = 0;
- ret = p11_rpc_buffer_get_byte_array (&buffer, &next, &val, &length);
- assert_num_eq (false, ret);
- assert_num_eq (0, next);
- assert_num_eq (~0, length);
- assert_ptr_eq (NULL, (void*)val);
-
- p11_buffer_uninit (&buffer);
-}
-
-static void
-test_byte_array_static (void)
-{
- unsigned char data[] = { 'p', 'a', 'd', 0x00, 0x00, 0x00, 0x00, 0x20,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F };
- p11_buffer buf = { data, 0x40, };
- const unsigned char *val;
- size_t length = ~0;
- size_t next;
- bool ret;
-
- next = 4;
- ret = p11_rpc_buffer_get_byte_array (&buf, &next, &val, &length);
- assert_num_eq (true, ret);
- assert_num_eq (40, next);
- assert_num_eq (32, length);
- assert (memcmp (data + 8, val, 32) == 0);
-}
-
-static p11_virtual base;
-static unsigned int rpc_initialized = 0;
-
-static CK_RV
-rpc_initialize (p11_rpc_client_vtable *vtable,
- void *init_reserved)
-{
- assert_str_eq (vtable->data, "vtable-data");
- assert_num_cmp (p11_forkid, !=, rpc_initialized);
- rpc_initialized = p11_forkid;
-
- return CKR_OK;
-}
-
-static CK_RV
-rpc_initialize_fails (p11_rpc_client_vtable *vtable,
- void *init_reserved)
-{
- assert_str_eq (vtable->data, "vtable-data");
- assert_num_cmp (p11_forkid, !=, rpc_initialized);
- return CKR_FUNCTION_FAILED;
-}
-
-static CK_RV
-rpc_initialize_device_removed (p11_rpc_client_vtable *vtable,
- void *init_reserved)
-{
- assert_str_eq (vtable->data, "vtable-data");
- assert_num_cmp (p11_forkid, !=, rpc_initialized);
- return CKR_DEVICE_REMOVED;
-}
-
-static CK_RV
-rpc_transport (p11_rpc_client_vtable *vtable,
- p11_buffer *request,
- p11_buffer *response)
-{
- bool ret;
-
- assert_str_eq (vtable->data, "vtable-data");
-
- /* Just pass directly to the server code */
- ret = p11_rpc_server_handle (&base.funcs, request, response);
- assert (ret == true);
-
- return CKR_OK;
-}
-
-static void
-rpc_finalize (p11_rpc_client_vtable *vtable,
- void *fini_reserved)
-{
- assert_str_eq (vtable->data, "vtable-data");
- assert_num_cmp (p11_forkid, ==, rpc_initialized);
- rpc_initialized = 0;
-}
-
-static void
-test_initialize (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize };
- p11_virtual mixin;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- rpc_initialized = 0;
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- rv = mixin.funcs.C_Initialize (&mixin.funcs, NULL);
- assert (rv == CKR_OK);
- assert_num_eq (p11_forkid, rpc_initialized);
-
- rv = mixin.funcs.C_Finalize (&mixin.funcs, NULL);
- assert (rv == CKR_OK);
- assert_num_cmp (p11_forkid, !=, rpc_initialized);
-
- p11_virtual_uninit (&mixin);
-}
-
-static void
-test_not_initialized (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize };
- p11_virtual mixin;
- CK_INFO info;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- rpc_initialized = 0;
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- rv = (mixin.funcs.C_GetInfo) (&mixin.funcs, &info);
- assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED);
-
- p11_virtual_uninit (&mixin);
-}
-
-static void
-test_initialize_fails_on_client (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize_fails, rpc_transport, rpc_finalize };
- p11_virtual mixin;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- rpc_initialized = 0;
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL);
- assert (rv == CKR_FUNCTION_FAILED);
- assert_num_eq (0, rpc_initialized);
-
- p11_virtual_uninit (&mixin);
-}
-
-static CK_RV
-rpc_transport_fails (p11_rpc_client_vtable *vtable,
- p11_buffer *request,
- p11_buffer *response)
-{
- return CKR_FUNCTION_REJECTED;
-}
-
-static void
-test_transport_fails (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_fails, rpc_finalize };
- p11_virtual mixin;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- rpc_initialized = 0;
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL);
- assert (rv == CKR_FUNCTION_REJECTED);
- assert_num_eq (0, rpc_initialized);
-
- p11_virtual_uninit (&mixin);
-}
-
-static void
-test_initialize_fails_on_server (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport, rpc_finalize };
- p11_virtual mixin;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
- base.funcs.C_Initialize = mock_X_Initialize__fails;
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL);
- assert (rv == CKR_FUNCTION_FAILED);
- assert_num_eq (0, rpc_initialized);
-
- p11_virtual_uninit (&mixin);
-}
-
-static CK_RV
-rpc_transport_bad_parse (p11_rpc_client_vtable *vtable,
- p11_buffer *request,
- p11_buffer *response)
-{
- int rc;
-
- assert_str_eq (vtable->data, "vtable-data");
-
- /* Just zero bytes is an invalid message */
- rc = p11_buffer_reset (response, 2);
- assert (rc >= 0);
-
- memset (response->data, 0, 2);
- response->len = 2;
- return CKR_OK;
-}
-
-static void
-test_transport_bad_parse (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_parse, rpc_finalize };
- p11_virtual mixin;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- rpc_initialized = 0;
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- p11_kit_be_quiet ();
-
- rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL);
- assert (rv == CKR_DEVICE_ERROR);
- assert_num_eq (0, rpc_initialized);
-
- p11_message_loud ();
- p11_virtual_uninit (&mixin);
-}
-
-static CK_RV
-rpc_transport_short_error (p11_rpc_client_vtable *vtable,
- p11_buffer *request,
- p11_buffer *response)
-{
- int rc;
-
- unsigned char data[] = {
- 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */
- 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */
- 0x00, 0x01, /* short error */
- };
-
- assert_str_eq (vtable->data, "vtable-data");
-
- rc = p11_buffer_reset (response, sizeof (data));
- assert (rc >= 0);
-
- memcpy (response->data, data, sizeof (data));
- response->len = sizeof (data);
- return CKR_OK;
-}
-
-static void
-test_transport_short_error (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_short_error, rpc_finalize };
- p11_virtual mixin;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- p11_kit_be_quiet ();
-
- rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL);
- assert (rv == CKR_DEVICE_ERROR);
- assert_num_eq (0, rpc_initialized);
-
- p11_message_loud ();
- p11_virtual_uninit (&mixin);
-}
-
-static CK_RV
-rpc_transport_invalid_error (p11_rpc_client_vtable *vtable,
- p11_buffer *request,
- p11_buffer *response)
-{
- int rc;
-
- unsigned char data[] = {
- 0x00, 0x00, 0x00, 0x00, /* RPC_CALL_ERROR */
- 0x00, 0x00, 0x00, 0x01, 0x75, /* signature 'u' */
- 0x00, 0x00, 0x00, 0x00, /* a CKR_OK error*/
- 0x00, 0x00, 0x00, 0x00,
- };
-
- assert_str_eq (vtable->data, "vtable-data");
-
- rc = p11_buffer_reset (response, sizeof (data));
- assert (rc >= 0);
- memcpy (response->data, data, sizeof (data));
- response->len = sizeof (data);
- return CKR_OK;
-}
-
-static void
-test_transport_invalid_error (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_invalid_error, rpc_finalize };
- p11_virtual mixin;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- p11_kit_be_quiet ();
-
- rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL);
- assert (rv == CKR_DEVICE_ERROR);
- assert_num_eq (0, rpc_initialized);
-
- p11_message_loud ();
- p11_virtual_uninit (&mixin);
-}
-
-static CK_RV
-rpc_transport_wrong_response (p11_rpc_client_vtable *vtable,
- p11_buffer *request,
- p11_buffer *response)
-{
- int rc;
-
- unsigned char data[] = {
- 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_Finalize */
- 0x00, 0x00, 0x00, 0x00, /* signature '' */
- };
-
- assert_str_eq (vtable->data, "vtable-data");
-
- rc = p11_buffer_reset (response, sizeof (data));
- assert (rc >= 0);
- memcpy (response->data, data, sizeof (data));
- response->len = sizeof (data);
- return CKR_OK;
-}
-
-static void
-test_transport_wrong_response (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_wrong_response, rpc_finalize };
- p11_virtual mixin;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- p11_kit_be_quiet ();
-
- rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL);
- assert (rv == CKR_DEVICE_ERROR);
- assert_num_eq (0, rpc_initialized);
-
- p11_message_loud ();
- p11_virtual_uninit (&mixin);
-}
-
-static CK_RV
-rpc_transport_bad_contents (p11_rpc_client_vtable *vtable,
- p11_buffer *request,
- p11_buffer *response)
-{
- int rc;
-
- unsigned char data[] = {
- 0x00, 0x00, 0x00, 0x02, /* RPC_CALL_C_GetInfo */
- 0x00, 0x00, 0x00, 0x05, /* signature 'vsusv' */
- 'v', 's', 'u', 's', 'v',
- 0x00, 0x00, 0x00, 0x00, /* invalid data */
- };
-
- assert_str_eq (vtable->data, "vtable-data");
-
- rc = p11_buffer_reset (response, sizeof (data));
- assert (rc >= 0);
- memcpy (response->data, data, sizeof (data));
- response->len = sizeof (data);
- return CKR_OK;
-}
-
-static void
-test_transport_bad_contents (void)
-{
- p11_rpc_client_vtable vtable = { "vtable-data", rpc_initialize, rpc_transport_bad_contents, rpc_finalize };
- p11_virtual mixin;
- bool ret;
- CK_RV rv;
-
- /* Build up our own function list */
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
-
- ret = p11_rpc_client_init (&mixin, &vtable);
- assert_num_eq (true, ret);
-
- p11_kit_be_quiet ();
-
- rv = (mixin.funcs.C_Initialize) (&mixin.funcs, NULL);
- assert (rv == CKR_DEVICE_ERROR);
- assert_num_eq (0, rpc_initialized);
-
- p11_message_loud ();
- p11_virtual_uninit (&mixin);
-}
-
-static p11_rpc_client_vtable test_normal_vtable = {
- NULL,
- rpc_initialize,
- rpc_transport,
- rpc_finalize,
-};
-
-static p11_rpc_client_vtable test_device_removed_vtable = {
- NULL,
- rpc_initialize_device_removed,
- rpc_transport,
- rpc_finalize,
-};
-
-static void
-mixin_free (void *data)
-{
- p11_virtual *mixin = data;
- p11_virtual_uninit (mixin);
- free (mixin);
-}
-
-static CK_FUNCTION_LIST_PTR
-setup_test_rpc_module (p11_rpc_client_vtable *vtable,
- CK_FUNCTION_LIST *module_template,
- CK_SESSION_HANDLE *session)
-{
- CK_FUNCTION_LIST *rpc_module;
- p11_virtual *mixin;
- CK_RV rv;
-
- /* Build up our own function list */
- p11_virtual_init (&base, &p11_virtual_base, module_template, NULL);
-
- mixin = calloc (1, sizeof (p11_virtual));
- assert (mixin != NULL);
-
- vtable->data = "vtable-data";
- if (!p11_rpc_client_init (mixin, vtable))
- assert_not_reached ();
-
- rpc_module = p11_virtual_wrap (mixin, mixin_free);
- assert_ptr_not_null (rpc_module);
-
- rv = p11_kit_module_initialize (rpc_module);
- assert (rv == CKR_OK);
-
- if (session) {
- rv = (rpc_module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION,
- NULL, NULL, session);
- assert (rv == CKR_OK);
- }
-
- return rpc_module;
-}
-
-static CK_FUNCTION_LIST *
-setup_mock_module (CK_SESSION_HANDLE *session)
-{
- return setup_test_rpc_module (&test_normal_vtable, &mock_module, session);
-}
-
-static void
-teardown_mock_module (CK_FUNCTION_LIST *rpc_module)
-{
- p11_kit_module_finalize (rpc_module);
- p11_virtual_unwrap (rpc_module);
-}
-
-static void
-test_get_info_stand_in (void)
-{
- CK_FUNCTION_LIST_PTR rpc_module;
- CK_INFO info;
- CK_RV rv;
- char *string;
-
- rpc_module = setup_test_rpc_module (&test_device_removed_vtable,
- &mock_module_no_slots, NULL);
-
- rv = (rpc_module->C_GetInfo) (&info);
- assert (rv == CKR_OK);
-
- assert_num_eq (CRYPTOKI_VERSION_MAJOR, info.cryptokiVersion.major);
- assert_num_eq (CRYPTOKI_VERSION_MINOR, info.cryptokiVersion.minor);
- string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID));
- assert_str_eq ("p11-kit", string);
- free (string);
- string = p11_kit_space_strdup (info.libraryDescription, sizeof (info.libraryDescription));
- assert_str_eq ("p11-kit (no connection)", string);
- free (string);
- assert_num_eq (0, info.flags);
- assert_num_eq (1, info.libraryVersion.major);
- assert_num_eq (1, info.libraryVersion.minor);
-
- teardown_mock_module (rpc_module);
-}
-
-static void
-test_get_slot_list_no_device (void)
-{
- CK_FUNCTION_LIST_PTR rpc_module;
- CK_SLOT_ID slot_list[8];
- CK_ULONG count;
- CK_RV rv;
-
- rpc_module = setup_test_rpc_module (&test_device_removed_vtable,
- &mock_module_no_slots, NULL);
-
- rv = (rpc_module->C_GetSlotList) (CK_TRUE, NULL, &count);
- assert (rv == CKR_OK);
- assert_num_eq (0, count);
- rv = (rpc_module->C_GetSlotList) (CK_FALSE, NULL, &count);
- assert (rv == CKR_OK);
- assert_num_eq (0, count);
-
- count = 8;
- rv = (rpc_module->C_GetSlotList) (CK_TRUE, slot_list, &count);
- assert (rv == CKR_OK);
- assert_num_eq (0, count);
-
- count = 8;
- rv = (rpc_module->C_GetSlotList) (CK_FALSE, slot_list, &count);
- assert (rv == CKR_OK);
- assert_num_eq (0, count);
-
- teardown_mock_module (rpc_module);
-}
-
-static void *
-invoke_in_thread (void *arg)
-{
- CK_FUNCTION_LIST *rpc_module = arg;
- CK_INFO info;
- CK_RV rv;
-
- rv = (rpc_module->C_GetInfo) (&info);
- assert_num_eq (rv, CKR_OK);
-
- assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID,
- sizeof (info.manufacturerID)) == 0);
-
- return NULL;
-}
-
-static p11_mutex_t delay_mutex;
-
-static CK_RV
-delayed_C_GetInfo (CK_INFO_PTR info)
-{
- CK_RV rv;
-
- p11_sleep_ms (rand () % 100);
-
- p11_mutex_lock (&delay_mutex);
- rv = mock_C_GetInfo (info);
- p11_mutex_unlock (&delay_mutex);
-
- return rv;
-}
-
-static void
-test_simultaneous_functions (void)
-{
- CK_FUNCTION_LIST real_module;
- CK_FUNCTION_LIST *rpc_module;
- const int num_threads = 128;
- p11_thread_t threads[num_threads];
- int i, ret;
-
- p11_mutex_init (&delay_mutex);
-
- memcpy (&real_module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
- real_module.C_GetInfo = delayed_C_GetInfo;
-
- rpc_module = setup_test_rpc_module (&test_normal_vtable,
- &real_module, NULL);
-
- /* Make the invoked function (above) wait */
- p11_mutex_lock (&delay_mutex);
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_create (threads + i, invoke_in_thread, rpc_module);
- assert_num_eq (0, ret);
- }
-
- /* Let the invoked functions return */
- p11_mutex_unlock (&delay_mutex);
-
- for (i = 0; i < num_threads; i++)
- p11_thread_join (threads[i]);
-
- teardown_mock_module (rpc_module);
- p11_mutex_uninit (&delay_mutex);
-}
-
-#ifdef OS_UNIX
-
-static void
-test_fork_and_reinitialize (void)
-{
- CK_FUNCTION_LIST *rpc_module;
- CK_INFO info;
- int status;
- CK_RV rv;
- pid_t pid;
- int i;
-
- rpc_module = setup_test_rpc_module (&test_normal_vtable,
- &mock_module_no_slots, NULL);
-
- pid = fork ();
- assert_num_cmp (pid, >=, 0);
-
- /* The child */
- if (pid == 0) {
- rv = (rpc_module->C_Initialize) (NULL);
- assert_num_eq (CKR_OK, rv);
-
- for (i = 0; i < 32; i++) {
- rv = (rpc_module->C_GetInfo) (&info);
- assert_num_eq (CKR_OK, rv);
- }
-
- rv = (rpc_module->C_Finalize) (NULL);
- assert_num_eq (CKR_OK, rv);
-
- _exit (66);
- }
-
- for (i = 0; i < 128; i++) {
- rv = (rpc_module->C_GetInfo) (&info);
- assert_num_eq (CKR_OK, rv);
- }
-
- assert_num_eq (waitpid (pid, &status, 0), pid);
- assert_num_eq (WEXITSTATUS (status), 66);
-
- teardown_mock_module (rpc_module);
-}
-
-#endif /* OS_UNIX */
-
-#include "test-mock.c"
-
-int
-main (int argc,
- char *argv[])
-{
- CK_MECHANISM_TYPE mechanisms[] = {
- CKM_MOCK_CAPITALIZE,
- CKM_MOCK_PREFIX,
- CKM_MOCK_GENERATE,
- CKM_MOCK_WRAP,
- CKM_MOCK_DERIVE,
- CKM_MOCK_COUNT,
- 0,
- };
-
- mock_module_init ();
- p11_library_init ();
-
- /* Override the mechanisms that the RPC mechanism will handle */
- p11_rpc_mechanisms_override_supported = mechanisms;
-
- p11_test (test_new_free, "/rpc/new-free");
- p11_test (test_uint16, "/rpc/uint16");
- p11_test (test_uint16_static, "/rpc/uint16-static");
- p11_test (test_uint32, "/rpc/uint32");
- p11_test (test_uint32_static, "/rpc/uint32-static");
- p11_test (test_uint64, "/rpc/uint64");
- p11_test (test_uint64_static, "/rpc/uint64-static");
- p11_test (test_byte_array, "/rpc/byte-array");
- p11_test (test_byte_array_null, "/rpc/byte-array-null");
- p11_test (test_byte_array_too_long, "/rpc/byte-array-too-long");
- p11_test (test_byte_array_static, "/rpc/byte-array-static");
-
- p11_test (test_initialize_fails_on_client, "/rpc/initialize-fails-on-client");
- p11_test (test_initialize_fails_on_server, "/rpc/initialize-fails-on-server");
- p11_test (test_initialize, "/rpc/initialize");
- p11_test (test_not_initialized, "/rpc/not-initialized");
- p11_test (test_transport_fails, "/rpc/transport-fails");
- p11_test (test_transport_bad_parse, "/rpc/transport-bad-parse");
- p11_test (test_transport_short_error, "/rpc/transport-short-error");
- p11_test (test_transport_invalid_error, "/rpc/transport-invalid-error");
- p11_test (test_transport_wrong_response, "/rpc/transport-wrong-response");
- p11_test (test_transport_bad_contents, "/rpc/transport-bad-contents");
- p11_test (test_get_info_stand_in, "/rpc/get-info-stand-in");
- p11_test (test_get_slot_list_no_device, "/rpc/get-slot-list-no-device");
- p11_test (test_simultaneous_functions, "/rpc/simultaneous-functions");
-
-#ifdef OS_UNIX
- p11_test (test_fork_and_reinitialize, "/rpc/fork-and-reinitialize");
-#endif
-
- test_mock_add_tests ("/rpc");
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-transport.c b/p11-kit/test-transport.c
deleted file mode 100644
index 227d7ce..0000000
--- a/p11-kit/test-transport.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/*
- * Copyright (c) 2012 Stefan Walter
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "library.h"
-#include "mock.h"
-#include "path.h"
-#include "private.h"
-#include "p11-kit.h"
-#include "rpc.h"
-
-#include <sys/types.h>
-#ifdef OS_UNIX
-#include <sys/wait.h>
-#endif
-#include <stdlib.h>
-#include <stdio.h>
-
-struct {
- char *directory;
- char *user_config;
- char *user_modules;
-} test;
-
-static void
-setup_remote (void *unused)
-{
- const char *data;
-
- test.directory = p11_test_directory ("p11-test-config");
- test.user_modules = p11_path_build (test.directory, "modules", NULL);
-#ifdef OS_UNIX
- if (mkdir (test.user_modules, 0700) < 0)
-#else
- if (mkdir (test.user_modules) < 0)
-#endif
- assert_not_reached ();
-
- data = "user-config: only\n";
- test.user_config = p11_path_build (test.directory, "pkcs11.conf", NULL);
- p11_test_file_write (NULL, test.user_config, data, strlen (data));
-
- setenv ("P11_KIT_PRIVATEDIR", BUILDDIR, 1);
- data = "remote: |" BUILDDIR "/p11-kit/p11-kit remote " BUILDDIR "/.libs/mock-two.so\n";
- p11_test_file_write (test.user_modules, "remote.module", data, strlen (data));
- data = "remote: |" BUILDDIR "/p11-kit/p11-kit remote " BUILDDIR "/.libs/mock-five.so\nx-init-reserved: initialize-arg";
- p11_test_file_write (test.user_modules, "init-arg.module", data, strlen (data));
-
- p11_config_user_modules = test.user_modules;
- p11_config_user_file = test.user_config;
-}
-
-static void
-teardown_remote (void *unused)
-{
- p11_test_directory_delete (test.user_modules);
- p11_test_directory_delete (test.directory);
-
- free (test.directory);
- free (test.user_config);
- free (test.user_modules);
-}
-
-static CK_FUNCTION_LIST *
-setup_mock_module (CK_SESSION_HANDLE *session)
-{
- CK_FUNCTION_LIST **modules;
- CK_FUNCTION_LIST *module;
- CK_RV rv;
- int i;
-
- setup_remote (NULL);
-
- modules = p11_kit_modules_load (NULL, 0);
-
- module = p11_kit_module_for_name (modules, "remote");
- assert (module != NULL);
-
- rv = p11_kit_module_initialize (module);
- assert_num_eq (rv, CKR_OK);
-
- if (session) {
- rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION,
- NULL, NULL, session);
- assert (rv == CKR_OK);
- }
-
- /* Release all the other modules */
- for (i = 0; modules[i] != NULL; i++) {
- if (modules[i] != module)
- p11_kit_module_release (modules[i]);
- }
-
- free (modules);
- return module;
-}
-
-static void
-teardown_mock_module (CK_FUNCTION_LIST *module)
-{
- p11_kit_module_finalize (module);
- teardown_remote (NULL);
-}
-
-static void
-test_basic_exec (void)
-{
- CK_FUNCTION_LIST **modules;
- CK_FUNCTION_LIST *module;
- CK_RV rv;
-
- modules = p11_kit_modules_load (NULL, 0);
-
- module = p11_kit_module_for_name (modules, "remote");
- assert (module != NULL);
-
- rv = p11_kit_module_initialize (module);
- assert_num_eq (rv, CKR_OK);
-
- rv = p11_kit_module_finalize (module);
- assert_num_eq (rv, CKR_OK);
-
- p11_kit_modules_release (modules);
-}
-
-static void
-test_basic_exec_with_init_arg (void)
-{
- CK_FUNCTION_LIST **modules;
- CK_FUNCTION_LIST *module;
- CK_RV rv;
-
- modules = p11_kit_modules_load (NULL, 0);
-
- module = p11_kit_module_for_name (modules, "init-arg");
- assert (module != NULL);
-
- rv = p11_kit_module_initialize (module);
- assert_num_eq (rv, CKR_OK);
-
- rv = p11_kit_module_finalize (module);
- assert_num_eq (rv, CKR_OK);
-
- p11_kit_modules_release (modules);
-}
-
-static void *
-invoke_in_thread (void *arg)
-{
- CK_FUNCTION_LIST *rpc_module = arg;
- CK_INFO info;
- CK_RV rv;
-
- rv = (rpc_module->C_GetInfo) (&info);
- assert_num_eq (rv, CKR_OK);
-
- assert (memcmp (info.manufacturerID, MOCK_INFO.manufacturerID,
- sizeof (info.manufacturerID)) == 0);
-
- return NULL;
-}
-
-static void
-test_simultaneous_functions (void)
-{
- CK_FUNCTION_LIST **modules;
- CK_FUNCTION_LIST *module;
- const int num_threads = 128;
- p11_thread_t threads[num_threads];
- int i, ret;
- CK_RV rv;
-
- modules = p11_kit_modules_load (NULL, 0);
-
- module = p11_kit_module_for_name (modules, "remote");
- assert (module != NULL);
-
- rv = p11_kit_module_initialize (module);
- assert_num_eq (rv, CKR_OK);
-
- for (i = 0; i < num_threads; i++) {
- ret = p11_thread_create (threads + i, invoke_in_thread, module);
- assert_num_eq (0, ret);
- }
-
- for (i = 0; i < num_threads; i++)
- p11_thread_join (threads[i]);
-
- rv = p11_kit_module_finalize (module);
- assert_num_eq (rv, CKR_OK);
-
- p11_kit_modules_release (modules);
-}
-
-#ifdef OS_UNIX
-
-static void
-test_fork_and_reinitialize (void)
-{
- CK_FUNCTION_LIST **modules;
- CK_FUNCTION_LIST *module;
- CK_INFO info;
- int status;
- CK_RV rv;
- pid_t pid;
- int i;
-
- modules = p11_kit_modules_load (NULL, 0);
-
- module = p11_kit_module_for_name (modules, "remote");
- assert (module != NULL);
-
- rv = p11_kit_module_initialize (module);
- assert_num_eq (rv, CKR_OK);
-
- pid = fork ();
- assert_num_cmp (pid, >=, 0);
-
- /* The child */
- if (pid == 0) {
- rv = (module->C_Initialize) (NULL);
- assert_num_eq (CKR_OK, rv);
-
- for (i = 0; i < 32; i++) {
- rv = (module->C_GetInfo) (&info);
- assert_num_eq (CKR_OK, rv);
- }
-
- rv = (module->C_Finalize) (NULL);
- assert_num_eq (CKR_OK, rv);
-
- _exit (66);
- }
-
- for (i = 0; i < 128; i++) {
- rv = (module->C_GetInfo) (&info);
- assert_num_eq (CKR_OK, rv);
- }
-
- assert_num_eq (waitpid (pid, &status, 0), pid);
- assert_num_eq (WEXITSTATUS (status), 66);
-
- rv = p11_kit_module_finalize (module);
- assert_num_eq (rv, CKR_OK);
-
- p11_kit_modules_release (modules);
-}
-
-#endif /* OS_UNIX */
-
-#include "test-mock.c"
-
-int
-main (int argc,
- char *argv[])
-{
- CK_MECHANISM_TYPE mechanisms[] = {
- CKM_MOCK_CAPITALIZE,
- CKM_MOCK_PREFIX,
- CKM_MOCK_GENERATE,
- CKM_MOCK_WRAP,
- CKM_MOCK_DERIVE,
- CKM_MOCK_COUNT,
- 0,
- };
-
- p11_library_init ();
-
- /* Override the mechanisms that the RPC mechanism will handle */
- p11_rpc_mechanisms_override_supported = mechanisms;
-
- p11_fixture (setup_remote, teardown_remote);
- p11_test (test_basic_exec, "/transport/basic");
- p11_test (test_basic_exec_with_init_arg, "/transport/init-arg");
- p11_test (test_simultaneous_functions, "/transport/simultaneous-functions");
-
-#ifdef OS_UNIX
- p11_test (test_fork_and_reinitialize, "/transport/fork-and-reinitialize");
-#endif
-
- test_mock_add_tests ("/transport");
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-uri.c b/p11-kit/test-uri.c
deleted file mode 100644
index 1fb5081..0000000
--- a/p11-kit/test-uri.c
+++ /dev/null
@@ -1,1512 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "debug.h"
-#include "message.h"
-
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "p11-kit/uri.h"
-#include "p11-kit/private.h"
-
-static int
-is_module_empty (P11KitUri *uri)
-{
- CK_INFO_PTR info = p11_kit_uri_get_module_info (uri);
- return (info->libraryDescription[0] == 0 &&
- info->manufacturerID[0] == 0 &&
- info->libraryVersion.major == (CK_BYTE)-1 &&
- info->libraryVersion.minor == (CK_BYTE)-1);
-}
-
-static int
-is_slot_empty (P11KitUri *uri)
-{
- CK_SLOT_INFO_PTR slot = p11_kit_uri_get_slot_info (uri);
- return (slot->slotDescription[0] == 0 &&
- slot->manufacturerID[0] == 0);
-}
-
-static int
-is_token_empty (P11KitUri *uri)
-{
- CK_TOKEN_INFO_PTR token = p11_kit_uri_get_token_info (uri);
- return (token->serialNumber[0] == 0 &&
- token->manufacturerID[0] == 0 &&
- token->label[0] == 0 &&
- token->model[0] == 0);
-}
-
-static int
-are_attributes_empty (P11KitUri *uri)
-{
- return (p11_kit_uri_get_attribute (uri, CKA_LABEL) == NULL &&
- p11_kit_uri_get_attribute (uri, CKA_ID) == NULL &&
- p11_kit_uri_get_attribute (uri, CKA_CLASS) == NULL);
-}
-
-static void
-test_uri_parse (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:", P11_KIT_URI_FOR_MODULE, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- assert (is_module_empty (uri));
- assert (is_slot_empty (uri));
- assert (is_token_empty (uri));
- assert (are_attributes_empty (uri));
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_bad_scheme (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("http:\\example.com\test", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_BAD_SCHEME, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_label (void)
-{
- CK_ATTRIBUTE_PTR attr;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- assert (is_module_empty (uri));
- assert (is_slot_empty (uri));
- assert (is_token_empty (uri));
-
- attr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == strlen ("Test Label"));
- assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_label_and_klass (void)
-{
- CK_ATTRIBUTE_PTR attr;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;object-type=cert", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == strlen ("Test Label"));
- assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_CLASS);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
- assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_label_and_new_klass (void)
-{
- CK_ATTRIBUTE_PTR attr;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;type=cert", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == strlen ("Test Label"));
- assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_CLASS);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
- assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_empty_label (void)
-{
- CK_ATTRIBUTE_PTR attr;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:object=;type=cert", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
- assert_ptr_not_null (attr);
-
- p11_kit_uri_free (uri);
-
- /* really empty */
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:type=cert", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
- assert (attr == NULL);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_empty_id (void)
-{
- CK_ATTRIBUTE_PTR attr;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:id=;type=cert", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_ID);
- assert_ptr_not_null (attr);
-
- p11_kit_uri_free (uri);
-
- /* really empty */
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:type=cert", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_ID);
- assert (attr == NULL);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_id (void)
-{
- CK_ATTRIBUTE_PTR attr;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:id=%54%45%53%54%00", P11_KIT_URI_FOR_OBJECT, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- /* Note that there's a NULL in the attribute (end) */
- attr = p11_kit_uri_get_attribute (uri, CKA_ID);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == 5);
- assert (memcmp (attr->pValue, "TEST", 5) == 0);
-
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_bad_string_encoding (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:object=Test%", P11_KIT_URI_FOR_OBJECT, uri);
- assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_bad_hex_encoding (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:object=T%xxest", P11_KIT_URI_FOR_OBJECT, uri);
- assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static bool
-is_space_string (CK_UTF8CHAR_PTR string, CK_ULONG size, const char *check)
-{
- size_t i, len = strlen (check);
- if (len > size)
- return false;
- if (memcmp (string, check, len) != 0)
- return false;
- for (i = len; i < size; ++i)
- if (string[i] != ' ')
- return false;
- return true;
-}
-
-static void
-test_uri_parse_with_token (void)
-{
- P11KitUri *uri = NULL;
- CK_TOKEN_INFO_PTR token;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:token=Token%20Label;serial=3333;model=Deluxe;manufacturer=Me",
- P11_KIT_URI_FOR_TOKEN, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- token = p11_kit_uri_get_token_info (uri);
- assert (is_space_string (token->label, sizeof (token->label), "Token Label"));
- assert (is_space_string (token->serialNumber, sizeof (token->serialNumber), "3333"));
- assert (is_space_string (token->model, sizeof (token->model), "Deluxe"));
- assert (is_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me"));
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_token_bad_encoding (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:token=Token%", P11_KIT_URI_FOR_TOKEN, uri);
- assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_bad_syntax (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:token", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_spaces (void)
-{
- P11KitUri *uri = NULL;
- CK_INFO_PTR info;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkc\ns11: lib rary-desc\rrip \n tion =The%20Library;\n\n\nlibrary-manufacturer=\rMe",
- P11_KIT_URI_FOR_MODULE, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- info = p11_kit_uri_get_module_info (uri);
-
- assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me"));
- assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library"));
-
- p11_kit_uri_free (uri);
-}
-
-
-static void
-test_uri_parse_with_library (void)
-{
- P11KitUri *uri = NULL;
- CK_INFO_PTR info;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:library-description=The%20Library;library-manufacturer=Me",
- P11_KIT_URI_FOR_MODULE, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- info = p11_kit_uri_get_module_info (uri);
-
- assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me"));
- assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library"));
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_library_bad_encoding (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:library-description=Library%", P11_KIT_URI_FOR_MODULE, uri);
- assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_with_slot (void)
-{
- P11KitUri *uri = NULL;
- CK_SLOT_INFO_PTR slot;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:slot-description=Slot%20Description;slot-manufacturer=Me",
- P11_KIT_URI_FOR_SLOT, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- slot = p11_kit_uri_get_slot_info (uri);
- assert (is_space_string (slot->slotDescription, sizeof (slot->slotDescription), "Slot Description"));
- assert (is_space_string (slot->manufacturerID, sizeof (slot->manufacturerID), "Me"));
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_build_empty (void)
-{
- P11KitUri *uri;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert_str_eq ("pkcs11:", string);
- free (string);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-set_space_string (CK_BYTE_PTR buffer, CK_ULONG length, const char *string)
-{
- size_t len = strlen (string);
- assert (len <= length);
- memset (buffer, ' ', length);
- memcpy (buffer, string, len);
-}
-
-static void
-test_uri_build_with_token_info (void)
-{
- char *string = NULL;
- P11KitUri *uri;
- P11KitUri *check;
- CK_TOKEN_INFO_PTR token;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- token = p11_kit_uri_get_token_info (uri);
- set_space_string (token->label, sizeof (token->label), "The Label");
- set_space_string (token->serialNumber, sizeof (token->serialNumber), "44444");
- set_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me");
- set_space_string (token->model, sizeof (token->model), "Deluxe");
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert_ptr_not_null (string);
-
- check = p11_kit_uri_new ();
- assert_ptr_not_null (check);
-
- ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_TOKEN, check);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- p11_kit_uri_match_token_info (check, p11_kit_uri_get_token_info (uri));
-
- p11_kit_uri_free (uri);
- p11_kit_uri_free (check);
-
- assert (strstr (string, "token=The%20Label") != NULL);
- assert (strstr (string, "serial=44444") != NULL);
- assert (strstr (string, "manufacturer=Me") != NULL);
- assert (strstr (string, "model=Deluxe") != NULL);
-
- free (string);
-}
-
-static void
-test_uri_build_with_token_null_info (void)
-{
- char *string = NULL;
- P11KitUri *uri;
- CK_TOKEN_INFO_PTR token;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- token = p11_kit_uri_get_token_info (uri);
- set_space_string (token->label, sizeof (token->label), "The Label");
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- assert (strstr (string, "token=The%20Label") != NULL);
- assert (strstr (string, "serial=") == NULL);
-
- free (string);
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_build_with_token_empty_info (void)
-{
- char *string = NULL;
- P11KitUri *uri;
- CK_TOKEN_INFO_PTR token;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- token = p11_kit_uri_get_token_info (uri);
- set_space_string (token->label, sizeof (token->label), "");
- set_space_string (token->serialNumber, sizeof (token->serialNumber), "");
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- assert (strstr (string, "token=") != NULL);
- assert (strstr (string, "serial=") != NULL);
-
- free (string);
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_build_with_attributes (void)
-{
- char *string = NULL;
- P11KitUri *uri;
- P11KitUri *check;
- CK_OBJECT_CLASS klass;
- CK_ATTRIBUTE_PTR attr;
- CK_ATTRIBUTE at;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- at.type = CKA_LABEL;
- at.pValue = "The Label";
- at.ulValueLen = 9;
- ret = p11_kit_uri_set_attribute (uri, &at);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- at.type = CKA_ID;
- at.pValue = "HELLO";
- at.ulValueLen = 5;
- ret = p11_kit_uri_set_attribute (uri, &at);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- klass = CKO_DATA;
- at.type = CKA_CLASS;
- at.pValue = &klass;
- at.ulValueLen = sizeof (klass);
- ret = p11_kit_uri_set_attribute (uri, &at);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- check = p11_kit_uri_new ();
- assert_ptr_not_null (check);
-
- ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_ANY, check);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (check, CKA_LABEL);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == 9);
- assert (memcmp (attr->pValue, "The Label", attr->ulValueLen) == 0);
-
- attr = p11_kit_uri_get_attribute (check, CKA_CLASS);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == sizeof (klass));
- assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == klass);
-
- attr = p11_kit_uri_get_attribute (check, CKA_ID);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == 5);
- assert (memcmp (attr->pValue, "HELLO", attr->ulValueLen) == 0);
-
- p11_kit_uri_free (check);
-
- assert (strstr (string, "object=The%20Label") != NULL);
- assert (strstr (string, "type=data") != NULL);
- assert (strstr (string, "id=%48%45%4c%4c%4f") != NULL);
-
- free (string);
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_build_with_slot_info (void)
-{
- char *string = NULL;
- P11KitUri *uri;
- P11KitUri *check;
- CK_SLOT_INFO_PTR slot;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- slot = p11_kit_uri_get_slot_info (uri);
- set_space_string (slot->slotDescription, sizeof (slot->slotDescription), "The Slot Description");
- set_space_string (slot->manufacturerID, sizeof (slot->manufacturerID), "Me");
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert_ptr_not_null (string);
-
- check = p11_kit_uri_new ();
- assert_ptr_not_null (check);
-
- ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_SLOT, check);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- p11_kit_uri_match_slot_info (check, p11_kit_uri_get_slot_info (uri));
-
- p11_kit_uri_free (uri);
- p11_kit_uri_free (check);
-
- assert (strstr (string, "slot-description=The%20Slot%20Description") != NULL);
- assert (strstr (string, "slot-manufacturer=Me") != NULL);
-
- free (string);
-}
-
-static void
-test_uri_parse_private_key (void)
-{
- P11KitUri *uri;
- CK_ATTRIBUTE_PTR attr;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:type=private", P11_KIT_URI_FOR_OBJECT, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_CLASS);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
- assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_PRIVATE_KEY);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_secret_key (void)
-{
- P11KitUri *uri;
- CK_ATTRIBUTE_PTR attr;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:type=secret-key", P11_KIT_URI_FOR_OBJECT, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_CLASS);
- assert_ptr_not_null (attr);
- assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
- assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_SECRET_KEY);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_library_version (void)
-{
- P11KitUri *uri;
- CK_INFO_PTR info;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:library-version=2.101", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- info = p11_kit_uri_get_module_info (uri);
- assert_num_eq (2, info->libraryVersion.major);
- assert_num_eq (101, info->libraryVersion.minor);
-
- ret = p11_kit_uri_parse ("pkcs11:library-version=23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- info = p11_kit_uri_get_module_info (uri);
- assert_num_eq (23, info->libraryVersion.major);
- assert_num_eq (0, info->libraryVersion.minor);
-
- ret = p11_kit_uri_parse ("pkcs11:library-version=23.", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
- assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
-
- ret = p11_kit_uri_parse ("pkcs11:library-version=a.a", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
- assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
-
- ret = p11_kit_uri_parse ("pkcs11:library-version=.23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
- assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
-
- ret = p11_kit_uri_parse ("pkcs11:library-version=1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
- assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
-
- ret = p11_kit_uri_parse ("pkcs11:library-version=2.1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
- assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_parse_unknown_object_type (void)
-{
- P11KitUri *uri;
- CK_ATTRIBUTE_PTR attr;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:type=unknown", P11_KIT_URI_FOR_OBJECT, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attr = p11_kit_uri_get_attribute (uri, CKA_CLASS);
- assert_ptr_eq (NULL, attr);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_unrecognized (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:x-blah=some-value", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- ret = p11_kit_uri_any_unrecognized (uri);
- assert_num_eq (1, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_parse_too_long_is_unrecognized (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:model=a-value-that-is-too-long-for-the-field-that-it-goes-with",
- P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- ret = p11_kit_uri_any_unrecognized (uri);
- assert_num_eq (1, ret);
-
- p11_kit_uri_free (uri);
-}
-
-
-
-static void
-test_uri_build_object_type_cert (void)
-{
- CK_ATTRIBUTE attr;
- CK_OBJECT_CLASS klass;
- P11KitUri *uri;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- klass = CKO_CERTIFICATE;
- attr.type = CKA_CLASS;
- attr.pValue = &klass;
- attr.ulValueLen = sizeof (klass);
- p11_kit_uri_set_attribute (uri, &attr);
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert (strstr (string, "type=cert") != NULL);
-
- p11_kit_uri_free (uri);
- free (string);
-}
-
-static void
-test_uri_build_object_type_private (void)
-{
- CK_ATTRIBUTE attr;
- CK_OBJECT_CLASS klass;
- P11KitUri *uri;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- klass = CKO_PRIVATE_KEY;
- attr.type = CKA_CLASS;
- attr.pValue = &klass;
- attr.ulValueLen = sizeof (klass);
- p11_kit_uri_set_attribute (uri, &attr);
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert (strstr (string, "type=private") != NULL);
-
- p11_kit_uri_free (uri);
- free (string);
-}
-
-static void
-test_uri_build_object_type_public (void)
-{
- CK_ATTRIBUTE attr;
- CK_OBJECT_CLASS klass;
- P11KitUri *uri;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- klass = CKO_PUBLIC_KEY;
- attr.type = CKA_CLASS;
- attr.pValue = &klass;
- attr.ulValueLen = sizeof (klass);
- p11_kit_uri_set_attribute (uri, &attr);
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert (strstr (string, "type=public") != NULL);
-
- p11_kit_uri_free (uri);
- free (string);
-}
-
-static void
-test_uri_build_object_type_secret (void)
-{
- CK_ATTRIBUTE attr;
- CK_OBJECT_CLASS klass;
- P11KitUri *uri;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- klass = CKO_SECRET_KEY;
- attr.type = CKA_CLASS;
- attr.pValue = &klass;
- attr.ulValueLen = sizeof (klass);
- p11_kit_uri_set_attribute (uri, &attr);
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert (strstr (string, "type=secret-key") != NULL);
-
- p11_kit_uri_free (uri);
- free (string);
-}
-
-static void
-test_uri_build_with_library (void)
-{
- CK_INFO_PTR info;
- P11KitUri *uri;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- info = p11_kit_uri_get_module_info (uri);
- set_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Description");
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert (strstr (string, "library-description=The%20Description") != NULL);
-
- p11_kit_uri_free (uri);
- free (string);
-}
-
-static void
-test_uri_build_library_version (void)
-{
- CK_INFO_PTR info;
- P11KitUri *uri;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- info = p11_kit_uri_get_module_info (uri);
- info->libraryVersion.major = 2;
- info->libraryVersion.minor = 10;
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert (strstr (string, "library-version=2.10") != NULL);
-
- p11_kit_uri_free (uri);
- free (string);
-}
-
-static void
-test_uri_get_set_unrecognized (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_any_unrecognized (uri);
- assert_num_eq (0, ret);
-
- p11_kit_uri_set_unrecognized (uri, 1);
-
- ret = p11_kit_uri_any_unrecognized (uri);
- assert_num_eq (1, ret);
-
- p11_kit_uri_set_unrecognized (uri, 0);
-
- ret = p11_kit_uri_any_unrecognized (uri);
- assert_num_eq (0, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_match_token (void)
-{
- CK_TOKEN_INFO token;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:model=Giselle", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- set_space_string (token.label, sizeof (token.label), "A label");
- set_space_string (token.model, sizeof (token.model), "Giselle");
-
- ret = p11_kit_uri_match_token_info (uri, &token);
- assert_num_eq (1, ret);
-
- set_space_string (token.label, sizeof (token.label), "Another label");
-
- ret = p11_kit_uri_match_token_info (uri, &token);
- assert_num_eq (1, ret);
-
- set_space_string (token.model, sizeof (token.model), "Zoolander");
-
- ret = p11_kit_uri_match_token_info (uri, &token);
- assert_num_eq (0, ret);
-
- p11_kit_uri_set_unrecognized (uri, 1);
-
- ret = p11_kit_uri_match_token_info (uri, &token);
- assert_num_eq (0, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_match_module (void)
-{
- CK_INFO info;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:library-description=Quiet", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Quiet");
- set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone");
-
- ret = p11_kit_uri_match_module_info (uri, &info);
- assert_num_eq (1, ret);
-
- set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone else");
-
- ret = p11_kit_uri_match_module_info (uri, &info);
- assert_num_eq (1, ret);
-
- set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Leise");
-
- ret = p11_kit_uri_match_module_info (uri, &info);
- assert_num_eq (0, ret);
-
- p11_kit_uri_set_unrecognized (uri, 1);
-
- ret = p11_kit_uri_match_module_info (uri, &info);
- assert_num_eq (0, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_match_version (void)
-{
- CK_INFO info;
- P11KitUri *uri;
- int ret;
-
- memset (&info, 0, sizeof (info));
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:library-version=5.8", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- info.libraryVersion.major = 5;
- info.libraryVersion.minor = 8;
-
- ret = p11_kit_uri_match_module_info (uri, &info);
- assert_num_eq (1, ret);
-
- info.libraryVersion.major = 2;
- info.libraryVersion.minor = 3;
-
- ret = p11_kit_uri_match_module_info (uri, &info);
- assert_num_eq (0, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_match_attributes (void)
-{
- CK_ATTRIBUTE attrs[4];
- CK_OBJECT_CLASS klass;
- P11KitUri *uri;
- int ret;
-
- attrs[0].type = CKA_ID;
- attrs[0].pValue = "Blah";
- attrs[0].ulValueLen = 4;
-
- attrs[1].type = CKA_LABEL;
- attrs[1].pValue = "Junk";
- attrs[1].ulValueLen = 4;
-
- attrs[2].type = CKA_COLOR;
- attrs[2].pValue = "blue";
- attrs[2].ulValueLen = 4;
-
- klass = CKO_DATA;
- attrs[3].type = CKA_CLASS;
- attrs[3].pValue = &klass;
- attrs[3].ulValueLen = sizeof (klass);
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:object=Fancy;id=Blah;type=data", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- ret = p11_kit_uri_match_attributes (uri, attrs, 4);
- assert_num_eq (0, ret);
-
- attrs[1].pValue = "Fancy";
- attrs[1].ulValueLen = 5;
-
- ret = p11_kit_uri_match_attributes (uri, attrs, 4);
- assert_num_eq (1, ret);
-
- p11_kit_uri_clear_attribute (uri, CKA_CLASS);
-
- ret = p11_kit_uri_match_attributes (uri, attrs, 4);
- assert_num_eq (1, ret);
-
- attrs[2].pValue = "pink";
-
- ret = p11_kit_uri_match_attributes (uri, attrs, 4);
- assert_num_eq (1, ret);
-
- p11_kit_uri_set_unrecognized (uri, 1);
-
- ret = p11_kit_uri_match_attributes (uri, attrs, 4);
- assert_num_eq (0, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_get_set_attribute (void)
-{
- CK_ATTRIBUTE attr;
- CK_ATTRIBUTE_PTR ptr;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
- assert_ptr_eq (NULL, ptr);
-
- ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- ret = p11_kit_uri_clear_attribute (uri, CKA_COLOR);
- assert_num_eq (P11_KIT_URI_NOT_FOUND, ret);
-
- attr.type = CKA_LABEL;
- attr.pValue = "Test";
- attr.ulValueLen = 4;
-
- ret = p11_kit_uri_set_attribute (uri, &attr);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- /* We can set other attributes */
- attr.type = CKA_COLOR;
- ret = p11_kit_uri_set_attribute (uri, &attr);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- /* And get them too */
- ptr = p11_kit_uri_get_attribute (uri, CKA_COLOR);
- assert_ptr_not_null (ptr);
-
- ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
- assert_ptr_not_null (ptr);
-
- assert (ptr->type == CKA_LABEL);
- assert (ptr->ulValueLen == 4);
- assert (memcmp (ptr->pValue, "Test", 4) == 0);
-
- ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
- assert_ptr_eq (NULL, ptr);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_get_set_attributes (void)
-{
- CK_ATTRIBUTE_PTR attrs;
- CK_OBJECT_CLASS klass;
- CK_ATTRIBUTE attr;
- CK_ULONG n_attrs;
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
- assert_ptr_not_null (attrs);
- assert_num_eq (0, n_attrs);
-
- attr.type = CKA_LABEL;
- attr.pValue = "Test";
- attr.ulValueLen = 4;
-
- ret = p11_kit_uri_set_attribute (uri, &attr);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
- assert_ptr_not_null (attrs);
- assert_num_eq (1, n_attrs);
- assert (attrs[0].type == CKA_LABEL);
- assert (attrs[0].ulValueLen == 4);
- assert (memcmp (attrs[0].pValue, "Test", 4) == 0);
-
- attr.type = CKA_LABEL;
- attr.pValue = "Kablooey";
- attr.ulValueLen = 8;
-
- ret = p11_kit_uri_set_attribute (uri, &attr);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
- assert_ptr_not_null (attrs);
- assert_num_eq (1, n_attrs);
- assert (attrs[0].type == CKA_LABEL);
- assert (attrs[0].ulValueLen == 8);
- assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0);
-
- klass = CKO_DATA;
- attr.type = CKA_CLASS;
- attr.pValue = &klass;
- attr.ulValueLen = sizeof (klass);
-
- ret = p11_kit_uri_set_attribute (uri, &attr);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
- assert_ptr_not_null (attrs);
- assert_num_eq (2, n_attrs);
- assert (attrs[0].type == CKA_LABEL);
- assert (attrs[0].ulValueLen == 8);
- assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0);
- assert (attrs[1].type == CKA_CLASS);
- assert (attrs[1].ulValueLen == sizeof (klass));
- assert (memcmp (attrs[1].pValue, &klass, sizeof (klass)) == 0);
-
- ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
- assert_ptr_not_null (attrs);
- assert_num_eq (1, n_attrs);
- assert (attrs[0].type == CKA_CLASS);
- assert (attrs[0].ulValueLen == sizeof (klass));
- assert (memcmp (attrs[0].pValue, &klass, sizeof (klass)) == 0);
-
- attr.type = CKA_LABEL;
- attr.pValue = "Three";
- attr.ulValueLen = 5;
-
- ret = p11_kit_uri_set_attributes (uri, &attr, 1);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
- assert_ptr_not_null (attrs);
- assert_num_eq (1, n_attrs);
- assert (attrs[0].type == CKA_LABEL);
- assert (attrs[0].ulValueLen == 5);
- assert (memcmp (attrs[0].pValue, "Three", 5) == 0);
-
- p11_kit_uri_clear_attributes (uri);
-
- attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
- assert_ptr_not_null (attrs);
- assert_num_eq (0, n_attrs);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_pin_source (void)
-{
- P11KitUri *uri;
- const char *pin_source;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- p11_kit_uri_set_pin_source (uri, "|my-pin-source");
-
- pin_source = p11_kit_uri_get_pin_source (uri);
- assert_str_eq ("|my-pin-source", pin_source);
-
- pin_source = p11_kit_uri_get_pinfile (uri);
- assert_str_eq ("|my-pin-source", pin_source);
-
- p11_kit_uri_set_pinfile (uri, "|my-pin-file");
-
- pin_source = p11_kit_uri_get_pin_source (uri);
- assert_str_eq ("|my-pin-file", pin_source);
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert (strstr (string, "pin-source=%7cmy-pin-file") != NULL);
- free (string);
-
- ret = p11_kit_uri_parse ("pkcs11:pin-source=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- pin_source = p11_kit_uri_get_pin_source (uri);
- assert_str_eq ("blah/blah", pin_source);
-
- p11_kit_uri_free (uri);
-}
-
-
-static void
-test_uri_pin_value (void)
-{
- P11KitUri *uri;
- const char *pin_value;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- p11_kit_uri_set_pin_value (uri, "123456");
-
- pin_value = p11_kit_uri_get_pin_value (uri);
- assert_str_eq ("123456", pin_value);
-
- p11_kit_uri_set_pin_value (uri, "1*&#%&@(");
-
- pin_value = p11_kit_uri_get_pin_value (uri);
- assert_str_eq ("1*&#%&@(", pin_value);
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert (strstr (string, "pkcs11:pin-value=1%2a%26%23%25%26%40%28") != NULL);
- free (string);
-
- ret = p11_kit_uri_parse ("pkcs11:pin-value=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- pin_value = p11_kit_uri_get_pin_value (uri);
- assert_str_eq ("blah/blah", pin_value);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_pin_value_bad (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:pin-value=blahblah%2", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_slot_id (void)
-{
- P11KitUri *uri;
- CK_SLOT_ID slot_id;
- char *string;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- p11_kit_uri_set_slot_id (uri, 12345);
-
- slot_id = p11_kit_uri_get_slot_id (uri);
- assert_num_eq (12345, slot_id);
-
- ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
- assert_num_eq (P11_KIT_URI_OK, ret);
- assert (strstr (string, "pkcs11:slot-id=12345") != NULL);
- free (string);
-
- ret = p11_kit_uri_parse ("pkcs11:slot-id=67890", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_OK, ret);
-
- slot_id = p11_kit_uri_get_slot_id (uri);
- assert_num_eq (67890, slot_id);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_slot_id_bad (void)
-{
- P11KitUri *uri;
- int ret;
-
- uri = p11_kit_uri_new ();
- assert_ptr_not_null (uri);
-
- ret = p11_kit_uri_parse ("pkcs11:slot-id=123^456", P11_KIT_URI_FOR_ANY, uri);
- assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret);
-
- p11_kit_uri_free (uri);
-}
-
-static void
-test_uri_free_null (void)
-{
- p11_kit_uri_free (NULL);
-}
-
-static void
-test_uri_message (void)
-{
- assert (p11_kit_uri_message (P11_KIT_URI_OK) == NULL);
- assert_ptr_not_null (p11_kit_uri_message (P11_KIT_URI_UNEXPECTED));
- assert_ptr_not_null (p11_kit_uri_message (-555555));
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_uri_parse, "/uri/test_uri_parse");
- p11_test (test_uri_parse_bad_scheme, "/uri/test_uri_parse_bad_scheme");
- p11_test (test_uri_parse_with_label, "/uri/test_uri_parse_with_label");
- p11_test (test_uri_parse_with_empty_label, "/uri/test_uri_parse_with_empty_label");
- p11_test (test_uri_parse_with_empty_id, "/uri/test_uri_parse_with_empty_id");
- p11_test (test_uri_parse_with_label_and_klass, "/uri/test_uri_parse_with_label_and_klass");
- p11_test (test_uri_parse_with_label_and_new_klass, "/uri/parse-with-label-and-new-class");
- p11_test (test_uri_parse_with_id, "/uri/test_uri_parse_with_id");
- p11_test (test_uri_parse_with_bad_string_encoding, "/uri/test_uri_parse_with_bad_string_encoding");
- p11_test (test_uri_parse_with_bad_hex_encoding, "/uri/test_uri_parse_with_bad_hex_encoding");
- p11_test (test_uri_parse_with_token, "/uri/test_uri_parse_with_token");
- p11_test (test_uri_parse_with_token_bad_encoding, "/uri/test_uri_parse_with_token_bad_encoding");
- p11_test (test_uri_parse_with_bad_syntax, "/uri/test_uri_parse_with_bad_syntax");
- p11_test (test_uri_parse_with_spaces, "/uri/test_uri_parse_with_spaces");
- p11_test (test_uri_parse_with_library, "/uri/test_uri_parse_with_library");
- p11_test (test_uri_parse_with_library_bad_encoding, "/uri/test_uri_parse_with_library_bad_encoding");
- p11_test (test_uri_parse_with_slot, "/uri/test_uri_parse_with_slot");
- p11_test (test_uri_build_empty, "/uri/test_uri_build_empty");
- p11_test (test_uri_build_with_token_info, "/uri/test_uri_build_with_token_info");
- p11_test (test_uri_build_with_token_null_info, "/uri/test_uri_build_with_token_null_info");
- p11_test (test_uri_build_with_token_empty_info, "/uri/test_uri_build_with_token_empty_info");
- p11_test (test_uri_build_with_attributes, "/uri/test_uri_build_with_attributes");
- p11_test (test_uri_build_with_slot_info, "/uri/test_uri_build_with_slot_info");
- p11_test (test_uri_parse_private_key, "/uri/test_uri_parse_private_key");
- p11_test (test_uri_parse_secret_key, "/uri/test_uri_parse_secret_key");
- p11_test (test_uri_parse_library_version, "/uri/test_uri_parse_library_version");
- p11_test (test_uri_parse_parse_unknown_object_type, "/uri/test_uri_parse_parse_unknown_object_type");
- p11_test (test_uri_parse_unrecognized, "/uri/test_uri_parse_unrecognized");
- p11_test (test_uri_parse_too_long_is_unrecognized, "/uri/test_uri_parse_too_long_is_unrecognized");
- p11_test (test_uri_build_object_type_cert, "/uri/test_uri_build_object_type_cert");
- p11_test (test_uri_build_object_type_private, "/uri/test_uri_build_object_type_private");
- p11_test (test_uri_build_object_type_public, "/uri/test_uri_build_object_type_public");
- p11_test (test_uri_build_object_type_secret, "/uri/test_uri_build_object_type_secret");
- p11_test (test_uri_build_with_library, "/uri/test_uri_build_with_library");
- p11_test (test_uri_build_library_version, "/uri/test_uri_build_library_version");
- p11_test (test_uri_get_set_unrecognized, "/uri/test_uri_get_set_unrecognized");
- p11_test (test_uri_match_token, "/uri/test_uri_match_token");
- p11_test (test_uri_match_module, "/uri/test_uri_match_module");
- p11_test (test_uri_match_version, "/uri/test_uri_match_version");
- p11_test (test_uri_match_attributes, "/uri/test_uri_match_attributes");
- p11_test (test_uri_get_set_attribute, "/uri/test_uri_get_set_attribute");
- p11_test (test_uri_get_set_attributes, "/uri/test_uri_get_set_attributes");
- p11_test (test_uri_pin_source, "/uri/test_uri_pin_source");
- p11_test (test_uri_pin_value, "/uri/pin-value");
- p11_test (test_uri_pin_value_bad, "/uri/pin-value-bad");
- p11_test (test_uri_slot_id, "/uri/slot-id");
- p11_test (test_uri_slot_id_bad, "/uri/slot-id-bad");
- p11_test (test_uri_free_null, "/uri/test_uri_free_null");
- p11_test (test_uri_message, "/uri/test_uri_message");
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-util.c b/p11-kit/test-util.c
deleted file mode 100644
index 0e579cd..0000000
--- a/p11-kit/test-util.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "p11-kit.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-
-static void
-test_space_strlen (void)
-{
- assert_num_eq (4, p11_kit_space_strlen ((const unsigned char *)"Test ", 20));
- assert_num_eq (20, p11_kit_space_strlen ((const unsigned char *)"01234567890123456789", 20));
- assert_num_eq (0, p11_kit_space_strlen ((const unsigned char *)" ", 20));
-}
-
-int
-main (int argc,
- char *argv[])
-{
- putenv ("P11_KIT_STRICT=1");
-
- p11_test (test_space_strlen, "/util/space-strlen");
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/test-virtual.c b/p11-kit/test-virtual.c
deleted file mode 100644
index e642820..0000000
--- a/p11-kit/test-virtual.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Copyright (c) 2012 Stefan Walter
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-
-#include "library.h"
-#include "p11-kit.h"
-#include "private.h"
-#include "virtual.h"
-
-#include "test.h"
-
-#include "mock.h"
-
-#include <sys/types.h>
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-/*
- * test-managed.c is a pretty good test of the closure code, so we
- * just test a few things here.
- */
-
-typedef struct {
- p11_virtual virt;
- void *check;
-} Override;
-
-static CK_RV
-override_initialize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR args)
-{
- Override *over = (Override *)self;
-
- assert_str_eq ("initialize-arg", args);
- assert_str_eq ("overide-arg", over->check);
-
- /* An arbitrary error code to check */
- return CKR_NEED_TO_CREATE_THREADS;
-}
-
-static bool test_destroyed = false;
-
-static void
-test_destroyer (void *data)
-{
- assert (data == &mock_x_module_no_slots);
- assert (test_destroyed == false);
- test_destroyed = true;
-}
-
-static void
-test_initialize (void)
-{
- CK_FUNCTION_LIST_PTR module;
- Override over = { };
- CK_RV rv;
-
- p11_virtual_init (&over.virt, &p11_virtual_stack, &mock_x_module_no_slots, test_destroyer);
- over.virt.funcs.C_Initialize = override_initialize;
- over.check = "overide-arg";
- test_destroyed = false;
-
- module = p11_virtual_wrap (&over.virt, (p11_destroyer)p11_virtual_uninit);
- assert_ptr_not_null (module);
-
- rv = (module->C_Initialize) ("initialize-arg");
- assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv);
-
- p11_virtual_unwrap (module);
- assert_num_eq (true, test_destroyed);
-}
-
-static void
-test_fall_through (void)
-{
- CK_FUNCTION_LIST_PTR module;
- Override over = { };
- p11_virtual base;
- CK_RV rv;
-
- p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
- p11_virtual_init (&over.virt, &p11_virtual_stack, &base, NULL);
- over.virt.funcs.C_Initialize = override_initialize;
- over.check = "overide-arg";
-
- module = p11_virtual_wrap (&over.virt, NULL);
- assert_ptr_not_null (module);
-
- rv = (module->C_Initialize) ("initialize-arg");
- assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv);
-
- /* All other functiosn should have just fallen through */
- assert_ptr_eq (mock_module_no_slots.C_Finalize, module->C_Finalize);
-
- p11_virtual_unwrap (module);
-}
-
-static void
-test_get_function_list (void)
-{
- CK_FUNCTION_LIST_PTR module;
- CK_FUNCTION_LIST_PTR list;
- p11_virtual virt;
- CK_RV rv;
-
- p11_virtual_init (&virt, &p11_virtual_base, &mock_module_no_slots, NULL);
- module = p11_virtual_wrap (&virt, NULL);
- assert_ptr_not_null (module);
-
- rv = (module->C_GetFunctionList) (&list);
- assert_num_eq (CKR_OK, rv);
- assert_ptr_eq (module, list);
-
- rv = (module->C_GetFunctionList) (&list);
- assert_num_eq (CKR_OK, rv);
-
- rv = (module->C_GetFunctionList) (NULL);
- assert_num_eq (CKR_ARGUMENTS_BAD, rv);
-
- p11_virtual_unwrap (module);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- mock_module_init ();
- p11_library_init ();
-
- assert (p11_virtual_can_wrap ());
- p11_test (test_initialize, "/virtual/test_initialize");
- p11_test (test_fall_through, "/virtual/test_fall_through");
- p11_test (test_get_function_list, "/virtual/test_get_function_list");
-
- return p11_test_run (argc, argv);
-}
diff --git a/p11-kit/uri.c b/p11-kit/uri.c
deleted file mode 100644
index c64912f..0000000
--- a/p11-kit/uri.c
+++ /dev/null
@@ -1,1490 +0,0 @@
-/*
- * Copyright (C) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "attrs.h"
-#include "buffer.h"
-#define P11_DEBUG_FLAG P11_DEBUG_URI
-#include "debug.h"
-#include "message.h"
-#include "pkcs11.h"
-#include "private.h"
-#include "p11-kit.h"
-#include "uri.h"
-#include "url.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-/**
- * SECTION:p11-kit-uri
- * @title: URIs
- * @short_description: Parsing and formatting PKCS\#11 URIs
- *
- * PKCS\#11 URIs can be used in configuration files or applications to represent
- * PKCS\#11 modules, tokens or objects. An example of a URI might be:
- *
- * <code><literallayout>
- * pkcs11:token=The\%20Software\%20PKCS\#11\%20softtoken;
- * manufacturer=Snake\%20Oil,\%20Inc.;serial=;object=my-certificate;
- * model=1.0;type=cert;id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91
- * </literallayout></code>
- *
- * You can use p11_kit_uri_parse() to parse such a URI, and p11_kit_uri_format()
- * to build one. URIs are represented by the #P11KitUri structure. You can match
- * a parsed URI against PKCS\#11 tokens with p11_kit_uri_match_token_info()
- * or attributes with p11_kit_uri_match_attributes().
- *
- * Since URIs can represent different sorts of things, when parsing or formatting
- * a URI a 'context' can be used to indicate which sort of URI is expected.
- *
- * URIs have an <code>unrecognized</code> flag. This flag is set during parsing
- * if any parts of the URI are not recognized. This may be because the part is
- * from a newer version of the PKCS\#11 spec or because that part was not valid
- * inside of the desired context used when parsing.
- */
-
-/**
- * P11KitUri:
- *
- * A structure representing a PKCS\#11 URI. There are no public fields
- * visible in this structure. Use the various accessor functions.
- */
-
-/**
- * P11KitUriType:
- * @P11_KIT_URI_FOR_OBJECT: The URI represents one or more objects
- * @P11_KIT_URI_FOR_TOKEN: The URI represents one or more tokens
- * @P11_KIT_URI_FOR_SLOT: The URI represents one or more slots
- * @P11_KIT_URI_FOR_MODULE: The URI represents one or more modules
- * @P11_KIT_URI_FOR_MODULE_WITH_VERSION: The URI represents a module with
- * a specific version.
- * @P11_KIT_URI_FOR_OBJECT_ON_TOKEN: The URI represents one or more objects
- * that are present on a specific token.
- * @P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE: The URI represents one or more
- * objects that are present on a specific token, being used with a certain
- * module.
- * @P11_KIT_URI_FOR_ANY: The URI can represent anything
- *
- * A PKCS\#11 URI can represent different kinds of things. This flag is used by
- * p11_kit_uri_parse() to denote in what context the URI will be used.
- *
- * The various types can be combined.
- */
-
-/**
- * P11KitUriResult:
- * @P11_KIT_URI_OK: Success
- * @P11_KIT_URI_UNEXPECTED: Unexpected or internal system error
- * @P11_KIT_URI_BAD_SCHEME: The URI had a bad scheme
- * @P11_KIT_URI_BAD_ENCODING: The URI had a bad encoding
- * @P11_KIT_URI_BAD_SYNTAX: The URI had a bad syntax
- * @P11_KIT_URI_BAD_VERSION: The URI contained a bad version number
- * @P11_KIT_URI_NOT_FOUND: A requested part of the URI was not found
- *
- * Error codes returned by various functions. The functions each clearly state
- * which error codes they are capable of returning.
- */
-
-/**
- * P11_KIT_URI_NO_MEMORY:
- *
- * Unexpected memory allocation failure result. Same as #P11_KIT_URI_UNEXPECTED.
- */
-
-/**
- * P11_KIT_URI_SCHEME:
- *
- * String of URI scheme for PKCS\#11 URIs.
- */
-
-/**
- * P11_KIT_URI_SCHEME_LEN:
- *
- * Length of %P11_KIT_URI_SCHEME.
- */
-
-struct p11_kit_uri {
- bool unrecognized;
- CK_INFO module;
- CK_SLOT_INFO slot;
- CK_TOKEN_INFO token;
- CK_ATTRIBUTE *attrs;
- char *pin_source;
- char *pin_value;
- CK_SLOT_ID slot_id;
-};
-
-static char *
-strip_whitespace (const char *value)
-{
- size_t length = strlen (value);
- char *at, *pos;
- char *key;
-
- key = malloc (length + 1);
- return_val_if_fail (key != NULL, NULL);
-
- memcpy (key, value, length);
- key[length] = '\0';
-
- /* Do we have any whitespace? Strip it out. */
- if (strcspn (key, P11_URL_WHITESPACE) != length) {
- for (at = key, pos = key; pos != key + length + 1; ++pos) {
- if (!strchr (P11_URL_WHITESPACE, *pos))
- *(at++) = *pos;
- }
- *at = '\0';
- }
-
- return key;
-}
-
-static bool
-match_struct_string (const unsigned char *inuri, const unsigned char *real,
- size_t length)
-{
- assert (inuri);
- assert (real);
- assert (length > 0);
-
- /* NULL matches anything */
- if (inuri[0] == 0)
- return true;
-
- return memcmp (inuri, real, length) == 0 ? true : false;
-}
-
-static bool
-match_struct_version (CK_VERSION_PTR inuri, CK_VERSION_PTR real)
-{
- /* This matches anything */
- if (inuri->major == (CK_BYTE)-1 && inuri->minor == (CK_BYTE)-1)
- return true;
-
- return memcmp (inuri, real, sizeof (CK_VERSION)) == 0 ? true : false;
-}
-
-/**
- * p11_kit_uri_get_module_info:
- * @uri: the URI
- *
- * Get the <code>CK_INFO</code> structure associated with this URI.
- *
- * If this is a parsed URI, then the fields corresponding to library parts of
- * the URI will be filled in. Any library URI parts that were missing will have
- * their fields filled with zeros.
- *
- * If the caller wishes to setup information for building a URI, then relevant
- * fields should be filled in. Fields that should not appear as parts in the
- * resulting URI should be filled with zeros.
- *
- * Returns: A pointer to the <code>CK_INFO</code> structure.
- */
-CK_INFO_PTR
-p11_kit_uri_get_module_info (P11KitUri *uri)
-{
- return_val_if_fail (uri != NULL, NULL);
- return &uri->module;
-}
-
-int
-p11_match_uri_module_info (CK_INFO_PTR one,
- CK_INFO_PTR two)
-{
- return (match_struct_string (one->libraryDescription,
- two->libraryDescription,
- sizeof (one->libraryDescription)) &&
- match_struct_string (one->manufacturerID,
- two->manufacturerID,
- sizeof (one->manufacturerID)) &&
- match_struct_version (&one->libraryVersion,
- &two->libraryVersion));
-}
-
-/**
- * p11_kit_uri_match_module_info:
- * @uri: the URI
- * @info: the structure to match against the URI
- *
- * Match a <code>CK_INFO</code> structure against the library parts of this URI.
- *
- * Only the fields of the <code>CK_INFO</code> structure that are valid for use
- * in a URI will be matched. A URI part that was not specified in the URI will
- * match any value in the structure. If during the URI parsing any unrecognized
- * parts were encountered then this match will fail.
- *
- * Returns: 1 if the URI matches, 0 if not.
- */
-int
-p11_kit_uri_match_module_info (P11KitUri *uri, CK_INFO_PTR info)
-{
- return_val_if_fail (uri != NULL, 0);
- return_val_if_fail (info != NULL, 0);
-
- if (uri->unrecognized)
- return 0;
-
- return p11_match_uri_module_info (&uri->module, info);
-}
-
-/**
- * p11_kit_uri_get_slot_info:
- * @uri: the URI
- *
- * Get the <code>CK_SLOT_INFO</code> structure associated with this URI.
- *
- * If this is a parsed URI, then the fields corresponding to slot parts of
- * the URI will be filled in. Any slot URI parts that were missing will have
- * their fields filled with zeros.
- *
- * If the caller wishes to setup information for building a URI, then relevant
- * fields should be filled in. Fields that should not appear as parts in the
- * resulting URI should be filled with zeros.
- *
- * Returns: A pointer to the <code>CK_INFO</code> structure.
- */
-CK_SLOT_INFO_PTR
-p11_kit_uri_get_slot_info (P11KitUri *uri)
-{
- return_val_if_fail (uri != NULL, NULL);
- return &uri->slot;
-}
-
-int
-p11_match_uri_slot_info (CK_SLOT_INFO_PTR one,
- CK_SLOT_INFO_PTR two)
-{
- return (match_struct_string (one->slotDescription,
- two->slotDescription,
- sizeof (one->slotDescription)) &&
- match_struct_string (one->manufacturerID,
- two->manufacturerID,
- sizeof (one->manufacturerID)));
-}
-
-/**
- * p11_kit_uri_match_slot_info:
- * @uri: the URI
- * @slot_info: the structure to match against the URI
- *
- * Match a <code>CK_SLOT_INFO</code> structure against the slot parts of this
- * URI.
- *
- * Only the fields of the <code>CK_SLOT_INFO</code> structure that are valid
- * for use in a URI will be matched. A URI part that was not specified in the
- * URI will match any value in the structure. If during the URI parsing any
- * unrecognized parts were encountered then this match will fail.
- *
- * Returns: 1 if the URI matches, 0 if not.
- */
-int
-p11_kit_uri_match_slot_info (P11KitUri *uri, CK_SLOT_INFO_PTR slot_info)
-{
- return_val_if_fail (uri != NULL, 0);
- return_val_if_fail (slot_info != NULL, 0);
-
- if (uri->unrecognized)
- return 0;
-
- return p11_match_uri_slot_info (&uri->slot, slot_info);
-}
-
-/**
- * p11_kit_uri_get_slot_id:
- * @uri: The URI
- *
- * Get the 'slot-id' part of the URI.
- *
- * Returns: The slot-id or <code>(CK_SLOT_ID)-1</code> if not set.
- */
-CK_SLOT_ID
-p11_kit_uri_get_slot_id (P11KitUri *uri)
-{
- return_val_if_fail (uri != NULL, (CK_SLOT_ID)-1);
- return uri->slot_id;
-}
-
-/**
- * p11_kit_uri_set_slot_id:
- * @uri: The URI
- * @slot_id: The new slot-id
- *
- * Set the 'slot-id' part of the URI.
- */
-void
-p11_kit_uri_set_slot_id (P11KitUri *uri,
- CK_SLOT_ID slot_id)
-{
- return_if_fail (uri != NULL);
- uri->slot_id = slot_id;
-}
-
-/**
- * p11_kit_uri_get_token_info:
- * @uri: the URI
- *
- * Get the <code>CK_TOKEN_INFO</code> structure associated with this URI.
- *
- * If this is a parsed URI, then the fields corresponding to token parts of
- * the URI will be filled in. Any token URI parts that were missing will have
- * their fields filled with zeros.
- *
- * If the caller wishes to setup information for building a URI, then relevant
- * fields should be filled in. Fields that should not appear as parts in the
- * resulting URI should be filled with zeros.
- *
- * Returns: A pointer to the <code>CK_INFO</code> structure.
- */
-CK_TOKEN_INFO_PTR
-p11_kit_uri_get_token_info (P11KitUri *uri)
-{
- return_val_if_fail (uri != NULL, NULL);
- return &uri->token;
-}
-
-int
-p11_match_uri_token_info (CK_TOKEN_INFO_PTR one,
- CK_TOKEN_INFO_PTR two)
-{
- return (match_struct_string (one->label,
- two->label,
- sizeof (one->label)) &&
- match_struct_string (one->manufacturerID,
- two->manufacturerID,
- sizeof (one->manufacturerID)) &&
- match_struct_string (one->model,
- two->model,
- sizeof (one->model)) &&
- match_struct_string (one->serialNumber,
- two->serialNumber,
- sizeof (one->serialNumber)));
-}
-
-/**
- * p11_kit_uri_match_token_info:
- * @uri: the URI
- * @token_info: the structure to match against the URI
- *
- * Match a <code>CK_TOKEN_INFO</code> structure against the token parts of this
- * URI.
- *
- * Only the fields of the <code>CK_TOKEN_INFO</code> structure that are valid
- * for use in a URI will be matched. A URI part that was not specified in the
- * URI will match any value in the structure. If during the URI parsing any
- * unrecognized parts were encountered then this match will fail.
- *
- * Returns: 1 if the URI matches, 0 if not.
- */
-int
-p11_kit_uri_match_token_info (P11KitUri *uri, CK_TOKEN_INFO_PTR token_info)
-{
- return_val_if_fail (uri != NULL, 0);
- return_val_if_fail (token_info != NULL, 0);
-
- if (uri->unrecognized)
- return 0;
-
- return p11_match_uri_token_info (&uri->token, token_info);
-}
-
-/**
- * p11_kit_uri_get_attribute:
- * @uri: The URI
- * @attr_type: The attribute type
- *
- * Get a pointer to an attribute present in this URI.
- *
- * Returns: A pointer to the attribute, or <code>NULL</code> if not present.
- * The attribute is owned by the URI and should not be freed.
- */
-CK_ATTRIBUTE_PTR
-p11_kit_uri_get_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type)
-{
- return_val_if_fail (uri != NULL, NULL);
-
- if (uri->attrs == NULL)
- return NULL;
-
- return p11_attrs_find (uri->attrs, attr_type);
-}
-
-/**
- * p11_kit_uri_set_attribute:
- * @uri: The URI
- * @attr: The attribute to set
- *
- * Set an attribute on the URI.
- *
- * Only attributes that map to parts in a PKCS\#11 URI will be accepted.
- *
- * Returns: %P11_KIT_URI_OK if the attribute was successfully set.
- * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI.
- */
-int
-p11_kit_uri_set_attribute (P11KitUri *uri, CK_ATTRIBUTE_PTR attr)
-{
- return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED);
-
- uri->attrs = p11_attrs_buildn (uri->attrs, attr, 1);
- return_val_if_fail (uri->attrs != NULL, P11_KIT_URI_UNEXPECTED);
-
- return P11_KIT_URI_OK;
-}
-
-/**
- * p11_kit_uri_clear_attribute:
- * @uri: The URI
- * @attr_type: The type of the attribute to clear
- *
- * Clear an attribute on the URI.
- *
- * Only attributes that map to parts in a PKCS\#11 URI will be accepted.
- *
- * Returns: %P11_KIT_URI_OK if the attribute was successfully cleared.
- * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI.
- */
-int
-p11_kit_uri_clear_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type)
-{
- return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED);
-
- if (attr_type != CKA_CLASS &&
- attr_type != CKA_LABEL &&
- attr_type != CKA_ID)
- return P11_KIT_URI_NOT_FOUND;
-
- if (uri->attrs)
- p11_attrs_remove (uri->attrs, attr_type);
-
- return P11_KIT_URI_OK;
-}
-
-/**
- * p11_kit_uri_get_attribute_types:
- * @uri: The URI
- * @n_attrs: A location to store the number of attributes returned.
- *
- * Get the attributes present in this URI. The attributes and values are
- * owned by the URI. If the URI is modified, then the attributes that were
- * returned from this function will not remain consistent.
- *
- * Returns: The attributes for this URI. These are owned by the URI.
- */
-CK_ATTRIBUTE_PTR
-p11_kit_uri_get_attributes (P11KitUri *uri, CK_ULONG_PTR n_attrs)
-{
- static const CK_ATTRIBUTE terminator = { CKA_INVALID, NULL, 0UL };
-
- return_val_if_fail (uri != NULL, NULL);
-
- if (!uri->attrs) {
- if (n_attrs)
- *n_attrs = 0;
- return (CK_ATTRIBUTE_PTR)&terminator;
- }
-
- if (n_attrs)
- *n_attrs = p11_attrs_count (uri->attrs);
- return uri->attrs;
-}
-
-int
-p11_kit_uri_set_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs,
- CK_ULONG n_attrs)
-{
- CK_ULONG i;
- int ret;
-
- return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED);
-
- p11_kit_uri_clear_attributes (uri);
-
- for (i = 0; i < n_attrs; i++) {
- ret = p11_kit_uri_set_attribute (uri, &attrs[i]);
- if (ret != P11_KIT_URI_OK && ret != P11_KIT_URI_NOT_FOUND)
- return ret;
- }
-
- return P11_KIT_URI_OK;
-}
-
-void
-p11_kit_uri_clear_attributes (P11KitUri *uri)
-{
- return_if_fail (uri != NULL);
-
- p11_attrs_free (uri->attrs);
- uri->attrs = NULL;
-}
-
-/**
- * p11_kit_uri_match_attributes:
- * @uri: The URI
- * @attrs: The attributes to match
- * @n_attrs: The number of attributes
- *
- * Match a attributes against the object parts of this URI.
- *
- * Only the attributes that are valid for use in a URI will be matched. A URI
- * part that was not specified in the URI will match any attribute value. If
- * during the URI parsing any unrecognized parts were encountered then this
- * match will fail.
- *
- * Returns: 1 if the URI matches, 0 if not.
- */
-int
-p11_kit_uri_match_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs,
- CK_ULONG n_attrs)
-{
- CK_ATTRIBUTE *attr;
- CK_ULONG i;
-
- return_val_if_fail (uri != NULL, 0);
- return_val_if_fail (attrs != NULL || n_attrs == 0, 0);
-
- if (uri->unrecognized)
- return 0;
-
- for (i = 0; i < n_attrs; i++) {
- if (attrs[i].type != CKA_CLASS &&
- attrs[i].type != CKA_LABEL &&
- attrs[i].type != CKA_ID)
- continue;
- attr = NULL;
- if (uri->attrs)
- attr = p11_attrs_find (uri->attrs, attrs[i].type);
- if (!attr)
- continue;
- if (!p11_attr_equal (attr, attrs + i))
- return 0;
- }
-
- return 1;
-}
-
-/**
- * p11_kit_uri_set_unrecognized:
- * @uri: The URI
- * @unrecognized: The new unregognized flag value
- *
- * Set the unrecognized flag on this URI.
- *
- * The unrecognized flag is automatically set to 1 when during parsing any part
- * of the URI is unrecognized. If the unrecognized flag is set to 1, then
- * matching against this URI will always fail.
- */
-void
-p11_kit_uri_set_unrecognized (P11KitUri *uri, int unrecognized)
-{
- return_if_fail (uri != NULL);
- uri->unrecognized = unrecognized ? true : false;
-}
-
-/**
- * p11_kit_uri_any_unrecognized:
- * @uri: The URI
- *
- * Get the unrecognized flag for this URI.
- *
- * The unrecognized flag is automatically set to 1 when during parsing any part
- * of the URI is unrecognized. If the unrecognized flag is set to 1, then
- * matching against this URI will always fail.
- *
- * Returns: 1 if unrecognized flag is set, 0 otherwise.
- */
-int
-p11_kit_uri_any_unrecognized (P11KitUri *uri)
-{
- return_val_if_fail (uri != NULL, 1);
- return uri->unrecognized;
-}
-
-/**
- * p11_kit_uri_get_pin_value:
- * @uri: The URI
- *
- * Get the 'pin-value' part of the URI. This is used by some applications to
- * read the PIN for logging into a PKCS\#11 token.
- *
- * Returns: The pin-value or %NULL if not present.
- */
-const char*
-p11_kit_uri_get_pin_value (P11KitUri *uri)
-{
- return_val_if_fail (uri != NULL, NULL);
- return uri->pin_value;
-}
-
-/**
- * p11_kit_uri_set_pin_value:
- * @uri: The URI
- * @pin: The new pin-value
- *
- * Set the 'pin-value' part of the URI. This is used by some applications to
- * specify the PIN for logging into a PKCS\#11 token.
- */
-void
-p11_kit_uri_set_pin_value (P11KitUri *uri, const char *pin)
-{
- return_if_fail (uri != NULL);
- free (uri->pin_value);
- uri->pin_value = pin ? strdup (pin) : NULL;
-}
-
-
-/**
- * p11_kit_uri_get_pin_source:
- * @uri: The URI
- *
- * Get the 'pin-source' part of the URI. This is used by some applications to
- * lookup a PIN for logging into a PKCS\#11 token.
- *
- * Returns: The pin-source or %NULL if not present.
- */
-const char*
-p11_kit_uri_get_pin_source (P11KitUri *uri)
-{
- return_val_if_fail (uri != NULL, NULL);
- return uri->pin_source;
-}
-
-/**
- * p11_kit_uri_get_pinfile:
- * @uri: The URI
- *
- * Deprecated: use p11_kit_uri_get_pin_source().
- */
-const char*
-p11_kit_uri_get_pinfile (P11KitUri *uri)
-{
- return_val_if_fail (uri != NULL, NULL);
- return p11_kit_uri_get_pin_source (uri);
-}
-
-/**
- * p11_kit_uri_set_pin_source:
- * @uri: The URI
- * @pin_source: The new pin-source
- *
- * Set the 'pin-source' part of the URI. This is used by some applications to
- * lookup a PIN for logging into a PKCS\#11 token.
- */
-void
-p11_kit_uri_set_pin_source (P11KitUri *uri, const char *pin_source)
-{
- return_if_fail (uri != NULL);
- free (uri->pin_source);
- uri->pin_source = pin_source ? strdup (pin_source) : NULL;
-}
-
-/**
- * p11_kit_uri_set_pinfile:
- * @uri: The URI
- * @pinfile: The pinfile
- *
- * Deprecated: use p11_kit_uri_set_pin_source().
- */
-void
-p11_kit_uri_set_pinfile (P11KitUri *uri, const char *pinfile)
-{
- return_if_fail (uri != NULL);
- p11_kit_uri_set_pin_source (uri, pinfile);
-}
-
-/**
- * p11_kit_uri_new:
- *
- * Create a new blank PKCS\#11 URI.
- *
- * The new URI is in the right state to parse a string into. All relevant fields
- * are zeroed out. Formatting this URI will produce a valid but empty URI.
- *
- * Returns: A newly allocated URI. This should be freed with p11_kit_uri_free().
- */
-P11KitUri*
-p11_kit_uri_new (void)
-{
- P11KitUri *uri;
-
- uri = calloc (1, sizeof (P11KitUri));
- return_val_if_fail (uri != NULL, NULL);
-
- /* So that it matches anything */
- uri->module.libraryVersion.major = (CK_BYTE)-1;
- uri->module.libraryVersion.minor = (CK_BYTE)-1;
- uri->slot_id = (CK_SLOT_ID)-1;
-
- return uri;
-}
-
-static void
-format_name_equals (p11_buffer *buffer,
- bool *is_first,
- const char *name)
-{
- if (!*is_first)
- p11_buffer_add (buffer, ";", 1);
- p11_buffer_add (buffer, name, -1);
- p11_buffer_add (buffer, "=", 1);
- *is_first = false;
-}
-
-static bool
-format_raw_string (p11_buffer *buffer,
- bool *is_first,
- const char *name,
- const char *value)
-{
- /* Not set */
- if (!value)
- return true;
-
- format_name_equals (buffer, is_first, name);
- p11_buffer_add (buffer, value, -1);
-
- return p11_buffer_ok (buffer);
-}
-
-static bool
-format_encode_string (p11_buffer *buffer,
- bool *is_first,
- const char *name,
- const unsigned char *value,
- size_t n_value,
- bool force)
-{
- /* Not set */
- if (!value)
- return true;
-
- format_name_equals (buffer, is_first, name);
- p11_url_encode (value, value + n_value, force ? "" : P11_URL_VERBATIM, buffer);
-
- return p11_buffer_ok (buffer);
-}
-
-
-static bool
-format_struct_string (p11_buffer *buffer,
- bool *is_first,
- const char *name,
- const unsigned char *value,
- size_t value_max)
-{
- size_t len;
-
- /* Not set */
- if (!value[0])
- return true;
-
- len = p11_kit_space_strlen (value, value_max);
- return format_encode_string (buffer, is_first, name, value, len, false);
-}
-
-static bool
-format_attribute_string (p11_buffer *buffer,
- bool *is_first,
- const char *name,
- CK_ATTRIBUTE_PTR attr,
- bool force)
-{
- /* Not set */;
- if (attr == NULL)
- return true;
-
- return format_encode_string (buffer, is_first, name,
- attr->pValue, attr->ulValueLen,
- force);
-}
-
-static bool
-format_attribute_class (p11_buffer *buffer,
- bool *is_first,
- const char *name,
- CK_ATTRIBUTE_PTR attr)
-{
- CK_OBJECT_CLASS klass;
- const char *value;
-
- /* Not set */;
- if (attr == NULL)
- return true;
-
- klass = *((CK_OBJECT_CLASS*)attr->pValue);
- switch (klass) {
- case CKO_DATA:
- value = "data";
- break;
- case CKO_SECRET_KEY:
- value = "secret-key";
- break;
- case CKO_CERTIFICATE:
- value = "cert";
- break;
- case CKO_PUBLIC_KEY:
- value = "public";
- break;
- case CKO_PRIVATE_KEY:
- value = "private";
- break;
- default:
- return true;
- }
-
- return format_raw_string (buffer, is_first, name, value);
-}
-
-static bool
-format_struct_version (p11_buffer *buffer,
- bool *is_first,
- const char *name,
- CK_VERSION_PTR version)
-{
- char buf[64];
-
- /* Not set */
- if (version->major == (CK_BYTE)-1 && version->minor == (CK_BYTE)-1)
- return true;
-
- snprintf (buf, sizeof (buf), "%d.%d",
- (int)version->major, (int)version->minor);
- return format_raw_string (buffer, is_first, name, buf);
-}
-
-static bool
-format_ulong (p11_buffer *buffer,
- bool *is_first,
- const char *name,
- CK_ULONG value)
-{
- char buf[64];
-
- /* Not set */
- if (value == (CK_ULONG)-1)
- return true;
-
- snprintf (buf, sizeof (buf), "%lu", value);
- return format_raw_string (buffer, is_first, name, buf);
-}
-
-/**
- * p11_kit_uri_format:
- * @uri: The URI.
- * @uri_type: The type of URI that should be produced.
- * @string: Location to store a newly allocated string.
- *
- * Format a PKCS\#11 URI into a string.
- *
- * Fields which are zeroed out will not be included in the resulting string.
- * Attributes which are not present will also not be included.
- *
- * The uri_type of URI specified limits the different parts of the resulting
- * URI. To format a URI containing all possible information use
- * %P11_KIT_URI_FOR_ANY
- *
- * It's up to the caller to guarantee that the attributes set in @uri are
- * those appropriate for inclusion in a URI, specifically:
- * <literal>CKA_ID</literal>, <literal>CKA_LABEL</literal>
- * and <literal>CKA_CLASS</literal>. The class must be one of
- * <literal>CKO_DATA</literal>, <literal>CKO_SECRET_KEY</literal>,
- * <literal>CKO_CERTIFICATE</literal>, <literal>CKO_PUBLIC_KEY</literal>,
- * <literal>CKO_PRIVATE_KEY</literal>.
- *
- * The resulting string should be freed with free().
- *
- * Returns: %P11_KIT_URI_OK if the URI was formatted successfully,
- * %P11_KIT_URI_UNEXPECTED if the data in @uri is invalid for a URI.
- */
-int
-p11_kit_uri_format (P11KitUri *uri, P11KitUriType uri_type, char **string)
-{
- p11_buffer buffer;
- bool is_first = true;
-
- return_val_if_fail (uri != NULL, P11_KIT_URI_UNEXPECTED);
- return_val_if_fail (string != NULL, P11_KIT_URI_UNEXPECTED);
-
- if (!p11_buffer_init_null (&buffer, 64))
- return_val_if_reached (P11_KIT_URI_UNEXPECTED);
-
- p11_buffer_add (&buffer, P11_KIT_URI_SCHEME, P11_KIT_URI_SCHEME_LEN);
- p11_buffer_add (&buffer, ":", 1);
-
- if ((uri_type & P11_KIT_URI_FOR_MODULE) == P11_KIT_URI_FOR_MODULE) {
- if (!format_struct_string (&buffer, &is_first, "library-description",
- uri->module.libraryDescription,
- sizeof (uri->module.libraryDescription)) ||
- !format_struct_string (&buffer, &is_first, "library-manufacturer",
- uri->module.manufacturerID,
- sizeof (uri->module.manufacturerID))) {
- return_val_if_reached (P11_KIT_URI_UNEXPECTED);
- }
- }
-
- if ((uri_type & P11_KIT_URI_FOR_MODULE_WITH_VERSION) == P11_KIT_URI_FOR_MODULE_WITH_VERSION) {
- if (!format_struct_version (&buffer, &is_first, "library-version",
- &uri->module.libraryVersion)) {
- return_val_if_reached (P11_KIT_URI_UNEXPECTED);
- }
- }
-
- if ((uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT) {
- if (!format_struct_string (&buffer, &is_first, "slot-description",
- uri->slot.slotDescription,
- sizeof (uri->slot.slotDescription)) ||
- !format_struct_string (&buffer, &is_first, "slot-manufacturer",
- uri->slot.manufacturerID,
- sizeof (uri->slot.manufacturerID)) ||
- !format_ulong (&buffer, &is_first, "slot-id",
- uri->slot_id)) {
- return_val_if_reached (P11_KIT_URI_UNEXPECTED);
- }
- }
-
- if ((uri_type & P11_KIT_URI_FOR_TOKEN) == P11_KIT_URI_FOR_TOKEN) {
- if (!format_struct_string (&buffer, &is_first, "model",
- uri->token.model,
- sizeof (uri->token.model)) ||
- !format_struct_string (&buffer, &is_first, "manufacturer",
- uri->token.manufacturerID,
- sizeof (uri->token.manufacturerID)) ||
- !format_struct_string (&buffer, &is_first, "serial",
- uri->token.serialNumber,
- sizeof (uri->token.serialNumber)) ||
- !format_struct_string (&buffer, &is_first, "token",
- uri->token.label,
- sizeof (uri->token.label))) {
- return_val_if_reached (P11_KIT_URI_UNEXPECTED);
- }
- }
-
- if ((uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT) {
- if (!format_attribute_string (&buffer, &is_first, "id",
- p11_kit_uri_get_attribute (uri, CKA_ID),
- true) ||
- !format_attribute_string (&buffer, &is_first, "object",
- p11_kit_uri_get_attribute (uri, CKA_LABEL),
- false)) {
- return_val_if_reached (P11_KIT_URI_UNEXPECTED);
- }
-
- if (!format_attribute_class (&buffer, &is_first, "type",
- p11_kit_uri_get_attribute (uri, CKA_CLASS))) {
- return_val_if_reached (P11_KIT_URI_UNEXPECTED);
- }
- }
-
- if (uri->pin_source) {
- if (!format_encode_string (&buffer, &is_first, "pin-source",
- (const unsigned char*)uri->pin_source,
- strlen (uri->pin_source), 0)) {
- return_val_if_reached (P11_KIT_URI_UNEXPECTED);
- }
- }
-
- if (uri->pin_value) {
- if (!format_encode_string (&buffer, &is_first, "pin-value",
- (const unsigned char*)uri->pin_value,
- strlen (uri->pin_value), 0)) {
- return_val_if_reached (P11_KIT_URI_UNEXPECTED);
- }
- }
-
- return_val_if_fail (p11_buffer_ok (&buffer), P11_KIT_URI_UNEXPECTED);
- *string = p11_buffer_steal (&buffer, NULL);
- return P11_KIT_URI_OK;
-}
-
-static int
-parse_string_attribute (const char *name_start, const char *name_end,
- const char *start, const char *end,
- P11KitUri *uri)
-{
- unsigned char *value;
- CK_ATTRIBUTE_TYPE type;
- size_t length;
-
- assert (name_start <= name_end);
- assert (start <= end);
-
- if (memcmp ("id", name_start, name_end - name_start) == 0)
- type = CKA_ID;
- else if (memcmp ("object", name_start, name_end - name_start) == 0)
- type = CKA_LABEL;
- else
- return 0;
-
- value = p11_url_decode (start, end, P11_URL_WHITESPACE, &length);
- if (value == NULL)
- return P11_KIT_URI_BAD_ENCODING;
-
- uri->attrs = p11_attrs_take (uri->attrs, type, value, length);
- return 1;
-}
-
-static int
-parse_class_attribute (const char *name_start, const char *name_end,
- const char *start, const char *end,
- P11KitUri *uri)
-{
- CK_OBJECT_CLASS klass = 0;
- CK_ATTRIBUTE attr;
-
- assert (name_start <= name_end);
- assert (start <= end);
-
- if (memcmp ("objecttype", name_start, name_end - name_start) != 0 &&
- memcmp ("object-type", name_start, name_end - name_start) != 0 &&
- memcmp ("type", name_start, name_end - name_start) != 0)
- return 0;
-
- if (memcmp ("cert", start, end - start) == 0)
- klass = CKO_CERTIFICATE;
- else if (memcmp ("public", start, end - start) == 0)
- klass = CKO_PUBLIC_KEY;
- else if (memcmp ("private", start, end - start) == 0)
- klass = CKO_PRIVATE_KEY;
- else if (memcmp ("secretkey", start, end - start) == 0)
- klass = CKO_SECRET_KEY;
- else if (memcmp ("secret-key", start, end - start) == 0)
- klass = CKO_SECRET_KEY;
- else if (memcmp ("data", start, end - start) == 0)
- klass = CKO_DATA;
- else {
- uri->unrecognized = true;
- return 1;
- }
-
- attr.pValue = &klass;
- attr.ulValueLen = sizeof (klass);
- attr.type = CKA_CLASS;
-
- uri->attrs = p11_attrs_build (uri->attrs, &attr, NULL);
- return 1;
-}
-
-static int
-parse_struct_info (unsigned char *where, size_t length, const char *start,
- const char *end, P11KitUri *uri)
-{
- unsigned char *value;
- size_t value_length;
-
- assert (start <= end);
-
- value = p11_url_decode (start, end, P11_URL_WHITESPACE, &value_length);
- if (value == NULL)
- return P11_KIT_URI_BAD_ENCODING;
-
- /* Too long, shouldn't match anything */
- if (value_length > length) {
- free (value);
- uri->unrecognized = true;
- return 1;
- }
-
- memset (where, ' ', length);
- memcpy (where, value, value_length);
-
- free (value);
- return 1;
-}
-
-static int
-parse_token_info (const char *name_start, const char *name_end,
- const char *start, const char *end,
- P11KitUri *uri)
-{
- unsigned char *where;
- size_t length;
-
- assert (name_start <= name_end);
- assert (start <= end);
-
- if (memcmp ("model", name_start, name_end - name_start) == 0) {
- where = uri->token.model;
- length = sizeof (uri->token.model);
- } else if (memcmp ("manufacturer", name_start, name_end - name_start) == 0) {
- where = uri->token.manufacturerID;
- length = sizeof (uri->token.manufacturerID);
- } else if (memcmp ("serial", name_start, name_end - name_start) == 0) {
- where = uri->token.serialNumber;
- length = sizeof (uri->token.serialNumber);
- } else if (memcmp ("token", name_start, name_end - name_start) == 0) {
- where = uri->token.label;
- length = sizeof (uri->token.label);
- } else {
- return 0;
- }
-
- return parse_struct_info (where, length, start, end, uri);
-}
-
-static long
-atoin (const char *start, const char *end)
-{
- long ret = 0;
- while (start != end) {
- if (*start < '0' || *start > '9')
- return -1;
- ret *= 10;
- ret += (*start - '0');
- ++start;
- }
- return ret;
-}
-
-static int
-parse_struct_version (const char *start, const char *end, CK_VERSION_PTR version)
-{
- const char *dot;
- int val;
-
- assert (start <= end);
-
- dot = memchr (start, '.', end - start);
- if (!dot)
- dot = end;
-
- if (dot == start)
- return P11_KIT_URI_BAD_VERSION;
- val = atoin (start, dot);
- if (val < 0 || val >= 255)
- return P11_KIT_URI_BAD_VERSION;
- version->major = (CK_BYTE)val;
- version->minor = 0;
-
- if (dot != end) {
- if (dot + 1 == end)
- return P11_KIT_URI_BAD_VERSION;
- val = atoin (dot + 1, end);
- if (val < 0 || val >= 255)
- return P11_KIT_URI_BAD_VERSION;
- version->minor = (CK_BYTE)val;
- }
-
- return 1;
-}
-
-static int
-parse_slot_info (const char *name_start, const char *name_end,
- const char *start, const char *end,
- P11KitUri *uri)
-{
- unsigned char *where;
- size_t length;
-
- assert (name_start <= name_end);
- assert (start <= end);
-
- if (memcmp ("slot-description", name_start, name_end - name_start) == 0) {
- where = uri->slot.slotDescription;
- length = sizeof (uri->slot.slotDescription);
- } else if (memcmp ("slot-manufacturer", name_start, name_end - name_start) == 0) {
- where = uri->slot.manufacturerID;
- length = sizeof (uri->slot.manufacturerID);
- } else {
- return 0;
- }
-
- return parse_struct_info (where, length, start, end, uri);
-}
-
-static int
-parse_slot_id (const char *name_start, const char *name_end,
- const char *start, const char *end,
- P11KitUri *uri)
-{
- assert (name_start <= name_end);
- assert (start <= end);
-
- if (memcmp ("slot-id", name_start, name_end - name_start) == 0) {
- long val;
- val = atoin (start, end);
- if (val < 0)
- return P11_KIT_URI_BAD_SYNTAX;
- uri->slot_id = (CK_SLOT_ID)val;
- return 1;
- }
- return 0;
-}
-
-static int
-parse_module_version_info (const char *name_start, const char *name_end,
- const char *start, const char *end,
- P11KitUri *uri)
-{
- assert (name_start <= name_end);
- assert (start <= end);
-
- if (memcmp ("library-version", name_start, name_end - name_start) == 0)
- return parse_struct_version (start, end,
- &uri->module.libraryVersion);
-
- return 0;
-}
-
-static int
-parse_module_info (const char *name_start, const char *name_end,
- const char *start, const char *end,
- P11KitUri *uri)
-{
- unsigned char *where;
- size_t length;
-
- assert (name_start <= name_end);
- assert (start <= end);
-
- if (memcmp ("library-description", name_start, name_end - name_start) == 0) {
- where = uri->module.libraryDescription;
- length = sizeof (uri->module.libraryDescription);
- } else if (memcmp ("library-manufacturer", name_start, name_end - name_start) == 0) {
- where = uri->module.manufacturerID;
- length = sizeof (uri->module.manufacturerID);
- } else {
- return 0;
- }
-
- return parse_struct_info (where, length, start, end, uri);
-}
-
-static int
-parse_extra_info (const char *name_start, const char *name_end,
- const char *start, const char *end,
- P11KitUri *uri)
-{
- unsigned char *pin_source;
-
- assert (name_start <= name_end);
- assert (start <= end);
-
- if (memcmp ("pinfile", name_start, name_end - name_start) == 0 ||
- memcmp ("pin-source", name_start, name_end - name_start) == 0) {
- pin_source = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL);
- if (pin_source == NULL)
- return P11_KIT_URI_BAD_ENCODING;
- free (uri->pin_source);
- uri->pin_source = (char*)pin_source;
- return 1;
- } else if (memcmp ("pin-value", name_start, name_end - name_start) == 0) {
- pin_source = p11_url_decode (start, end, P11_URL_WHITESPACE, NULL);
- if (pin_source == NULL)
- return P11_KIT_URI_BAD_ENCODING;
- free (uri->pin_value);
- uri->pin_value = (char*)pin_source;
- return 1;
- }
-
- return 0;
-}
-
-/**
- * p11_kit_uri_parse:
- * @string: The string to parse
- * @uri_type: The type of URI that is expected
- * @uri: The blank URI to parse the values into
- *
- * Parse a PKCS\#11 URI string.
- *
- * PKCS\#11 URIs can represent tokens, objects or modules. The uri_type argument
- * allows the caller to specify what type of URI is expected and the sorts of
- * things the URI should match. %P11_KIT_URI_FOR_ANY can be used to parse a URI
- * for any context. It's then up to the caller to make sense of the way that
- * it is used.
- *
- * If the PKCS\#11 URI contains unrecognized URI parts or parts not applicable
- * to the specified context, then the unrecognized flag will be set. This will
- * prevent the URI from matching using the various match functions.
- *
- * Returns: %P11_KIT_URI_OK if the URI was parsed successfully.
- * %P11_KIT_URI_BAD_SCHEME if this was not a PKCS\#11 URI.
- * %P11_KIT_URI_BAD_SYNTAX if the URI syntax was bad.
- * %P11_KIT_URI_BAD_VERSION if a version number was bad.
- * %P11_KIT_URI_BAD_ENCODING if the URI encoding was invalid.
- */
-int
-p11_kit_uri_parse (const char *string, P11KitUriType uri_type,
- P11KitUri *uri)
-{
- const char *spos, *epos;
- int ret;
- size_t length;
- char *allocated = NULL;
-
- assert (string);
- assert (uri);
-
- /* If STRING contains any whitespace, create a copy of the
- * string and strip it out */
- length = strcspn (string, P11_URL_WHITESPACE);
- if (strspn (string + length, P11_URL_WHITESPACE) > 0) {
- allocated = strip_whitespace (string);
- return_val_if_fail (allocated != NULL, P11_KIT_URI_UNEXPECTED);
- string = allocated;
- }
-
- epos = strchr (string, ':');
- if (epos == NULL) {
- free (allocated);
- return P11_KIT_URI_BAD_SCHEME;
- }
- ret = memcmp (string, P11_KIT_URI_SCHEME, strlen (P11_KIT_URI_SCHEME));
- if (ret != 0) {
- free (allocated);
- return P11_KIT_URI_BAD_SCHEME;
- }
-
- string = epos + 1;
-
- /* Clear everything out */
- memset (&uri->module, 0, sizeof (uri->module));
- memset (&uri->token, 0, sizeof (uri->token));
- p11_attrs_free (uri->attrs);
- uri->attrs = NULL;
- uri->module.libraryVersion.major = (CK_BYTE)-1;
- uri->module.libraryVersion.minor = (CK_BYTE)-1;
- uri->unrecognized = 0;
- free (uri->pin_source);
- uri->pin_source = NULL;
- free (uri->pin_value);
- uri->pin_value = NULL;
- uri->slot_id = (CK_SLOT_ID)-1;
-
- for (;;) {
- spos = strchr (string, ';');
- if (spos == NULL) {
- spos = string + strlen (string);
- assert (*spos == '\0');
- if (spos == string)
- break;
- }
-
- epos = strchr (string, '=');
- if (epos == NULL || spos == string || epos == string || epos >= spos) {
- free (allocated);
- return P11_KIT_URI_BAD_SYNTAX;
- }
-
- ret = 0;
- if ((uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT)
- ret = parse_string_attribute (string, epos, epos + 1, spos, uri);
- if (ret == 0 && (uri_type & P11_KIT_URI_FOR_OBJECT) == P11_KIT_URI_FOR_OBJECT)
- ret = parse_class_attribute (string, epos, epos + 1, spos, uri);
- if (ret == 0 && (uri_type & P11_KIT_URI_FOR_TOKEN) == P11_KIT_URI_FOR_TOKEN)
- ret = parse_token_info (string, epos, epos + 1, spos, uri);
- if (ret == 0 && (uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT)
- ret = parse_slot_info (string, epos, epos + 1, spos, uri);
- if (ret == 0 && (uri_type & P11_KIT_URI_FOR_SLOT) == P11_KIT_URI_FOR_SLOT)
- ret = parse_slot_id (string, epos, epos + 1, spos, uri);
- if (ret == 0 && (uri_type & P11_KIT_URI_FOR_MODULE) == P11_KIT_URI_FOR_MODULE)
- ret = parse_module_info (string, epos, epos + 1, spos, uri);
- if (ret == 0 && (uri_type & P11_KIT_URI_FOR_MODULE_WITH_VERSION) == P11_KIT_URI_FOR_MODULE_WITH_VERSION)
- ret = parse_module_version_info (string, epos, epos + 1, spos, uri);
- if (ret == 0)
- ret = parse_extra_info (string, epos, epos + 1, spos, uri);
-
- if (ret < 0) {
- free (allocated);
- return ret;
- }
- if (ret == 0)
- uri->unrecognized = true;
-
- if (*spos == '\0')
- break;
- string = spos + 1;
- }
-
- free (allocated);
- return P11_KIT_URI_OK;
-}
-
-/**
- * p11_kit_uri_free:
- * @uri: The URI
- *
- * Free a PKCS\#11 URI.
- */
-void
-p11_kit_uri_free (P11KitUri *uri)
-{
- if (!uri)
- return;
-
- p11_attrs_free (uri->attrs);
- free (uri->pin_source);
- free (uri->pin_value);
- free (uri);
-}
-
-/**
- * p11_kit_uri_message:
- * @code: The error code
- *
- * Lookup a message for the uri error code. These codes are the P11_KIT_URI_XXX
- * error codes that can be returned from p11_kit_uri_parse() or
- * p11_kit_uri_format(). As a special case %NULL, will be returned for
- * %P11_KIT_URI_OK.
- *
- * Returns: The message for the error code. This string is owned by the p11-kit
- * library.
- */
-const char*
-p11_kit_uri_message (int code)
-{
- switch (code) {
- case P11_KIT_URI_OK:
- return NULL;
- case P11_KIT_URI_UNEXPECTED:
- return "Unexpected or internal system error";
- case P11_KIT_URI_BAD_SCHEME:
- return "URI scheme must be 'pkcs11:'";
- case P11_KIT_URI_BAD_ENCODING:
- return "URI encoding invalid or corrupted";
- case P11_KIT_URI_BAD_SYNTAX:
- return "URI syntax is invalid";
- case P11_KIT_URI_BAD_VERSION:
- return "URI version component is invalid";
- case P11_KIT_URI_NOT_FOUND:
- return "The URI component was not found";
- default:
- p11_debug ("unknown error code: %d", code);
- return "Unknown error";
- }
-}
diff --git a/p11-kit/uri.h b/p11-kit/uri.h
deleted file mode 100644
index 58f6fc9..0000000
--- a/p11-kit/uri.h
+++ /dev/null
@@ -1,177 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#ifndef P11_KIT_URI_H
-#define P11_KIT_URI_H
-
-#include "p11-kit/pkcs11.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define P11_KIT_URI_SCHEME "pkcs11"
-#define P11_KIT_URI_SCHEME_LEN 6
-
-typedef enum {
- P11_KIT_URI_OK = 0,
- P11_KIT_URI_UNEXPECTED = -1,
- P11_KIT_URI_BAD_SCHEME = -2,
- P11_KIT_URI_BAD_ENCODING = -3,
- P11_KIT_URI_BAD_SYNTAX = -4,
- P11_KIT_URI_BAD_VERSION = -5,
- P11_KIT_URI_NOT_FOUND = -6,
-} P11KitUriResult;
-
-#define P11_KIT_URI_NO_MEMORY P11_KIT_URI_UNEXPECTED
-
-typedef enum {
- P11_KIT_URI_FOR_OBJECT = (1 << 1),
- P11_KIT_URI_FOR_TOKEN = (1 << 2),
- P11_KIT_URI_FOR_SLOT = (1 << 5),
- P11_KIT_URI_FOR_MODULE = (1 << 3),
-
- P11_KIT_URI_FOR_MODULE_WITH_VERSION =
- (1 << 4) | P11_KIT_URI_FOR_MODULE,
-
- P11_KIT_URI_FOR_OBJECT_ON_TOKEN =
- P11_KIT_URI_FOR_OBJECT | P11_KIT_URI_FOR_TOKEN,
-
- P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE =
- P11_KIT_URI_FOR_OBJECT_ON_TOKEN | P11_KIT_URI_FOR_MODULE,
-
- P11_KIT_URI_FOR_ANY = 0x0000FFFF,
-} P11KitUriType;
-
-/*
- * If the caller is using the PKCS#11 GNU calling convention, then we cater
- * to that here.
- */
-#ifdef CRYPTOKI_GNU
-typedef struct ck_info *CK_INFO_PTR;
-typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
-typedef ck_attribute_type_t CK_ATTRIBUTE_TYPE;
-typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
-typedef unsigned long int CK_ULONG;
-typedef P11KitUriType p11_kit_uri_type_t;
-typedef P11KitUriResult p11_kit_uri_result_t;
-#endif
-
-typedef struct p11_kit_uri P11KitUri;
-typedef struct p11_kit_uri p11_kit_uri;
-
-CK_INFO_PTR p11_kit_uri_get_module_info (P11KitUri *uri);
-
-int p11_kit_uri_match_module_info (P11KitUri *uri,
- CK_INFO_PTR info);
-
-CK_SLOT_INFO_PTR p11_kit_uri_get_slot_info (P11KitUri *uri);
-
-int p11_kit_uri_match_slot_info (P11KitUri *uri,
- CK_SLOT_INFO_PTR slot_info);
-
-CK_SLOT_ID p11_kit_uri_get_slot_id (P11KitUri *uri);
-void p11_kit_uri_set_slot_id (P11KitUri *uri,
- CK_SLOT_ID slot_id);
-
-CK_TOKEN_INFO_PTR p11_kit_uri_get_token_info (P11KitUri *uri);
-
-int p11_kit_uri_match_token_info (P11KitUri *uri,
- CK_TOKEN_INFO_PTR token_info);
-
-CK_ATTRIBUTE_PTR p11_kit_uri_get_attribute (P11KitUri *uri,
- CK_ATTRIBUTE_TYPE attr_type);
-
-int p11_kit_uri_set_attribute (P11KitUri *uri,
- CK_ATTRIBUTE_PTR attr);
-
-int p11_kit_uri_clear_attribute (P11KitUri *uri,
- CK_ATTRIBUTE_TYPE attr_type);
-
-CK_ATTRIBUTE_PTR p11_kit_uri_get_attributes (P11KitUri *uri,
- CK_ULONG *n_attrs);
-
-int p11_kit_uri_set_attributes (P11KitUri *uri,
- CK_ATTRIBUTE_PTR attrs,
- CK_ULONG n_attrs);
-
-void p11_kit_uri_clear_attributes (P11KitUri *uri);
-
-int p11_kit_uri_match_attributes (P11KitUri *uri,
- CK_ATTRIBUTE_PTR attrs,
- CK_ULONG n_attrs);
-
-const char* p11_kit_uri_get_pin_value (P11KitUri *uri);
-
-void p11_kit_uri_set_pin_value (P11KitUri *uri,
- const char *pin);
-
-const char* p11_kit_uri_get_pin_source (P11KitUri *uri);
-
-void p11_kit_uri_set_pin_source (P11KitUri *uri,
- const char *pin_source);
-
-#ifndef P11_KIT_DISABLE_DEPRECATED
-
-const char* p11_kit_uri_get_pinfile (P11KitUri *uri);
-
-void p11_kit_uri_set_pinfile (P11KitUri *uri,
- const char *pinfile);
-
-#endif /* P11_KIT_DISABLE_DEPRECATED */
-
-void p11_kit_uri_set_unrecognized (P11KitUri *uri,
- int unrecognized);
-
-int p11_kit_uri_any_unrecognized (P11KitUri *uri);
-
-P11KitUri* p11_kit_uri_new (void);
-
-int p11_kit_uri_format (P11KitUri *uri,
- P11KitUriType uri_type,
- char **string);
-
-int p11_kit_uri_parse (const char *string,
- P11KitUriType uri_type,
- P11KitUri *uri);
-
-void p11_kit_uri_free (P11KitUri *uri);
-
-const char* p11_kit_uri_message (int code);
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* P11_KIT_URI_H */
diff --git a/p11-kit/util.c b/p11-kit/util.c
deleted file mode 100644
index 325d669..0000000
--- a/p11-kit/util.c
+++ /dev/null
@@ -1,295 +0,0 @@
-/*
- * Copyright (c) 2011 Collabora Ltd
- * Copyright (c) 2012 Stef Walter
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- *
- * CONTRIBUTORS
- * Stef Walter <stef@thewalter.net>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#define P11_DEBUG_FLAG P11_DEBUG_LIB
-#include "debug.h"
-#include "library.h"
-#include "message.h"
-#include "p11-kit.h"
-#include "private.h"
-#include "proxy.h"
-
-#include <assert.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-/**
- * SECTION:p11-kit-future
- * @title: Future
- * @short_description: Future Unstable API
- *
- * API that is not yet stable enough to be enabled by default. In all likelihood
- * this will be included in the next release. To use this API you must define a
- * MACRO. See the p11-kit.h header for more details.
- */
-
-/**
- * p11_kit_space_strlen:
- * @string: Pointer to string block
- * @max_length: Maximum length of string block
- *
- * In PKCS\#11 structures many strings are encoded in a strange way. The string
- * is placed in a fixed length buffer and then padded with spaces.
- *
- * This function determines the actual length of the string. Since the string
- * is not null-terminated you need to pass in the size of buffer as max_length.
- * The string will never be longer than this buffer.
- *
- * <informalexample><programlisting>
- * CK_INFO info;
- * size_t length;
- * ...
- * length = p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription));
- * </programlisting></informalexample>
- *
- * Returns: The length of the space padded string.
- */
-size_t
-p11_kit_space_strlen (const unsigned char *string, size_t max_length)
-{
- size_t i = max_length;
-
- assert (string);
-
- while (i > 0 && string[i - 1] == ' ')
- --i;
- return i;
-}
-
-/**
- * p11_kit_space_strdup:
- * @string: Pointer to string block
- * @max_length: Maximum length of string block
- *
- * In PKCS\#11 structures many strings are encoded in a strange way. The string
- * is placed in a fixed length buffer and then padded with spaces.
- *
- * This function copies the space padded string into a normal null-terminated
- * string. The result is owned by the caller.
- *
- * <informalexample><programlisting>
- * CK_INFO info;
- * char *description;
- * ...
- * description = p11_kit_space_strdup (info->libraryDescription, sizeof (info->libraryDescription));
- * </programlisting></informalexample>
- *
- * Returns: The newly allocated string, or %NULL if memory could not be allocated.
- */
-char*
-p11_kit_space_strdup (const unsigned char *string, size_t max_length)
-{
- size_t length;
- char *result;
-
- assert (string);
-
- length = p11_kit_space_strlen (string, max_length);
-
- result = malloc (length + 1);
- if (!result)
- return NULL;
-
- memcpy (result, string, length);
- result[length] = 0;
- return result;
-}
-
-/**
- * p11_kit_be_quiet:
- *
- * Once this function is called, the p11-kit library will no longer print
- * failure or warning messages to stderr.
- */
-void
-p11_kit_be_quiet (void)
-{
- p11_lock ();
- p11_message_quiet ();
- p11_debug_init ();
- p11_unlock ();
-}
-
-/**
- * p11_kit_be_loud:
- *
- * Tell the p11-kit library will print failure or warning messages to stderr.
- * This is the default behavior, but can be changed using p11_kit_be_quiet().
- */
-void
-p11_kit_be_loud (void)
-{
- p11_lock ();
- p11_message_loud ();
- p11_debug_init ();
- p11_unlock ();
-}
-
-/**
- * p11_kit_message:
- *
- * Gets the failure message for a recently called p11-kit function, which
- * returned a failure code on this thread. Not all functions set this message.
- * Each function that does so, will note it in its documentation.
- *
- * If the most recent p11-kit function did not fail, then this will return NULL.
- * The string is owned by the p11-kit library and is only valid on the same
- * thread that the failed function executed on.
- *
- * Returns: The last failure message, or %NULL.
- */
-const char*
-p11_kit_message (void)
-{
- return p11_message_last ();
-}
-
-void
-_p11_kit_default_message (CK_RV rv)
-{
- const char *msg;
-
- if (rv != CKR_OK) {
- msg = p11_kit_strerror (rv);
- p11_message_store (msg, strlen (msg));
- }
-}
-
-/* This is the progname that we think of this process as. */
-char p11_my_progname[256] = { 0, };
-
-/**
- * p11_kit_set_progname:
- * @progname: the program base name
- *
- * Set the program base name that is used by the <literal>enable-in</literal>
- * and <literal>disable-in</literal> module configuration options.
- *
- * Normally this is automatically calculated from the program's argument list.
- * You would usually call this before initializing p11-kit modules.
- */
-void
-p11_kit_set_progname (const char *progname)
-{
- p11_library_init_once ();
-
- p11_lock ();
- _p11_set_progname_unlocked (progname);
- p11_unlock ();
-}
-
-void
-_p11_set_progname_unlocked (const char *progname)
-{
- /* We can be called with NULL */
- if (progname == NULL)
- progname = "";
-
- strncpy (p11_my_progname, progname, sizeof (p11_my_progname));
- p11_my_progname[sizeof (p11_my_progname) - 1] = 0;
-}
-
-const char *
-_p11_get_progname_unlocked (void)
-{
- if (p11_my_progname[0] == '\0')
- _p11_set_progname_unlocked (getprogname ());
- if (p11_my_progname[0] == '\0')
- return NULL;
- return p11_my_progname;
-}
-
-#ifdef OS_UNIX
-
-void _p11_kit_init (void);
-
-void _p11_kit_fini (void);
-
-#ifdef __GNUC__
-__attribute__((constructor))
-#endif
-void
-_p11_kit_init (void)
-{
- p11_library_init_once ();
-}
-
-#ifdef __GNUC__
-__attribute__((destructor))
-#endif
-void
-_p11_kit_fini (void)
-{
- p11_proxy_module_cleanup ();
- p11_library_uninit ();
-}
-
-#endif /* OS_UNIX */
-
-#ifdef OS_WIN32
-
-BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID);
-
-BOOL WINAPI
-DllMain (HINSTANCE instance,
- DWORD reason,
- LPVOID reserved)
-{
- switch (reason) {
- case DLL_PROCESS_ATTACH:
- p11_library_init ();
- break;
- case DLL_THREAD_DETACH:
- p11_library_thread_cleanup ();
- break;
- case DLL_PROCESS_DETACH:
- p11_proxy_module_cleanup ();
- p11_library_uninit ();
- break;
- default:
- break;
- }
-
- return TRUE;
-}
-
-#endif /* OS_WIN32 */
diff --git a/p11-kit/virtual.c b/p11-kit/virtual.c
deleted file mode 100644
index bb0d845..0000000
--- a/p11-kit/virtual.c
+++ /dev/null
@@ -1,2975 +0,0 @@
-/*
- * Copyright (C) 2008 Stefan Walter
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#define P11_DEBUG_FLAG P11_DEBUG_LIB
-#include "debug.h"
-#include "library.h"
-#include "virtual.h"
-
-#include <assert.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef WITH_FFI
-
-/*
- * We use libffi to build closures. Note that even with libffi certain
- * platforms do not support using ffi_closure. In this case FFI_CLOSURES will
- * not be defined. This is checked in configure.ac
- */
-
-/*
- * Since libffi uses shared memory to store that, releasing it
- * will cause issues on any other child or parent process that relies
- * on that. Don't release it.
- */
-#define LIBFFI_FREE_CLOSURES 0
-
-#include "ffi.h"
-#ifndef FFI_CLOSURES
-#error "FFI_CLOSURES should be checked in configure.ac"
-#endif
-
-/* There are 66 functions in PKCS#11, with a maximum of 8 args */
-#define MAX_FUNCTIONS 66
-#define MAX_ARGS 10
-
-typedef struct {
- /* This is first so we can cast between CK_FUNCTION_LIST* and Context* */
- CK_FUNCTION_LIST bound;
-
- /* The PKCS#11 functions to call into */
- p11_virtual *virt;
- p11_destroyer destroyer;
-
- /* A list of our libffi built closures, for cleanup later */
- ffi_closure *ffi_closures[MAX_FUNCTIONS];
- ffi_cif ffi_cifs[MAX_FUNCTIONS];
- int ffi_used;
-} Wrapper;
-
-static CK_RV
-short_C_GetFunctionStatus (CK_SESSION_HANDLE handle)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-static CK_RV
-short_C_CancelFunction (CK_SESSION_HANDLE handle)
-{
- return CKR_FUNCTION_NOT_PARALLEL;
-}
-
-static void
-binding_C_GetFunctionList (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- Wrapper *wrapper)
-{
- CK_FUNCTION_LIST_PTR_PTR list = *(CK_FUNCTION_LIST_PTR_PTR *)args[0];
-
- if (list == NULL) {
- *ret = CKR_ARGUMENTS_BAD;
- } else {
- *list = &wrapper->bound;
- *ret = CKR_OK;
- }
-}
-
-static void
-binding_C_Initialize (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_Initialize (funcs,
- *(CK_VOID_PTR *)args[0]);
-}
-
-static void
-binding_C_Finalize (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_Finalize (funcs,
- *(CK_VOID_PTR *)args[0]);
-}
-
-static void
-binding_C_GetInfo (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetInfo (funcs,
- *(CK_INFO_PTR *)args[0]);
-}
-
-static void
-binding_C_GetSlotList (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetSlotList (funcs,
- *(CK_BBOOL *)args[0],
- *(CK_SLOT_ID_PTR *)args[1],
- *(CK_ULONG_PTR *)args[2]);
-}
-
-static void
-binding_C_GetSlotInfo (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetSlotInfo (funcs,
- *(CK_SLOT_ID *)args[0],
- *(CK_SLOT_INFO_PTR *)args[1]);
-}
-
-static void
-binding_C_GetTokenInfo (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetTokenInfo (funcs,
- *(CK_SLOT_ID *)args[0],
- *(CK_TOKEN_INFO_PTR *)args[1]);
-}
-
-static void
-binding_C_WaitForSlotEvent (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_WaitForSlotEvent (funcs,
- *(CK_FLAGS *)args[0],
- *(CK_SLOT_ID_PTR *)args[1],
- *(CK_VOID_PTR *)args[2]);
-}
-
-static void
-binding_C_GetMechanismList (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetMechanismList (funcs,
- *(CK_SLOT_ID *)args[0],
- *(CK_MECHANISM_TYPE_PTR *)args[1],
- *(CK_ULONG_PTR *)args[2]);
-}
-
-static void
-binding_C_GetMechanismInfo (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetMechanismInfo (funcs,
- *(CK_SLOT_ID *)args[0],
- *(CK_MECHANISM_TYPE *)args[1],
- *(CK_MECHANISM_INFO_PTR *)args[2]);
-}
-
-static void
-binding_C_InitToken (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_InitToken (funcs,
- *(CK_SLOT_ID *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3]);
-}
-
-static void
-binding_C_InitPIN (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_InitPIN (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2]);
-}
-
-static void
-binding_C_SetPIN (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SetPIN (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG *)args[4]);
-}
-
-static void
-binding_C_OpenSession (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_OpenSession (funcs,
- *(CK_SLOT_ID *)args[0],
- *(CK_FLAGS *)args[1],
- *(CK_VOID_PTR *)args[2],
- *(CK_NOTIFY *)args[3],
- *(CK_SESSION_HANDLE_PTR *)args[4]);
-}
-
-static void
-binding_C_CloseSession (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_CloseSession (funcs,
- *(CK_SESSION_HANDLE *)args[0]);
-}
-
-static void
-binding_C_CloseAllSessions (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_CloseAllSessions (funcs,
- *(CK_SLOT_ID *)args[0]);
-}
-
-static void
-binding_C_GetSessionInfo (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetSessionInfo (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_SESSION_INFO_PTR *)args[1]);
-}
-
-static void
-binding_C_GetOperationState (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetOperationState (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG_PTR *)args[2]);
-}
-
-static void
-binding_C_SetOperationState (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SetOperationState (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_OBJECT_HANDLE *)args[3],
- *(CK_OBJECT_HANDLE *)args[4]);
-}
-
-static void
-binding_C_Login (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_Login (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_USER_TYPE *)args[1],
- *(CK_BYTE_PTR *)args[2],
- *(CK_ULONG *)args[3]);
-}
-
-static void
-binding_C_Logout (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_Logout (funcs,
- *(CK_SESSION_HANDLE *)args[0]);
-}
-
-static void
-binding_C_CreateObject (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_CreateObject (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_ATTRIBUTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_OBJECT_HANDLE_PTR *)args[3]);
-}
-
-static void
-binding_C_CopyObject (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_CopyObject (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_OBJECT_HANDLE *)args[1],
- *(CK_ATTRIBUTE_PTR *)args[2],
- *(CK_ULONG *)args[3],
- *(CK_OBJECT_HANDLE_PTR *)args[4]);
-}
-
-static void
-binding_C_DestroyObject (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DestroyObject (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_OBJECT_HANDLE *)args[1]);
-}
-
-static void
-binding_C_GetObjectSize (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetObjectSize (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_OBJECT_HANDLE *)args[1],
- *(CK_ULONG_PTR *)args[2]);
-}
-
-static void
-binding_C_GetAttributeValue (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GetAttributeValue (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_OBJECT_HANDLE *)args[1],
- *(CK_ATTRIBUTE_PTR *)args[2],
- *(CK_ULONG *)args[3]);
-}
-
-static void
-binding_C_SetAttributeValue (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SetAttributeValue (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_OBJECT_HANDLE *)args[1],
- *(CK_ATTRIBUTE_PTR *)args[2],
- *(CK_ULONG *)args[3]);
-}
-
-static void
-binding_C_FindObjectsInit (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_FindObjectsInit (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_ATTRIBUTE_PTR *)args[1],
- *(CK_ULONG *)args[2]);
-}
-
-static void
-binding_C_FindObjects (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_FindObjects (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_OBJECT_HANDLE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_ULONG_PTR *)args[3]);
-}
-
-static void
-binding_C_FindObjectsFinal (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_FindObjectsFinal (funcs,
- *(CK_SESSION_HANDLE *)args[0]);
-}
-
-static void
-binding_C_EncryptInit (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_EncryptInit (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_OBJECT_HANDLE *)args[2]);
-}
-
-static void
-binding_C_Encrypt (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_Encrypt (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_EncryptUpdate (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_EncryptUpdate (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_EncryptFinal (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_EncryptFinal (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG_PTR *)args[2]);
-}
-
-static void
-binding_C_DecryptInit (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DecryptInit (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_OBJECT_HANDLE *)args[2]);
-}
-
-static void
-binding_C_Decrypt (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_Decrypt (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_DecryptUpdate (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DecryptUpdate (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_DecryptFinal (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DecryptFinal (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG_PTR *)args[2]);
-}
-
-static void
-binding_C_DigestInit (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DigestInit (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1]);
-}
-
-static void
-binding_C_Digest (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_Digest (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_DigestUpdate (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DigestUpdate (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2]);
-}
-
-static void
-binding_C_DigestKey (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DigestKey (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_OBJECT_HANDLE *)args[1]);
-}
-
-static void
-binding_C_DigestFinal (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DigestFinal (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG_PTR *)args[2]);
-}
-
-static void
-binding_C_SignInit (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SignInit (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_OBJECT_HANDLE *)args[2]);
-}
-
-static void
-binding_C_Sign (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_Sign (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_SignUpdate (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SignUpdate (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2]);
-}
-
-static void
-binding_C_SignFinal (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SignFinal (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG_PTR *)args[2]);
-}
-
-static void
-binding_C_SignRecoverInit (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SignRecoverInit (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_OBJECT_HANDLE *)args[2]);
-}
-
-static void
-binding_C_SignRecover (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SignRecover (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_VerifyInit (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_VerifyInit (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_OBJECT_HANDLE *)args[2]);
-}
-
-static void
-binding_C_Verify (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_Verify (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG *)args[4]);
-}
-
-static void
-binding_C_VerifyUpdate (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_VerifyUpdate (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2]);
-}
-
-static void
-binding_C_VerifyFinal (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_VerifyFinal (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2]);
-}
-
-static void
-binding_C_VerifyRecoverInit (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_VerifyRecoverInit (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_OBJECT_HANDLE *)args[2]);
-}
-
-static void
-binding_C_VerifyRecover (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_VerifyRecover (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_DigestEncryptUpdate (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DigestEncryptUpdate (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_DecryptDigestUpdate (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DecryptDigestUpdate (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_SignEncryptUpdate (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SignEncryptUpdate (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_DecryptVerifyUpdate (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DecryptVerifyUpdate (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG_PTR *)args[4]);
-}
-
-static void
-binding_C_GenerateKey (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GenerateKey (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_ATTRIBUTE_PTR *)args[2],
- *(CK_ULONG *)args[3],
- *(CK_OBJECT_HANDLE_PTR *)args[4]);
-}
-
-static void
-binding_C_GenerateKeyPair (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GenerateKeyPair (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_ATTRIBUTE_PTR *)args[2],
- *(CK_ULONG *)args[3],
- *(CK_ATTRIBUTE_PTR *)args[4],
- *(CK_ULONG *)args[5],
- *(CK_OBJECT_HANDLE_PTR *)args[6],
- *(CK_OBJECT_HANDLE_PTR *)args[7]);
-}
-
-static void
-binding_C_WrapKey (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_WrapKey (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_OBJECT_HANDLE *)args[2],
- *(CK_OBJECT_HANDLE *)args[3],
- *(CK_BYTE_PTR *)args[4],
- *(CK_ULONG_PTR *)args[5]);
-}
-
-static void
-binding_C_UnwrapKey (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_UnwrapKey (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_OBJECT_HANDLE *)args[2],
- *(CK_BYTE_PTR *)args[3],
- *(CK_ULONG *)args[4],
- *(CK_ATTRIBUTE_PTR *)args[5],
- *(CK_ULONG *)args[6],
- *(CK_OBJECT_HANDLE_PTR *)args[7]);
-}
-
-static void
-binding_C_DeriveKey (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_DeriveKey (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_MECHANISM_PTR *)args[1],
- *(CK_OBJECT_HANDLE *)args[2],
- *(CK_ATTRIBUTE_PTR *)args[3],
- *(CK_ULONG *)args[4],
- *(CK_OBJECT_HANDLE_PTR *)args[5]);
-}
-
-static void
-binding_C_SeedRandom (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_SeedRandom (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2]);
-}
-
-static void
-binding_C_GenerateRandom (ffi_cif *cif,
- CK_RV *ret,
- void* args[],
- CK_X_FUNCTION_LIST *funcs)
-{
- *ret = funcs->C_GenerateRandom (funcs,
- *(CK_SESSION_HANDLE *)args[0],
- *(CK_BYTE_PTR *)args[1],
- *(CK_ULONG *)args[2]);
-}
-
-#endif /* WITH_FFI */
-
-static CK_RV
-stack_C_Initialize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR init_args)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Initialize (funcs, init_args);
-}
-
-static CK_RV
-stack_C_Finalize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR reserved)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Finalize (funcs, reserved);
-}
-
-static CK_RV
-stack_C_GetInfo (CK_X_FUNCTION_LIST *self,
- CK_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetInfo (funcs, info);
-}
-
-static CK_RV
-stack_C_GetSlotList (CK_X_FUNCTION_LIST *self,
- CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetSlotList (funcs, token_present, slot_list, count);
-}
-
-static CK_RV
-stack_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_SLOT_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetSlotInfo (funcs, slot_id, info);
-}
-
-static CK_RV
-stack_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetTokenInfo (funcs, slot_id, info);
-}
-
-static CK_RV
-stack_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetMechanismList (funcs, slot_id, mechanism_list, count);
-}
-
-static CK_RV
-stack_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetMechanismInfo (funcs, slot_id, type, info);
-}
-
-static CK_RV
-stack_C_InitToken (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_InitToken (funcs, slot_id, pin, pin_len, label);
-}
-
-static CK_RV
-stack_C_OpenSession (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR application,
- CK_NOTIFY notify,
- CK_SESSION_HANDLE_PTR session)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_OpenSession (funcs, slot_id, flags, application, notify, session);
-}
-
-static CK_RV
-stack_C_CloseSession (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_CloseSession (funcs, session);
-}
-
-static CK_RV
-stack_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_CloseAllSessions (funcs, slot_id);
-}
-
-static CK_RV
-stack_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_SESSION_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetSessionInfo (funcs, session, info);
-}
-
-static CK_RV
-stack_C_InitPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_InitPIN (funcs, session, pin, pin_len);
-}
-
-static CK_RV
-stack_C_SetPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SetPIN (funcs, session, old_pin, old_len, new_pin, new_len);
-}
-
-static CK_RV
-stack_C_GetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetOperationState (funcs, session, operation_state, operation_state_len);
-}
-
-static CK_RV
-stack_C_SetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SetOperationState (funcs, session, operation_state, operation_state_len,
- encryption_key, authentication_key);
-}
-
-static CK_RV
-stack_C_Login (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Login (funcs, session, user_type, pin, pin_len);
-}
-
-static CK_RV
-stack_C_Logout (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Logout (funcs, session);
-}
-
-static CK_RV
-stack_C_CreateObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR object)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_CreateObject (funcs, session, template, count, object);
-}
-
-static CK_RV
-stack_C_CopyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_CopyObject (funcs, session, object, template, count, new_object);
-}
-
-
-static CK_RV
-stack_C_DestroyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DestroyObject (funcs, session, object);
-}
-
-static CK_RV
-stack_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetObjectSize (funcs, session, object, size);
-}
-
-static CK_RV
-stack_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetAttributeValue (funcs, session, object, template, count);
-}
-
-static CK_RV
-stack_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SetAttributeValue (funcs, session, object, template, count);
-}
-
-static CK_RV
-stack_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_FindObjectsInit (funcs, session, template, count);
-}
-
-static CK_RV
-stack_C_FindObjects (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR object,
- CK_ULONG max_object_count,
- CK_ULONG_PTR object_count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_FindObjects (funcs, session, object, max_object_count, object_count);
-}
-
-static CK_RV
-stack_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_FindObjectsFinal (funcs, session);
-}
-
-static CK_RV
-stack_C_EncryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_EncryptInit (funcs, session, mechanism, key);
-}
-
-static CK_RV
-stack_C_Encrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Encrypt (funcs, session, input, input_len,
- encrypted_data, encrypted_data_len);
-}
-
-static CK_RV
-stack_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_EncryptUpdate (funcs, session, part, part_len,
- encrypted_part, encrypted_part_len);
-}
-
-static CK_RV
-stack_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_encrypted_part,
- CK_ULONG_PTR last_encrypted_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_EncryptFinal (funcs, session, last_encrypted_part,
- last_encrypted_part_len);
-}
-
-static CK_RV
-stack_C_DecryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptInit (funcs, session, mechanism, key);
-}
-
-static CK_RV
-stack_C_Decrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG encrypted_data_len,
- CK_BYTE_PTR output,
- CK_ULONG_PTR output_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Decrypt (funcs, session, encrypted_data, encrypted_data_len,
- output, output_len);
-}
-
-static CK_RV
-stack_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptUpdate (funcs, session, encrypted_part, encrypted_part_len,
- part, part_len);
-}
-
-static CK_RV
-stack_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptFinal (funcs, session, last_part, last_part_len);
-}
-
-static CK_RV
-stack_C_DigestInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestInit (funcs, session, mechanism);
-}
-
-static CK_RV
-stack_C_Digest (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Digest (funcs, session, input, input_len, digest, digest_len);
-}
-
-static CK_RV
-stack_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestUpdate (funcs, session, part, part_len);
-}
-
-static CK_RV
-stack_C_DigestKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestKey (funcs, session, key);
-}
-
-static CK_RV
-stack_C_DigestFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestFinal (funcs, session, digest, digest_len);
-}
-
-static CK_RV
-stack_C_SignInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignInit (funcs, session, mechanism, key);
-}
-
-static CK_RV
-stack_C_Sign (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Sign (funcs, session, input, input_len,
- signature, signature_len);
-}
-
-static CK_RV
-stack_C_SignUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignUpdate (funcs, session, part, part_len);
-}
-
-static CK_RV
-stack_C_SignFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignFinal (funcs, session, signature, signature_len);
-}
-
-static CK_RV
-stack_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignRecoverInit (funcs, session, mechanism, key);
-}
-
-static CK_RV
-stack_C_SignRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignRecover (funcs, session, input, input_len,
- signature, signature_len);
-}
-
-static CK_RV
-stack_C_VerifyInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyInit (funcs, session, mechanism, key);
-}
-
-static CK_RV
-stack_C_Verify (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Verify (funcs, session, input, input_len,
- signature, signature_len);
-}
-
-static CK_RV
-stack_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyUpdate (funcs, session, part, part_len);
-}
-
-static CK_RV
-stack_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyFinal (funcs, session, signature, signature_len);
-}
-
-static CK_RV
-stack_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyRecoverInit (funcs, session, mechanism, key);
-}
-
-static CK_RV
-stack_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR input,
- CK_ULONG_PTR input_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyRecover (funcs, session, signature, signature_len,
- input, input_len);
-}
-
-static CK_RV
-stack_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestEncryptUpdate (funcs, session, part, part_len,
- encrypted_part, encrypted_part_len);
-}
-
-static CK_RV
-stack_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptDigestUpdate (funcs, session, encrypted_part, encrypted_part_len,
- part, part_len);
-}
-
-static CK_RV
-stack_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignEncryptUpdate (funcs, session, part, part_len,
- encrypted_part, encrypted_part_len);
-}
-
-static CK_RV
-stack_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptVerifyUpdate (funcs, session, encrypted_part, encrypted_part_len,
- part, part_len);
-}
-
-static CK_RV
-stack_C_GenerateKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GenerateKey (funcs, session, mechanism, template, count, key);
-}
-
-static CK_RV
-stack_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR public_key_template,
- CK_ULONG public_key_count,
- CK_ATTRIBUTE_PTR private_key_template,
- CK_ULONG private_key_count,
- CK_OBJECT_HANDLE_PTR public_key,
- CK_OBJECT_HANDLE_PTR private_key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GenerateKeyPair (funcs, session, mechanism, public_key_template,
- public_key_count, private_key_template,
- private_key_count, public_key, private_key);
-}
-
-static CK_RV
-stack_C_WrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_WrapKey (funcs, session, mechanism, wrapping_key, key,
- wrapped_key, wrapped_key_len);
-}
-
-static CK_RV
-stack_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_UnwrapKey (funcs, session, mechanism, unwrapping_key, wrapped_key,
- wrapped_key_len, template, count, key);
-}
-
-static CK_RV
-stack_C_DeriveKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DeriveKey (funcs, session, mechanism, base_key, template, count, key);
-}
-
-static CK_RV
-stack_C_SeedRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SeedRandom (funcs, session, seed, seed_len);
-}
-
-static CK_RV
-stack_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GenerateRandom (funcs, session, random_data, random_len);
-}
-
-static CK_RV
-stack_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR slot_id,
- CK_VOID_PTR reserved)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_X_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_WaitForSlotEvent (funcs, flags, slot_id, reserved);
-}
-
-static CK_RV
-base_C_Initialize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR init_args)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Initialize (init_args);
-}
-
-static CK_RV
-base_C_Finalize (CK_X_FUNCTION_LIST *self,
- CK_VOID_PTR reserved)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Finalize (reserved);
-}
-
-static CK_RV
-base_C_GetInfo (CK_X_FUNCTION_LIST *self,
- CK_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetInfo (info);
-}
-
-static CK_RV
-base_C_GetSlotList (CK_X_FUNCTION_LIST *self,
- CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetSlotList (token_present, slot_list, count);
-}
-
-static CK_RV
-base_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_SLOT_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetSlotInfo (slot_id, info);
-}
-
-static CK_RV
-base_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_TOKEN_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetTokenInfo (slot_id, info);
-}
-
-static CK_RV
-base_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetMechanismList (slot_id, mechanism_list, count);
-}
-
-static CK_RV
-base_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetMechanismInfo (slot_id, type, info);
-}
-
-static CK_RV
-base_C_InitToken (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_InitToken (slot_id, pin, pin_len, label);
-}
-
-static CK_RV
-base_C_OpenSession (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id,
- CK_FLAGS flags,
- CK_VOID_PTR application,
- CK_NOTIFY notify,
- CK_SESSION_HANDLE_PTR session)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_OpenSession (slot_id, flags, application, notify, session);
-}
-
-static CK_RV
-base_C_CloseSession (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_CloseSession (session);
-}
-
-static CK_RV
-base_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
- CK_SLOT_ID slot_id)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_CloseAllSessions (slot_id);
-}
-
-static CK_RV
-base_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_SESSION_INFO_PTR info)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetSessionInfo (session, info);
-}
-
-static CK_RV
-base_C_InitPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_InitPIN (session, pin, pin_len);
-}
-
-static CK_RV
-base_C_SetPIN (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SetPIN (session, old_pin, old_len, new_pin, new_len);
-}
-
-static CK_RV
-base_C_GetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetOperationState (session, operation_state, operation_state_len);
-}
-
-static CK_RV
-base_C_SetOperationState (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SetOperationState (session, operation_state, operation_state_len,
- encryption_key, authentication_key);
-}
-
-static CK_RV
-base_C_Login (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Login (session, user_type, pin, pin_len);
-}
-
-static CK_RV
-base_C_Logout (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Logout (session);
-}
-
-static CK_RV
-base_C_CreateObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR object)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_CreateObject (session, template, count, object);
-}
-
-static CK_RV
-base_C_CopyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_CopyObject (session, object, template, count, new_object);
-}
-
-
-static CK_RV
-base_C_DestroyObject (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DestroyObject (session, object);
-}
-
-static CK_RV
-base_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetObjectSize (session, object, size);
-}
-
-static CK_RV
-base_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GetAttributeValue (session, object, template, count);
-}
-
-static CK_RV
-base_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SetAttributeValue (session, object, template, count);
-}
-
-static CK_RV
-base_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_FindObjectsInit (session, template, count);
-}
-
-static CK_RV
-base_C_FindObjects (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE_PTR object,
- CK_ULONG max_object_count,
- CK_ULONG_PTR object_count)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_FindObjects (session, object, max_object_count, object_count);
-}
-
-static CK_RV
-base_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_FindObjectsFinal (session);
-}
-
-static CK_RV
-base_C_EncryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_EncryptInit (session, mechanism, key);
-}
-
-static CK_RV
-base_C_Encrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Encrypt (session, input, input_len,
- encrypted_data, encrypted_data_len);
-}
-
-static CK_RV
-base_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_EncryptUpdate (session, part, part_len,
- encrypted_part, encrypted_part_len);
-}
-
-static CK_RV
-base_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_encrypted_part,
- CK_ULONG_PTR last_encrypted_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_EncryptFinal (session, last_encrypted_part,
- last_encrypted_part_len);
-}
-
-static CK_RV
-base_C_DecryptInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptInit (session, mechanism, key);
-}
-
-static CK_RV
-base_C_Decrypt (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG encrypted_data_len,
- CK_BYTE_PTR output,
- CK_ULONG_PTR output_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Decrypt (session, encrypted_data, encrypted_data_len,
- output, output_len);
-}
-
-static CK_RV
-base_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptUpdate (session, encrypted_part, encrypted_part_len,
- part, part_len);
-}
-
-static CK_RV
-base_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptFinal (session, last_part, last_part_len);
-}
-
-static CK_RV
-base_C_DigestInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestInit (session, mechanism);
-}
-
-static CK_RV
-base_C_Digest (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Digest (session, input, input_len, digest, digest_len);
-}
-
-static CK_RV
-base_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestUpdate (session, part, part_len);
-}
-
-static CK_RV
-base_C_DigestKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestKey (session, key);
-}
-
-static CK_RV
-base_C_DigestFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestFinal (session, digest, digest_len);
-}
-
-static CK_RV
-base_C_SignInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignInit (session, mechanism, key);
-}
-
-static CK_RV
-base_C_Sign (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Sign (session, input, input_len,
- signature, signature_len);
-}
-
-static CK_RV
-base_C_SignUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignUpdate (session, part, part_len);
-}
-
-static CK_RV
-base_C_SignFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignFinal (session, signature, signature_len);
-}
-
-static CK_RV
-base_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignRecoverInit (session, mechanism, key);
-}
-
-static CK_RV
-base_C_SignRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignRecover (session, input, input_len,
- signature, signature_len);
-}
-
-static CK_RV
-base_C_VerifyInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyInit (session, mechanism, key);
-}
-
-static CK_RV
-base_C_Verify (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR input,
- CK_ULONG input_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_Verify (session, input, input_len,
- signature, signature_len);
-}
-
-static CK_RV
-base_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyUpdate (session, part, part_len);
-}
-
-static CK_RV
-base_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyFinal (session, signature, signature_len);
-}
-
-static CK_RV
-base_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyRecoverInit (session, mechanism, key);
-}
-
-static CK_RV
-base_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR input,
- CK_ULONG_PTR input_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_VerifyRecover (session, signature, signature_len,
- input, input_len);
-}
-
-static CK_RV
-base_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DigestEncryptUpdate (session, part, part_len,
- encrypted_part, encrypted_part_len);
-}
-
-static CK_RV
-base_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptDigestUpdate (session, encrypted_part, encrypted_part_len,
- part, part_len);
-}
-
-static CK_RV
-base_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SignEncryptUpdate (session, part, part_len,
- encrypted_part, encrypted_part_len);
-}
-
-static CK_RV
-base_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG encrypted_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DecryptVerifyUpdate (session, encrypted_part, encrypted_part_len,
- part, part_len);
-}
-
-static CK_RV
-base_C_GenerateKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GenerateKey (session, mechanism, template, count, key);
-}
-
-static CK_RV
-base_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR public_key_template,
- CK_ULONG public_key_count,
- CK_ATTRIBUTE_PTR private_key_template,
- CK_ULONG private_key_count,
- CK_OBJECT_HANDLE_PTR public_key,
- CK_OBJECT_HANDLE_PTR private_key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GenerateKeyPair (session, mechanism, public_key_template,
- public_key_count, private_key_template,
- private_key_count, public_key, private_key);
-}
-
-static CK_RV
-base_C_WrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_WrapKey (session, mechanism, wrapping_key, key,
- wrapped_key, wrapped_key_len);
-}
-
-static CK_RV
-base_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_UnwrapKey (session, mechanism, unwrapping_key, wrapped_key,
- wrapped_key_len, template, count, key);
-}
-
-static CK_RV
-base_C_DeriveKey (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_DeriveKey (session, mechanism, base_key, template, count, key);
-}
-
-static CK_RV
-base_C_SeedRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_SeedRandom (session, seed, seed_len);
-}
-
-static CK_RV
-base_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
- CK_SESSION_HANDLE session,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_GenerateRandom (session, random_data, random_len);
-}
-
-static CK_RV
-base_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
- CK_FLAGS flags,
- CK_SLOT_ID_PTR slot_id,
- CK_VOID_PTR reserved)
-{
- p11_virtual *virt = (p11_virtual *)self;
- CK_FUNCTION_LIST *funcs = virt->lower_module;
- return funcs->C_WaitForSlotEvent (flags, slot_id, reserved);
-}
-
-void
-p11_virtual_init (p11_virtual *virt,
- CK_X_FUNCTION_LIST *funcs,
- void *lower_module,
- p11_destroyer lower_destroy)
-{
- memcpy (virt, funcs, sizeof (CK_X_FUNCTION_LIST));
- virt->lower_module = lower_module;
- virt->lower_destroy = lower_destroy;
-}
-
-void
-p11_virtual_uninit (p11_virtual *virt)
-{
- if (virt->lower_destroy)
- (virt->lower_destroy) (virt->lower_module);
-}
-
-#ifdef WITH_FFI
-
-typedef struct {
- const char *name;
- void *binding_function;
- void *stack_fallback;
- size_t virtual_offset;
- void *base_fallback;
- size_t module_offset;
- ffi_type *types[MAX_ARGS];
-} FunctionInfo;
-
-#define STRUCT_OFFSET(struct_type, member) \
- ((size_t) ((unsigned char *) &((struct_type *) 0)->member))
-#define STRUCT_MEMBER_P(struct_p, struct_offset) \
- ((void *) ((unsigned char *) (struct_p) + (long) (struct_offset)))
-#define STRUCT_MEMBER(member_type, struct_p, struct_offset) \
- (*(member_type*) STRUCT_MEMBER_P ((struct_p), (struct_offset)))
-
-#define FUNCTION(name) \
- #name, binding_C_##name, \
- stack_C_##name, STRUCT_OFFSET (CK_X_FUNCTION_LIST, C_##name), \
- base_C_##name, STRUCT_OFFSET (CK_FUNCTION_LIST, C_##name)
-
-static const FunctionInfo function_info[] = {
- { FUNCTION (Initialize), { &ffi_type_pointer, NULL } },
- { FUNCTION (Finalize), { &ffi_type_pointer, NULL } },
- { FUNCTION (GetInfo), { &ffi_type_pointer, NULL } },
- { FUNCTION (GetSlotList), { &ffi_type_uchar, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (GetSlotInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (GetTokenInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (WaitForSlotEvent), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (GetMechanismList), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (GetMechanismInfo), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (InitToken), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (InitPIN), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (SetPIN), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (OpenSession), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (CloseSession), { &ffi_type_ulong, NULL } },
- { FUNCTION (CloseAllSessions), { &ffi_type_ulong, NULL } },
- { FUNCTION (GetSessionInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (GetOperationState), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (SetOperationState), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_ulong, NULL } },
- { FUNCTION (Login), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (Logout), { &ffi_type_ulong, NULL } },
- { FUNCTION (CreateObject), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (CopyObject), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (DestroyObject), { &ffi_type_ulong, &ffi_type_ulong, NULL } },
- { FUNCTION (GetObjectSize), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (GetAttributeValue), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (SetAttributeValue), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (FindObjectsInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (FindObjects), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (FindObjectsFinal), { &ffi_type_ulong, NULL } },
- { FUNCTION (EncryptInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (Encrypt), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (EncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (EncryptFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (DecryptInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (Decrypt), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (DecryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (DecryptFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (DigestInit), { &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (Digest), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (DigestUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (DigestKey), { &ffi_type_ulong, &ffi_type_ulong, NULL } },
- { FUNCTION (DigestFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (SignInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (Sign), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (SignUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (SignFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (SignRecoverInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (SignRecover), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (VerifyInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (Verify), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (VerifyUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (VerifyFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (VerifyRecoverInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (VerifyRecover), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (DigestEncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (DecryptDigestUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (SignEncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (DecryptVerifyUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (GenerateKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (GenerateKeyPair), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (WrapKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
- { FUNCTION (UnwrapKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (DeriveKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
- { FUNCTION (SeedRandom), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { FUNCTION (GenerateRandom), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
- { 0, }
-};
-
-static bool
-lookup_fall_through (p11_virtual *virt,
- const FunctionInfo *info,
- void **bound_func)
-{
- void *func;
-
- /*
- * So the basic concept here is if we have only fall-through functions
- * all the way down the stack, then we can just get the actual module
- * function, so that calls go right through.
- */
-
- func = STRUCT_MEMBER (void *, virt, info->virtual_offset);
-
- /*
- * This is a fall-through function and the stack goes down further, so
- * ask the next level down for the
- */
- if (func == info->stack_fallback) {
- return lookup_fall_through (virt->lower_module, info, bound_func);
-
- /*
- * This is a fall-through function at the bottom level of the stack
- * so return the function from the module.
- */
- } else if (func == info->base_fallback) {
- *bound_func = STRUCT_MEMBER (void *, virt->lower_module, info->module_offset);
- return true;
- }
-
- return false;
-}
-
-static bool
-bind_ffi_closure (Wrapper *wrapper,
- void *binding_data,
- void *binding_func,
- ffi_type **args,
- void **bound_func)
-{
- ffi_closure *clo;
- ffi_cif *cif;
- int nargs = 0;
- int i = 0;
- int ret;
-
- assert (wrapper->ffi_used < MAX_FUNCTIONS);
- cif = wrapper->ffi_cifs + wrapper->ffi_used;
-
- /* The number of arguments */
- for (i = 0, nargs = 0; args[i] != NULL; i++)
- nargs++;
-
- assert (nargs <= MAX_ARGS);
-
- /*
- * The failures here are unexpected conditions. There's a chance they
- * might occur on other esoteric platforms, so we take a little
- * extra care to print relevant debugging info, and return a status,
- * so that we can get back useful debug info on platforms that we
- * don't have access to.
- */
-
- ret = ffi_prep_cif (cif, FFI_DEFAULT_ABI, nargs, &ffi_type_ulong, args);
- if (ret != FFI_OK) {
- p11_debug_precond ("ffi_prep_cif failed: %d\n", ret);
- return false;
- }
-
- clo = ffi_closure_alloc (sizeof (ffi_closure), bound_func);
- if (clo == NULL) {
- p11_debug_precond ("ffi_closure_alloc failed\n");
- return false;
- }
-
- ret = ffi_prep_closure_loc (clo, cif, binding_func, binding_data, *bound_func);
- if (ret != FFI_OK) {
- p11_debug_precond ("ffi_prep_closure_loc failed: %d\n", ret);
- return false;
- }
-
- wrapper->ffi_closures[wrapper->ffi_used] = clo;
- wrapper->ffi_used++;
- return true;
-}
-
-static bool
-init_wrapper_funcs (Wrapper *wrapper)
-{
- static const ffi_type *get_function_list_args[] = { &ffi_type_pointer, NULL };
- const FunctionInfo *info;
- CK_X_FUNCTION_LIST *over;
- void **bound;
- int i;
-
- /* Pointer to where our calls go */
- over = &wrapper->virt->funcs;
-
- for (i = 0; function_info[i].name != NULL; i++) {
- info = function_info + i;
-
- /* Address to where we're placing the bound function */
- bound = &STRUCT_MEMBER (void *, &wrapper->bound, info->module_offset);
-
- /*
- * See if we can just shoot straight through to the module function
- * without wrapping at all. If all the stacked virtual modules just
- * fall through, then this returns the original module function.
- */
- if (!lookup_fall_through (wrapper->virt, info, bound)) {
- if (!bind_ffi_closure (wrapper, over,
- info->binding_function,
- (ffi_type **)info->types, bound))
- return_val_if_reached (false);
- }
- }
-
- /* Always bind the C_GetFunctionList function itself */
- if (!bind_ffi_closure (wrapper, wrapper,
- binding_C_GetFunctionList,
- (ffi_type **)get_function_list_args,
- (void **)&wrapper->bound.C_GetFunctionList))
- return_val_if_reached (false);
-
- /*
- * These functions are used as a marker to indicate whether this is
- * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These
- * functions are defined to always have the same standard implementation
- * in PKCS#11 2.x so we don't need to call through to the base for
- * these guys.
- */
- wrapper->bound.C_CancelFunction = short_C_CancelFunction;
- wrapper->bound.C_GetFunctionStatus = short_C_GetFunctionStatus;
-
- return true;
-}
-
-#if LIBFFI_FREE_CLOSURES
-static void
-uninit_wrapper_funcs (Wrapper *wrapper)
-{
- int i;
-
- for (i = 0; i < wrapper->ffi_used; i++)
- ffi_closure_free (wrapper->ffi_closures[i]);
-}
-#endif
-
-CK_FUNCTION_LIST *
-p11_virtual_wrap (p11_virtual *virt,
- p11_destroyer destroyer)
-{
- Wrapper *wrapper;
-
- return_val_if_fail (virt != NULL, NULL);
-
- wrapper = calloc (1, sizeof (Wrapper));
- return_val_if_fail (wrapper != NULL, NULL);
-
- wrapper->virt = virt;
- wrapper->destroyer = destroyer;
- wrapper->bound.version.major = CRYPTOKI_VERSION_MAJOR;
- wrapper->bound.version.minor = CRYPTOKI_VERSION_MINOR;
-
- if (!init_wrapper_funcs (wrapper))
- return_val_if_reached (NULL);
-
- assert ((void *)wrapper == (void *)&wrapper->bound);
- assert (p11_virtual_is_wrapper (&wrapper->bound));
- assert (wrapper->bound.C_GetFunctionList != NULL);
- return &wrapper->bound;
-}
-
-bool
-p11_virtual_can_wrap (void)
-{
- return TRUE;
-}
-
-bool
-p11_virtual_is_wrapper (CK_FUNCTION_LIST_PTR module)
-{
- /*
- * We use these functions as a marker to indicate whether this is
- * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These
- * functions are defined to always have the same standard implementation
- * in PKCS#11 2.x so we don't need to call through to the base for
- * these guys.
- */
- return (module->C_GetFunctionStatus == short_C_GetFunctionStatus &&
- module->C_CancelFunction == short_C_CancelFunction);
-}
-
-void
-p11_virtual_unwrap (CK_FUNCTION_LIST_PTR module)
-{
- Wrapper *wrapper;
-
- return_if_fail (p11_virtual_is_wrapper (module));
-
- /* The bound CK_FUNCTION_LIST_PTR sits at the front of Context */
- wrapper = (Wrapper *)module;
-
- /*
- * Make sure that the CK_FUNCTION_LIST_PTR is invalid, and that
- * p11_virtual_is_wrapper() recognizes this. This is in case the
- * destroyer callback tries to do something fancy.
- */
- memset (&wrapper->bound, 0xFE, sizeof (wrapper->bound));
-
- if (wrapper->destroyer)
- (wrapper->destroyer) (wrapper->virt);
-
-#if LIBFFI_FREE_CLOSURES
- uninit_wrapper_funcs (wrapper);
-#endif
- free (wrapper);
-}
-
-#else /* !WITH_FFI */
-
-CK_FUNCTION_LIST *
-p11_virtual_wrap (p11_virtual *virt,
- p11_destroyer destroyer)
-{
- assert_not_reached ();
-}
-
-bool
-p11_virtual_can_wrap (void)
-{
- return FALSE;
-}
-
-bool
-p11_virtual_is_wrapper (CK_FUNCTION_LIST_PTR module)
-{
- return FALSE;
-}
-
-void
-p11_virtual_unwrap (CK_FUNCTION_LIST_PTR module)
-{
- assert_not_reached ();
-}
-
-#endif /* !WITH_FFI */
-
-CK_X_FUNCTION_LIST p11_virtual_stack = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
- stack_C_Initialize,
- stack_C_Finalize,
- stack_C_GetInfo,
- stack_C_GetSlotList,
- stack_C_GetSlotInfo,
- stack_C_GetTokenInfo,
- stack_C_GetMechanismList,
- stack_C_GetMechanismInfo,
- stack_C_InitToken,
- stack_C_InitPIN,
- stack_C_SetPIN,
- stack_C_OpenSession,
- stack_C_CloseSession,
- stack_C_CloseAllSessions,
- stack_C_GetSessionInfo,
- stack_C_GetOperationState,
- stack_C_SetOperationState,
- stack_C_Login,
- stack_C_Logout,
- stack_C_CreateObject,
- stack_C_CopyObject,
- stack_C_DestroyObject,
- stack_C_GetObjectSize,
- stack_C_GetAttributeValue,
- stack_C_SetAttributeValue,
- stack_C_FindObjectsInit,
- stack_C_FindObjects,
- stack_C_FindObjectsFinal,
- stack_C_EncryptInit,
- stack_C_Encrypt,
- stack_C_EncryptUpdate,
- stack_C_EncryptFinal,
- stack_C_DecryptInit,
- stack_C_Decrypt,
- stack_C_DecryptUpdate,
- stack_C_DecryptFinal,
- stack_C_DigestInit,
- stack_C_Digest,
- stack_C_DigestUpdate,
- stack_C_DigestKey,
- stack_C_DigestFinal,
- stack_C_SignInit,
- stack_C_Sign,
- stack_C_SignUpdate,
- stack_C_SignFinal,
- stack_C_SignRecoverInit,
- stack_C_SignRecover,
- stack_C_VerifyInit,
- stack_C_Verify,
- stack_C_VerifyUpdate,
- stack_C_VerifyFinal,
- stack_C_VerifyRecoverInit,
- stack_C_VerifyRecover,
- stack_C_DigestEncryptUpdate,
- stack_C_DecryptDigestUpdate,
- stack_C_SignEncryptUpdate,
- stack_C_DecryptVerifyUpdate,
- stack_C_GenerateKey,
- stack_C_GenerateKeyPair,
- stack_C_WrapKey,
- stack_C_UnwrapKey,
- stack_C_DeriveKey,
- stack_C_SeedRandom,
- stack_C_GenerateRandom,
- stack_C_WaitForSlotEvent
-};
-
-CK_X_FUNCTION_LIST p11_virtual_base = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
- base_C_Initialize,
- base_C_Finalize,
- base_C_GetInfo,
- base_C_GetSlotList,
- base_C_GetSlotInfo,
- base_C_GetTokenInfo,
- base_C_GetMechanismList,
- base_C_GetMechanismInfo,
- base_C_InitToken,
- base_C_InitPIN,
- base_C_SetPIN,
- base_C_OpenSession,
- base_C_CloseSession,
- base_C_CloseAllSessions,
- base_C_GetSessionInfo,
- base_C_GetOperationState,
- base_C_SetOperationState,
- base_C_Login,
- base_C_Logout,
- base_C_CreateObject,
- base_C_CopyObject,
- base_C_DestroyObject,
- base_C_GetObjectSize,
- base_C_GetAttributeValue,
- base_C_SetAttributeValue,
- base_C_FindObjectsInit,
- base_C_FindObjects,
- base_C_FindObjectsFinal,
- base_C_EncryptInit,
- base_C_Encrypt,
- base_C_EncryptUpdate,
- base_C_EncryptFinal,
- base_C_DecryptInit,
- base_C_Decrypt,
- base_C_DecryptUpdate,
- base_C_DecryptFinal,
- base_C_DigestInit,
- base_C_Digest,
- base_C_DigestUpdate,
- base_C_DigestKey,
- base_C_DigestFinal,
- base_C_SignInit,
- base_C_Sign,
- base_C_SignUpdate,
- base_C_SignFinal,
- base_C_SignRecoverInit,
- base_C_SignRecover,
- base_C_VerifyInit,
- base_C_Verify,
- base_C_VerifyUpdate,
- base_C_VerifyFinal,
- base_C_VerifyRecoverInit,
- base_C_VerifyRecover,
- base_C_DigestEncryptUpdate,
- base_C_DecryptDigestUpdate,
- base_C_SignEncryptUpdate,
- base_C_DecryptVerifyUpdate,
- base_C_GenerateKey,
- base_C_GenerateKeyPair,
- base_C_WrapKey,
- base_C_UnwrapKey,
- base_C_DeriveKey,
- base_C_SeedRandom,
- base_C_GenerateRandom,
- base_C_WaitForSlotEvent
-};
diff --git a/p11-kit/virtual.h b/p11-kit/virtual.h
deleted file mode 100644
index 97d2a7c..0000000
--- a/p11-kit/virtual.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat, Inc
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef __P11_VIRTUAL_H__
-#define __P11_VIRTUAL_H__
-
-#include "pkcs11.h"
-#include "pkcs11i.h"
-#include "array.h"
-
-typedef struct {
- CK_X_FUNCTION_LIST funcs;
- void *lower_module;
- p11_destroyer lower_destroy;
-} p11_virtual;
-
-extern CK_X_FUNCTION_LIST p11_virtual_base;
-
-extern CK_X_FUNCTION_LIST p11_virtual_stack;
-
-void p11_virtual_init (p11_virtual *virt,
- CK_X_FUNCTION_LIST *funcs,
- void *lower_module,
- p11_destroyer lower_destroy);
-
-void p11_virtual_uninit (p11_virtual *virt);
-
-bool p11_virtual_can_wrap (void);
-
-CK_FUNCTION_LIST * p11_virtual_wrap (p11_virtual *virt,
- p11_destroyer destroyer);
-
-bool p11_virtual_is_wrapper (CK_FUNCTION_LIST *module);
-
-void p11_virtual_unwrap (CK_FUNCTION_LIST *module);
-
-#endif /* __P11_VIRTUAL_H__ */
diff --git a/po/LINGUAS b/po/LINGUAS
deleted file mode 100644
index 3d3552a..0000000
--- a/po/LINGUAS
+++ /dev/null
@@ -1,71 +0,0 @@
-# Set of available languages.
-ar
-as
-az
-bg
-bn_IN
-ca
-ca@valencia
-cs
-cy
-da
-de
-el
-en@boldquot
-en_GB
-en@quot
-eo
-es
-eu
-fa
-fi
-fo
-fr
-ga
-gl
-gu
-he
-hi
-hr
-hu
-ia
-id
-it
-ja
-ka
-kk
-kn
-ko
-lt
-lv
-ml
-mr
-ms
-nb
-nl
-nn
-or
-pa
-pl
-pt
-pt_BR
-ro
-ru
-sk
-sl
-sq
-sr
-sr@latin
-sv
-ta
-te
-th
-tr
-uk
-vi
-wa
-zh_CN
-zh_HK
-zh_TW
-oc
-et
diff --git a/po/Makevars b/po/Makevars
deleted file mode 100644
index 0ae10b6..0000000
--- a/po/Makevars
+++ /dev/null
@@ -1,41 +0,0 @@
-# Makefile variables for PO directory in any package using GNU gettext.
-
-# Usually the message domain is the same as the package name.
-DOMAIN = $(PACKAGE)
-
-# These two variables depend on the location of this directory.
-subdir = po
-top_builddir = ..
-
-# These options get passed to xgettext.
-XGETTEXT_OPTIONS = --keyword=_ --keyword=N_
-
-# This is the copyright holder that gets inserted into the header of the
-# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
-# package. (Note that the msgstr strings, extracted from the package's
-# sources, belong to the copyright holder of the package.) Translators are
-# expected to transfer the copyright for their translations to this person
-# or entity, or to disclaim their copyright. The empty string stands for
-# the public domain; in this case the translators are expected to disclaim
-# their copyright.
-COPYRIGHT_HOLDER = Collabora Ltd.
-
-# This is the email address or URL to which the translators shall report
-# bugs in the untranslated strings:
-# - Strings which are not entire sentences, see the maintainer guidelines
-# in the GNU gettext documentation, section 'Preparing Strings'.
-# - Strings which use unclear terms or require additional context to be
-# understood.
-# - Strings which make invalid assumptions about notation of date, time or
-# money.
-# - Pluralisation problems.
-# - Incorrect English spelling.
-# - Incorrect formatting.
-# It can be your email address, or a mailing list address where translators
-# can write to without being subscribed, or the URL of a web page through
-# which the translators can contact you.
-MSGID_BUGS_ADDRESS =
-
-# This is the list of locale categories, beyond LC_MESSAGES, for which the
-# message catalogs shall be used. It is usually empty.
-EXTRA_LOCALE_CATEGORIES =
diff --git a/po/POTFILES.in b/po/POTFILES.in
deleted file mode 100644
index 3e15306..0000000
--- a/po/POTFILES.in
+++ /dev/null
@@ -1,2 +0,0 @@
-# List of source files which contain translatable strings.
-p11-kit/messages.c
diff --git a/po/ar.po b/po/ar.po
deleted file mode 100644
index 8978cd9..0000000
--- a/po/ar.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Arabic (http://www.transifex.com/freedesktop/p11-kit/language/ar/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ar\n"
-"Plural-Forms: nplurals=6; plural=n==0 ? 0 : n==1 ? 1 : n==2 ? 2 : n%100>=3 && n%100<=10 ? 3 : n%100>=11 && n%100<=99 ? 4 : 5;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/as.po b/po/as.po
deleted file mode 100644
index 96e8e5c..0000000
--- a/po/as.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Assamese (http://www.transifex.com/freedesktop/p11-kit/language/as/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: as\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/az.po b/po/az.po
deleted file mode 100644
index 35a8502..0000000
--- a/po/az.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Azerbaijani (http://www.transifex.com/freedesktop/p11-kit/language/az/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: az\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/bg.po b/po/bg.po
deleted file mode 100644
index 539eaa8..0000000
--- a/po/bg.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Bulgarian (http://www.transifex.com/freedesktop/p11-kit/language/bg/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: bg\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/bn_IN.po b/po/bn_IN.po
deleted file mode 100644
index a399159..0000000
--- a/po/bn_IN.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Bengali (India) (http://www.transifex.com/freedesktop/p11-kit/language/bn_IN/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: bn_IN\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/boldquot.sed b/po/boldquot.sed
deleted file mode 100644
index 4b937aa..0000000
--- a/po/boldquot.sed
+++ /dev/null
@@ -1,10 +0,0 @@
-s/"\([^"]*\)"/“\1”/g
-s/`\([^`']*\)'/‘\1’/g
-s/ '\([^`']*\)' / ‘\1’ /g
-s/ '\([^`']*\)'$/ ‘\1’/g
-s/^'\([^`']*\)' /‘\1’ /g
-s/“”/""/g
-s/“/“/g
-s/”/”/g
-s/‘/‘/g
-s/’/’/g
diff --git a/po/ca.po b/po/ca.po
deleted file mode 100644
index 6f042e6..0000000
--- a/po/ca.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Catalan (http://www.transifex.com/freedesktop/p11-kit/language/ca/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ca\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/ca@valencia.po b/po/ca@valencia.po
deleted file mode 100644
index d429cc4..0000000
--- a/po/ca@valencia.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Catalan (Valencian) (http://www.transifex.com/freedesktop/p11-kit/language/ca@valencia/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ca@valencia\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/cs.po b/po/cs.po
deleted file mode 100644
index 5b5bfd4..0000000
--- a/po/cs.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Jozef Mlích <xmlich02@stud.fit.vutbr.cz>, 2015
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2015-07-07 06:46+0000\n"
-"Last-Translator: Jozef Mlích <xmlich02@stud.fit.vutbr.cz>\n"
-"Language-Team: Czech (http://www.transifex.com/freedesktop/p11-kit/language/cs/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: cs\n"
-"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Operace byla zrušena"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Není k dispozici dostatek paměti"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Vnitřní chyba"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Operace selhala"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Modul nemůže vytvořit požadované vlákna"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Modul nemůže správně zamknout data"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Pole je pouze pro čtení"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Pole je citlivé a nemůže být odkryto"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Pole je neplatné nebo neexistuje"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Nesprávná hodnota pole"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Data nejsou platné nebo rozpoznané"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Data jsou příliš velká"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Nastala chyba na zařízení"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Na zařízení není k dispozici dostak paměti"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Zařízení bylo odstraněno nebo odpojeno"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Šifrovaná data nejsou platná nebo rozpoznaná"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Šifrované data jsou příliš dlouhé"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Operace není podporovaná"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Klíč chybí nebo je neplatný"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Klíč má chybnou velikost"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Klíč má chybný typ"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Není potřeba žádný klíč"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Klíč je jiný než byl před tím"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Je požadován klíč"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "S tímto klíčem nelze operaci dokončit"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Tento klíč nelze exportovat"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Šiforvací mechanizmus je neplatný nebo nerozpoznaný"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Šiforvací mechanizmus má neplatný argument"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Objekt chybí nebo je neplatný"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Heslo nebo PIN nejsou správné"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Heslo nebo PIN nejsou plané"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Heslo nebo PIN mají neplatnou délku"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Heslo nebo PIN vypršeli"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Heslo nebo PIN jsou uzamčeny"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Podpis je špatný nebo poškozený"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Podpis nelze rozpoznat nebo je poškozený"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Některé požadované pole chybí"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Některé pole mají neplatné hodnoty"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Zařízení není přítomno nebo je odpojeno"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Zařízení je neplatné nebo jej není možné rozpoznat"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Zařízení je chráněné proti zápisu"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Není možné importovat z důvodu neplatného klíče"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Není možné importovat z důvodu chybné velikosti klíče"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Není možné importovat z důvodu chybného typu klíče"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Už jste příhlášen"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Není přihlášený žádný uživatel"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Uživatelovo heslo nebo PIN není nastavený"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Neplatný typ uživatele"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Už je příhlášený jiný uživatel"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Je přihlášeno příliš mnoho různých typů uživatelů"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Neplatný klíč nelze importovat"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Nelze importovat klíč o chybné velikosti"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Nelze exportovat, protože klíč není platný"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Nelze exportovat, protože klíč má chybnou velikost"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Nelze exportovat, protože klíč má nesprávný typ"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Nelze inicializovat generátor náhodných čísel"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Není k dispozici žádný generátor náhodných čísel"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Šiforvací mechanizmus má neplatný parametr"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Nedostatek místa pro uložení výsledku"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Uložený stav je neplatný"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Informace je citlivá a nemůže být odkryta"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Stav nemohl být uložen"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Modul nemohl být inicializován"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Modul již byl inicializován"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Data nelze zamknout"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Data nemůžou být zamknutá"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Požadavek byl uživatelem zamítnut"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Neznámá chyba"
diff --git a/po/cy.po b/po/cy.po
deleted file mode 100644
index f5e2b58..0000000
--- a/po/cy.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Welsh (http://www.transifex.com/freedesktop/p11-kit/language/cy/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: cy\n"
-"Plural-Forms: nplurals=4; plural=(n==1) ? 0 : (n==2) ? 1 : (n != 8 && n != 11) ? 2 : 3;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/da.po b/po/da.po
deleted file mode 100644
index 1f01343..0000000
--- a/po/da.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Joe Hansen <joedalton2@yahoo.dk>, 2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-12-24 13:36+0000\n"
-"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
-"Language-Team: Danish (http://www.transifex.com/freedesktop/p11-kit/language/da/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: da\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Handlingen blev afbrudt"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Der er ikke nok hukommelse"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Det angivne slot-id er ikke gyldigt"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Intern fejl"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Handlingen mislykkedes"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Ugyldige parametre"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Modulet kan ikke oprette krævede tråde"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Modulet kan ikke låse data korrekt"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Feltet er skrivebeskyttet"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Feltet er sensitivt kan ikke afsløres"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Feltet er ugyldigt eller findes ikke"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Ugyldigt værdi for felt"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Dataene er ikke gyldige eller blev ikke genkendt"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Dataene er for lange"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Der opstod en fejl på enheden"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Utilstrækkelig tilgængelig hukommelse på enheden"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Enheden blev fjernet eller frakoblet"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "De krypterede data er ikke gyldige eller blev ikke genkendt"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "De krypterede data er for lange"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Denne handling er ikke understøttet"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Nøglen mangler eller er ugyldig"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Nøglen har forkert størrelse"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Nøglen har forkert type"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Ingen nøgle er krævet"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Nøglen er anderledes end tidligere"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "En nøgle er krævet"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Kan ikke inkludere nøglen i sammendraget"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Denne handling kan ikke udføres med denne nøgle"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Nøglen kan ikke omsluttes"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Kan ikke eksportere denne nøgle"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Kryptomekanismen er ugyldig eller blev ikke genkendt"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Kryptomekanismen har en ugyldig parameter"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Objektet mangler eller er ugyldigt"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "En anden handling foregår allerede"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Der udføres ingen handling"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Adgangskoden eller PIN er ikke korrekt"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Adgangskoden eller PIN er ugyldig"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Adgangskoden eller PIN har forkert længde"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Adgangskoden eller PIN er udløbet"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Adgangskoden eller PIN er låst"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Sessionen er låst"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "For mange sessioner er aktive"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Sessionen er ugyldig"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Sessionen er skrivebeskyttet"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Der findes en åben session"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Der findes en skrivebeskyttet session"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Der findes en administratorsession"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Underskriften er ugyldig eller ødelagt"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Underskriften kunne ikke genkendes eller er ødelagt"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Bestemte krævede felter mangler"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Bestemte felter har ugyldige værdier"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Enheden er ikke til stede eller frakoblet"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Enheden er ugyldig eller kan ikke genkendes"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Enheden er skrivebeskyttet"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Kan ikke importere da nøglen er ugyldig"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Kan ikke importere da nøglen har forkert størrelse"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Kan ikke importere da nøglen har forkert type"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Du er allerede logget ind"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Ingen bruger har logget ind"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Brugerens adgangskode eller PIN er ikke angivet"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Brugeren er af ugyldig type"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "En anden bruger er allerede logget ind"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "For mange brugere af forskellige typer er logget ind"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Kan ikke importere en ugyldig nøgle"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Kan ikke importere en nøgle med forkert størrelse"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Kan ikke eksportere da nøglen er ugyldig"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Kan ikke eksportere da nøglen har forkert størrelse"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Kan ikke eksportere da nøglen har forkert type"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Kan ikke initialisere oprettelsesprogrammet for vilkårlige tal"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Intet oprettelsesprogram for vilkårlige tal er tilgængeligt"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Kryptomekanismen har en ugyldig parameter"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Ikke nok plads til at lagre resultatet"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Den lagrede tilstand er ugyldig"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Informationen er sensitiv og kan ikke afsløres"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Tilstanden kan ikke gemmes"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Modulet er ikke blevet initialiseret"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Modulet er allerede blevet initialiseret"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Kan ikke låse data"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Dataene kan ikke låses"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Forespørgslen blev afvist af brugeren"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Ukendt fejl"
diff --git a/po/de.po b/po/de.po
deleted file mode 100644
index 1c728fd..0000000
--- a/po/de.po
+++ /dev/null
@@ -1,344 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Ettore Atalan <atalanttore@googlemail.com>, 2014
-# Mario Blättermann <mario.blaettermann@gmail.com>, 2012
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2014-09-22 15:30+0000\n"
-"Last-Translator: Ettore Atalan <atalanttore@googlemail.com>\n"
-"Language-Team: German (http://www.transifex.com/freedesktop/p11-kit/language/de/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: de\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Die Aktion wurde abgebrochen."
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Nicht genügend Speicher verfügbar"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Die angegebene Slot-Kennziffer ist ungültig."
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Interner Fehler"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Die Aktion ist fehlgeschlagen."
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Ungültige Argumente"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Das Modul kann nicht die benötigten Threads erzeugen."
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Das Modul kann die Daten nicht ordnungsgemäß sperren."
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Das Feld hat nur Lesezugriff."
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Das Feld ist sensibel und kann nicht offengelegt werden."
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Das Feld ist ungültig oder es existiert nicht."
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Ungültiger Wert für Feld"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Die Daten sind ungültig oder konnten nicht erkannt werden."
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Die Daten sind zu lang."
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Auf dem Gerät trat ein Fehler auf."
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Auf dem Gerät ist nicht genügend Speicher verfügbar."
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Das Gerät wurde entfernt oder abgezogen."
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Die verschlüsselten Daten sind nicht gültig oder konnten nicht erkannt werden."
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Die verschlüsselten Daten sind zu lang."
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Diese Aktion wird nicht unterstützt."
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Der Schlüssel fehlt oder ist ungültig."
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Der Schlüssel hat die falsche Größe."
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Der Schlüssel ist vom falschen Typ."
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Es wird kein Schlüssel benötigt."
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Der Schlüssel ist anders als vorher."
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Es wird ein Schlüssel benötigt."
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Der Schlüssel kann nicht in den Digest integriert werden."
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Diese Aktion kann nicht mit diesem Schlüssel durchgeführt werden."
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Der Schlüssel kann nicht eingepackt werden."
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Dieser Schlüssel kann nicht exportiert werden."
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Der kryptografische Mechanismus ist ungültig oder konnte nicht erkannt werden."
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Der kryptografische Mechanismus hat ein ungültiges Argument."
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Das Objekt fehlt oder ist ungültig."
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Es findet bereits eine andere Aktion statt."
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Es findet keine Aktion statt."
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Das Passwort oder die PIN ist nicht korrekt."
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Das Passwort oder die PIN ist ungültig."
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Das Passwort oder die PIN hat eine ungültige Länge."
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Das Passwort oder die PIN ist abgelaufen."
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Das Passwort oder die PIN ist gesperrt."
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Die Sitzung ist beendet."
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Es sind zu viele Sitzungen aktiv."
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Die Sitzung ist ungültig."
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Die Sitzung hat nur Lesezugriff."
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Es existiert eine offene Sitzung."
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Es existiert eine Sitzung mit reinem Lesezugriff."
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Es existiert eine Administratorsitzung."
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Die Signatur ist falsch oder beschädigt."
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Die Signatur wurde nicht erkannt oder ist beschädigt."
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Einige benötigte Felder fehlen."
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Einige Felder haben ungültige Werte."
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Das Gerät ist nicht vorhanden oder abgezogen."
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Das Gerät ist ungültig oder unbekannt."
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Das Gerät ist schreibgeschützt."
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Kann nicht importiert werden, da der Schlüssel ungültig ist"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Kann nicht importiert werden, da der Schlüssel die falsche Größe hat"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Kann nicht importiert werden, da der Schlüssel vom falschen Typ ist"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Sie sind bereits angemeldet."
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Kein Benutzer hat sich angemeldet."
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Passwort oder PIN des Benutzers ist nicht gesetzt"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Der Benutzer ist vom falschen Typ."
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Ein anderer Benutzer ist bereits angemeldet."
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Zu viele Benutzer unterschiedlicher Typen sind angemeldet."
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Ein ungültiger Schlüssel kann nicht importiert werden."
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Ein Schlüssel mit falscher Größe kann nicht importiert werden."
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Kann nicht exportiert werden, da der Schlüssel ungültig ist"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Kann nicht exportiert werden, da der Schlüssel die falsche Größe hat"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Kann nicht exportiert werden, da der Schlüssel vom falschen Typ ist"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Der Zufallszahlengenerator kann nicht initialisiert werden."
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Kein Zufallszahlengenerator verfügbar"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Der kryptografische Mechanismus hat einen ungültigen Parameter."
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Nicht genug Platz, um das Ergebnis zu speichern"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Der gespeicherte Status ist ungültig."
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Die Information ist sensibel und kann nicht offengelegt werden."
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Der Status kann nicht gespeichert werden."
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Das Modul wurde nicht initialisiert."
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Das Modul wurde bereits initialisiert."
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Daten können nicht gesperrt werden"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Die Daten können nicht gesperrt werden."
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Der Anfrage wurde vom Benutzer abgelehnt"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Unbekannter Fehler"
diff --git a/po/el.po b/po/el.po
deleted file mode 100644
index c507988..0000000
--- a/po/el.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Maria Mavridou <mavridou@gmail.com>, 2014
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2014-04-21 19:51+0000\n"
-"Last-Translator: thanos <tomtryf@gmail.com>\n"
-"Language-Team: Greek (http://www.transifex.com/freedesktop/p11-kit/language/el/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: el\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Η λειτουργία ακυρώθηκε"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Ανεπαρκής διαθέσιμη μνήμη"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "H καθορισμένη ταυτότητα υποδοχής δεν είναι έγκυρη"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Εσωτερικό σφάλμα"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Η λειτουργία απέτυχε"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Άκυρα ορίσματα"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Η μονάδα δεν μπορεί να δημιουργήσει τα αναγκαία νήματα εκτέλεσης"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Η μονάδα δεν μπορεί να κλειδώσει τα δεδομένα σωστά "
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Το πεδίο είναι μόνο για ανάγνωση"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Το πεδίο είναι ευαίσθητο και δεν μπορεί να αποκαλυφθεί"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Το πεδίο δεν είναι έγκυρο ή δεν υπάρχει"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Μη έγκυρη τιμή για το πεδίο"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Τα δεδομένα δεν είναι έγκυρα ή δεν αναγνωρίζονται"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Τα δεδομένα είναι πολύ μεγάλα"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Παρουσιάστηκε σφάλμα στη συσκευή"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Ανεπαρκής διαθέσιμη μνήμη στη συσκευή"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Η συσκευή απομακρύνθηκε ή αποσυνδέθηκε"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Τα κρυπτογραφημένα δεδομένα δεν είναι έγκυρα ή δεν αναγνωρίζονται"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Τα κρυπτογραφημένα δεδομένα είναι πολύ μεγάλα"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Δεν υποστηρίζεται αυτή η λειτουργία"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Το κλειδί λείπει ή δεν είναι έγκυρο"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Το κλειδί έχει λάθος μέγεθος"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Το κλειδί είναι λάθος τύπου"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Δεν απαιτείται κλειδί"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Το κλειδί είναι διαφορετικό από πριν"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Απαιτείται ένα κλειδί"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Το κλειδί δεν μπορεί να συμπεριληφθεί στη σύνοψη"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Αυτή η λειτουργία δεν μπορεί να γίνει με αυτό το κλειδί"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Το κλειδί δεν μπορεί να αναδιπλωθεί"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Το κλειδί δεν μπορεί να εξαχθεί"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Ο κρυπτογραφικός μηχανισμός δεν είναι έγκυρος ή δεν αναγνωρίζεται"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Ο κρυπτογραφικός μηχανισμός έχει ένα μη έγκυρο όρισμα"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Το αντικείμενο λείπει ή δεν είναι έγκυρο"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Μια άλλη λειτουργία ήδη πραγματοποιείται"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Καμιά λειτουργία δεν πραγματοποιείται"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Ο κωδικός πρόσβασης ή το PIN είναι λανθασμένο"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Ο κωδικός πρόσβασης ή το PIN δεν είναι έγκυρο"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Ο κωδικός πρόσβασης ή το PIN έχει μη έγκυρο μήκος"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Ο κωδικός πρόσβασης ή το PIN έχει λήξει"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Ο κωδικός πρόσβασης ή το PIN έχει κλειδωθεί"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Η συνεδρία είναι κλειστή"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Πάρα πολλές συνεδρίες είναι ενεργές"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Η συνεδρία δεν είναι έγκυρη"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Η συνεδρία είναι μόνο για ανάγνωση"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Υπάρχει μια ανοιχτή συνεδρία"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Υπάρχει μια συνεδρία μόνο για ανάγνωση"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Υπάρχει μια συνεδρία διαχειριστή"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Η υπογραφή είναι κακή ή κατεστραμμένη"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Η υπογραφή δεν αναγνωρίζεται ή είναι κατεστραμμένη"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Ορισμένα από τα απαιτούμενα πεδία λείπουν"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Ορισμένα πεδία έχουν μη έγκυρες τιμές"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Η συσκευή δεν υπάρχει ή έχει αποσυνδεθεί"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Η συσκευή δεν είναι έγκυρη ή δεν αναγνωρίζεται"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Η συσκευή έχει προστασία εγγραφής"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Δεν είναι δυνατή η εισαγωγή, διότι το κλειδί δεν είναι έγκυρο"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Δεν είναι δυνατή η εισαγωγή, διότι το κλειδί είναι το λάθος μεγέθους"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Δεν είναι δυνατή η εισαγωγή, διότι το κλειδί είναι λάθος τύπου"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Είστε ήδη συνδεδεμένος"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Κανένας χρήστης δεν έχει συνδεθεί"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Ο κωδικός πρόσβασης ή το PIN του χρήστη δεν έχουν οριστεί"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Ο χρήστης είναι μη έγκυρου τύπου"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Ένας άλλος χρήστης είναι ήδη συνδεδεμένος"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Πάρα πολλοί χρήστες διαφόρων τύπων είναι συνδεδεμένοι"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Δεν είναι δυνατή η εισαγωγή ενός μη έγκυρου κλειδιού"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Δεν είναι δυνατή η εισαγωγή ενός κλειδού λάθους μεγέθους"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Δεν είναι δυνατή η εξαγωγή διότι το κλειδί δεν είναι έγκυρο"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Δεν είναι δυνατή η εξαγωγή διότι το κλειδί είναι λάθους μεγέθους"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Δεν είναι δυνατή η εξαγωγή διότι το κλειδί είναι λάθος τύπου"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Αδύνατη η αρχικοποίηση της γεννήτριας τυχαίων αριθμών"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Δεν υπάρχει γεννήτρια τυχαίων αριθμών"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Ο κρυπτογραφικός μηχανισμός δεν έχει έγκυρη παράμετρο"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Δεν υπάρχει αρκετός χώρος για να αποθηκεύσετε το αποτέλεσμα"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Η αποθηκευμένη αναφορά δεν είναι έγκυρη"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Η πληροφορία είναι ευαίσθητη και δεν μπορεί να αποκαλυφθεί"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Η αναφορά δεν μπορεί να σωθεί"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Η μονάδα δεν έχει προετοιμαστεί"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Η μονάδα έχει ήδη προετοιμαστεί"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Δεν μπορείτε να κλειδώσετε τα δεδομένα"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Τα δεδομένα δεν μπορούν να κλειδωθούν"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Η αίτηση απορρίφθηκε από το χρήστη"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Άγνωστο σφάλμα"
diff --git a/po/en@boldquot.header b/po/en@boldquot.header
deleted file mode 100644
index fedb6a0..0000000
--- a/po/en@boldquot.header
+++ /dev/null
@@ -1,25 +0,0 @@
-# All this catalog "translates" are quotation characters.
-# The msgids must be ASCII and therefore cannot contain real quotation
-# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
-# and double quote (0x22). These substitutes look strange; see
-# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
-#
-# This catalog translates grave accent (0x60) and apostrophe (0x27) to
-# left single quotation mark (U+2018) and right single quotation mark (U+2019).
-# It also translates pairs of apostrophe (0x27) to
-# left single quotation mark (U+2018) and right single quotation mark (U+2019)
-# and pairs of quotation mark (0x22) to
-# left double quotation mark (U+201C) and right double quotation mark (U+201D).
-#
-# When output to an UTF-8 terminal, the quotation characters appear perfectly.
-# When output to an ISO-8859-1 terminal, the single quotation marks are
-# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
-# grave/acute accent (by libiconv), and the double quotation marks are
-# transliterated to 0x22.
-# When output to an ASCII terminal, the single quotation marks are
-# transliterated to apostrophes, and the double quotation marks are
-# transliterated to 0x22.
-#
-# This catalog furthermore displays the text between the quotation marks in
-# bold face, assuming the VT100/XTerm escape sequences.
-#
diff --git a/po/en@quot.header b/po/en@quot.header
deleted file mode 100644
index a9647fc..0000000
--- a/po/en@quot.header
+++ /dev/null
@@ -1,22 +0,0 @@
-# All this catalog "translates" are quotation characters.
-# The msgids must be ASCII and therefore cannot contain real quotation
-# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
-# and double quote (0x22). These substitutes look strange; see
-# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
-#
-# This catalog translates grave accent (0x60) and apostrophe (0x27) to
-# left single quotation mark (U+2018) and right single quotation mark (U+2019).
-# It also translates pairs of apostrophe (0x27) to
-# left single quotation mark (U+2018) and right single quotation mark (U+2019)
-# and pairs of quotation mark (0x22) to
-# left double quotation mark (U+201C) and right double quotation mark (U+201D).
-#
-# When output to an UTF-8 terminal, the quotation characters appear perfectly.
-# When output to an ISO-8859-1 terminal, the single quotation marks are
-# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
-# grave/acute accent (by libiconv), and the double quotation marks are
-# transliterated to 0x22.
-# When output to an ASCII terminal, the single quotation marks are
-# transliterated to apostrophes, and the double quotation marks are
-# transliterated to 0x22.
-#
diff --git a/po/en_GB.po b/po/en_GB.po
deleted file mode 100644
index c5e9281..0000000
--- a/po/en_GB.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Andi Chandler <andi@gowling.com>, 2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Andi Chandler <andi@gowling.com>\n"
-"Language-Team: English (United Kingdom) (http://www.transifex.com/freedesktop/p11-kit/language/en_GB/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: en_GB\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "The operation was cancelled"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Insufficient memory available"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "The specified slot ID is not valid"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Internal error"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "The operation failed"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Invalid arguments"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "The module cannot create needed threads"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "The module cannot lock data properly"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "The field is read-only"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "The field is sensitive and cannot be revealed"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "The field is invalid or does not exist"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Invalid value for field"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "The data is not valid or unrecognised"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "The data is too long"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "An error occurred on the device"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Insufficient memory available on the device"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "The device was removed or unplugged"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "The encrypted data is not valid or unrecognised"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "The encrypted data is too long"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "This operation is not supported"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "The key is missing or invalid"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "The key is the wrong size"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "The key is of the wrong type"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "No key is needed"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "The key is different than before"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "A key is needed"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Cannot include the key in the digest"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "This operation cannot be done with this key"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "The key cannot be wrapped"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Cannot export this key"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "The crypto mechanism is invalid or unrecognised"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "The crypto mechanism has an invalid argument"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "The object is missing or invalid"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Another operation is already taking place"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "No operation is taking place"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "The password or PIN is incorrect"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "The password or PIN is invalid"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "The password or PIN is of an invalid length"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "The password or PIN has expired"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "The password or PIN is locked"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "The session is closed"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Too many sessions are active"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "The session is invalid"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "The session is read-only"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "An open session exists"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "A read-only session exists"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "An administrator session exists"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "The signature is bad or corrupted"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "The signature is unrecognised or corrupted"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Certain required fields are missing"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Certain fields have invalid values"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "The device is not present or unplugged"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "The device is invalid or unrecognisable"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "The device is write protected"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Cannot import because the key is invalid"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Cannot import because the key is of the wrong size"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Cannot import because the key is of the wrong type"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "You are already logged in"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "No user has logged in"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "The user's password or PIN is not set"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "The user is of an invalid type"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Another user is already logged in"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Too many users of different types are logged in"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Cannot import an invalid key"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Cannot import a key of the wrong size"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Cannot export because the key is invalid"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Cannot export because the key is of the wrong size"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Cannot export because the key is of the wrong type"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Unable to initialise the random number generator"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "No random number generator available"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "The crypto mechanism has an invalid parameter"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Not enough space to store the result"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "The saved state is invalid"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "The information is sensitive and cannot be revealed"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "The state cannot be saved"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "The module has not been initialised"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "The module has already been initialised"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Cannot lock data"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "The data cannot be locked"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "The request was rejected by the user"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Unknown error"
diff --git a/po/eo.po b/po/eo.po
deleted file mode 100644
index 8ea1ae3..0000000
--- a/po/eo.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# kristjan <kristjan.schmidt@googlemail.com>, 2012
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Esperanto (http://www.transifex.com/freedesktop/p11-kit/language/eo/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: eo\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "La operacio estas nuligita"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Ne sufiĉe da memoro estas disponebla"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Interna eraro"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "La operacio malsukcesis"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Nevalidaj argumentoj"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "La kampo estas nevalida aŭ ne ekzistas"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Nevalida valoro por kampo"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "La datumo estas tro longa"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Eraro okazis je aparato"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Ŝlosilo estas bezonata"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "La seanco estas nevalida"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Neniu uzanto estas ensalutita"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Alia uzanto jam estas ensalutita"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Nekonata eraro"
diff --git a/po/es.po b/po/es.po
deleted file mode 100644
index c2219b9..0000000
--- a/po/es.po
+++ /dev/null
@@ -1,344 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Adolfo Jayme Barrientos, 2012
-# Daniel Mustieles <daniel.mustieles@gmail.com>, 2012-2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Daniel Mustieles <daniel.mustieles@gmail.com>\n"
-"Language-Team: Spanish (http://www.transifex.com/freedesktop/p11-kit/language/es/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: es\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Se canceló la operación"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "No hay suficiente memoria disponible"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "El ID de la ranura especificada no es válido"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Error interno"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Falló la operación"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Argumentos no válidos"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "El módulo no puede crear los hilos necesarios"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "El módulo no puede bloquear los datos correctamente"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "El campo es de solo lectura"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "El campo es sensible y no se puede revelar"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "El campo no es válido o no existe"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Valor no válido para el campo"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Los datos no son válidos o no se reconocen"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Los datos son demasiado largos"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Ha ocurrido un error en el dispositivo"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "No hay memoria suficiente disponible en el dispositivo"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Se quitó o desconectó el dispositivo"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Los datos cifrados no son válidos o no se reconocen"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Los datos cifrados son demasiado largos"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Esta operación no está soportada"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Falta la clave o no es válida"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "El tamaño de la clave es incorrecto"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "El tipo de la clave es incorrecto"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "No se necesita ninguna clave"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "La clave no es igual que antes"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Se necesita una clave"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "No se puede incluir la clave en el resumen"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "No se puede hacer esta operación con esta clave"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "No se puede encapsular la clave"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "No se puede exportar esta clave"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "El mecanismo de cifrado no es válido o no se ha reconocido"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "El mecanismo de cifrado tiene un argumento no válido"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Falta el objeto o no es válido"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Ya hay otra operación en curso"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "No hay ninguna operación en curso"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "La contraseña o el PIN son incorrectos"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "La contraseña o el PIN no son válidos"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "La contraseña o PIN tiene una longitud no válida"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "La contraseña o el PIN han expirado"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "La contraseña o el PIN están bloqueados"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "La sesión está cerrada"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Hay demasiadas sesiones activas"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "La sesión no es válida"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "La sesión es de solo lectura"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Existe una sesión abierta"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Existe una sesión de solo lectura"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Existe una sesión de administrador"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "La firma tiene errores o está dañada"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "La firma no se reconoce o está dañada"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Faltan ciertos campos requeridos"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Ciertos campos tienen valores no válidos"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "El dispositivo no está presente o está desconectado"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "El dispositivo no es válido o es irreconocible"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "El dispositivo está protegido contra escritura"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "No se puede importar porque la clave no es válida"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "No se puede importar porque la clave tiene un tamaño incorrecto"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "No se puede importar porque la clave es de un tipo incorrecto"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Ya ha iniciado sesión"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Ningún usuario ha iniciado sesión"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "La contraseña o el PIN del usuario no se han establecido"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "El usuario es de un tipo no válido"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Ya ha iniciado sesión otro usuario"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Han iniciado sesión demasiados usuarios de varios tipos"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "No se puede importar una clave no válida"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "No se puede importar una clave del tamaño incorrecto"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "No se puede exportar poque la clave no es válida"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "No se puede exportar porque la clave tiene un tamaño incorrecto"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "No se puede exportar porque la clave es del tipo incorrecto"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "No se puede inicializar el generador de números aleatorios"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "No hay ningún generador de números aleatorios disponible"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "El mecanismo de cifrado tiene un parámetro no válido"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "No hay espacio suficiente para guardar el resultado"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "El estado guardado no es válido"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "La información es sensible y no se puede revelar"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "No se puede guardar el estado"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "No se ha inicializado el módulo"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Ya se ha inicializado el módulo"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "No se pueden bloquear los datos"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "No se pueden bloquear los datos"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "El usuario rechazó la solicitud"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Error desconocido"
diff --git a/po/et.po b/po/et.po
deleted file mode 100644
index 5af8feb..0000000
--- a/po/et.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Estonian (http://www.transifex.com/freedesktop/p11-kit/language/et/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: et\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/eu.po b/po/eu.po
deleted file mode 100644
index 5e1c583..0000000
--- a/po/eu.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Basque (http://www.transifex.com/freedesktop/p11-kit/language/eu/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: eu\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/fa.po b/po/fa.po
deleted file mode 100644
index 7b0069e..0000000
--- a/po/fa.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Persian (http://www.transifex.com/freedesktop/p11-kit/language/fa/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: fa\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/fi.po b/po/fi.po
deleted file mode 100644
index 98c9e4a..0000000
--- a/po/fi.po
+++ /dev/null
@@ -1,345 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Eerik Uusi-Illikainen https://launchpad.net/~ekiuusi-4, 2012
-# Jiri Grönroos <jiri.gronroos@iki.fi>, 2012-2013
-# Timo Jyrinki <timo.jyrinki@iki.fi>, 2012
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Jiri Grönroos <jiri.gronroos@iki.fi>\n"
-"Language-Team: Finnish (http://www.transifex.com/freedesktop/p11-kit/language/fi/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: fi\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Toiminto keskeytettiin"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Muisti ei riitä"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Annettu lohkotunniste ei ole kelvollinen"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Sisäinen virhe"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Toiminto epäonnistui"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Virheellisiä argumentteja"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Moduuli ei voi luoda vaadittavia säikeitä"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Moduuli ei voi lukita tietoa kunnolla"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Kenttä on vain luettavissa"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Kenttä on arkaluonteinen eikä sitä voida paljastaa"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Kenttä on virheellinen tai sitä ei ole olemassa"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Kentän arvo on virheellinen"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Tieto ei ole kelvollista tai sitä ei voida tunnistaa"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Tieto on liian pitkä"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Tapahtui virhe laitteella"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Laitteen muistimäärä liian vähäinen"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Laite poistettiin tai irrotettiin"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Salattu tieto ei ole kelvollista tai sitä ei voida tunnistaa"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Salattu tieto on liian pitkä"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Tämä toiminto ei ole tuettu"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Avain puuttuu tai on virheellinen"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Avain on väärän kokoinen"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Avain on väärää tyyppiä"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Avainta ei vaadita"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Avain on eri kuin aikaisempi"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Avain vaaditaan"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Avainta ei voi sisällyttää tiivisteeseen"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Tätä toimintoa ei voi tehdä tällä avaimella"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Avainta ei voi rivittää"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Tätä avainta ei voi viedä"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Salausmekanismi on virheellinen tai sitä ei voida tunnistaa"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Salausmekanismissa on virheellinen argumentti"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Kohde puuttuu tai on virheellinen"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Toinen toiminto on jo käynnissä"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Yhtään toimintoa ei ole käynnissä"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Salasana tai PIN-koodi on väärä"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Salasana tai PIN-koodi on virheellinen"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Salasanan tai PIN-koodin pituus on virheellinen"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Salasana tai PIN-koodi on vanhentunut"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Salasana tai PIN-koodin on lukittu"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Istunto on suljettu"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Liian monta aktiivista istuntoa"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Istunto on virheellinen"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Istunto on vain luettavissa"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Avoin istunto on olemassa"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Lukutilassa oleva istunto on olemassa"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Ylläpitäjän istunto on olemassa"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Allekirjoitus on virheellinen tai vioittunut"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Allekirjoitusta ei voida tunnistaa tai se on vioittunut"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Jotkut vaadituista kentistä puuttuvat"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Jotkin kentät sisältävät virheellisia arvoja"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Laite ei ole saatavilla tai se on irrotettu"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Laite on virheellinen tai sitä ei voida tunnistaa"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Laite on kirjoitussuojattu"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Tuonti epäonnistui koska avain on virheellinen"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Tuonti epäonnistui koska avain on väärän kokoinen"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Tuonti epäonnistui koska avain on väärää tyyppiä"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Olet jo kirjautuneena sisään"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Käyttäjiä ei ole kirjautuneena sisään"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Käyttäjän salasanaa tai PIN-koodia ei ole asetettu"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Käyttäjä on väärän tyyppinen"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Toinen käyttäjä on jo kirjautunut sisään"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Liian monta eri tyyppistä käyttäjää on kirjautuneena sisään"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Virheellistä avainta ei voida tuoda"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Väärän kokoista avainta ei voida tuoda"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Vienti ei onnistu koska avain on virheellinen"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Vienti ei onnistu koska avain on väärän kokoinen"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Vienti ei onnistu koska avain on väärän tyyppinen"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Satunnaislukugeneraattoria ei voida alustaa"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Satunnaislukugeneraattoria ei ole saatavilla"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Salausmekanismin parametri on virheellinen"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Liian vähän tilaa tulosten tallentamiseen"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Tallennettu tila on virheellinen"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Tieto on luottamuksellista eikä sitä voida paljastaa"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Tilaa ei voida tallentaa"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Moduulia ei ole alustettu"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Moduuli on jo alustettu"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Tietoa ei voida lukita"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Tietoa ei voida lukita"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Pyyntö hylättiin käyttäjän toimesta"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Tuntematon virhe"
diff --git a/po/fo.po b/po/fo.po
deleted file mode 100644
index 1e5c2ae..0000000
--- a/po/fo.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Faroese (http://www.transifex.com/freedesktop/p11-kit/language/fo/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: fo\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/fr.po b/po/fr.po
deleted file mode 100644
index b2aa2d6..0000000
--- a/po/fr.po
+++ /dev/null
@@ -1,344 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Jérôme Fenal <jfenal@gmail.com>, 2013
-# lkppo, 2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
-"Language-Team: French (http://www.transifex.com/freedesktop/p11-kit/language/fr/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: fr\n"
-"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "L'opération a été annulée"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Mémoire disponible insuffisante"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "L'identifiant de slot indiqué est invalide"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Erreur interne"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "L'opération a échouée"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Arguments invalides"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Le module ne peut créer les fils d'exécution nécessaire"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Le module ne peut verrouiller correctement les données"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Le champ est en lecture seule"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Le champ est sensible et ne peut être révélé"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Le champ est invalide ou n'existe pas"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Valeur invalide pour le champ"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "La donnée est invalide ou non reconnue"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Données trop longues"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Une erreur est survenue sur le périphérique"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Mémoire insuffisante sur le périphérique"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Le périphérique a été supprimé ou débranché"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Les données chiffrées sont invalides ou non reconnues"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Les données chiffrées sont trop longues"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "L'opération n'est pas prise en charge"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Clef manquante ou invalide"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "La longueur de la Clef est incorrecte"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Le type de la Clef est incorrect"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Pas de clef nécessaire"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "La clef est différente de précédemment"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Une clef est nécessaire"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Impossible d'inclure la clé dans le condensé"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Cette opération est incompatible avec cette clef"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "La clé ne peut être emballée"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "La clef n'a pu être exportée"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Le mécanisme de chiffrement est invalide ou non reconnu"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Le mécanisme de chiffrement a un argument invalide"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Objet manquant ou invalide"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Une autre opération est déjà en cours"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Aucune opération en cours"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Le mot de passe ou le code PIN est incorrect"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Le mot de passe ou le code PIN est invalide"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "La longueur du mot de passe ou du code PIN est incorrecte"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "c"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Le mot de passe ou le code PIN est bloqué"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "La session est fermée"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Trop de sessions actives"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "La session est invalide"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "La session est en lecture seule"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Une session ouverte existe"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Une session en lecture seule existe"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Un administrateur de sessions existe"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "La signature est incorrecte ou corrompue"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "La signature ne peu être reconnue ou est corrompue"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Certains champs requis sont manquants"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Certains champs ont des valeurs invalides"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Le périphérique est absent ou débranché"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Le périphérique est invalide ou non reconnu"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Le périphérique est protégé en écriture"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Impossible d'importer car la clé est invalide"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Impossible d'importer car la clé n'a pas la bonne taille"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Impossible d'importer car la clé n'est pas du bon type"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Vous êtes déjà connecté"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Aucun utilisateur connecté"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Le mot de passe ou l'identifiant personnel n'est pas configuré"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "L'utilisateur n'a pas le bon type"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Un autre utilisateur est déjà connecté"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Trop d'utilisateurs de différents types sont connectés"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Impossible d'importer une clé invalide"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Impossible d'importer une clé de la mauvaise taille"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Impossible d'exporter car la clé est invalide"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Impossible d'exporter car la clé n'a pas la bonne taille"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Impossible d'exporter car la clé n'est pas du bon type"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Impossible d'initialiser le générateur de nombres aléatoires"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Aucun générateur de nombres aléatoires disponible"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Le mécanisme de chiffrement a un paramètre invalide"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Pas assez d'espace pour enregistrer le résultat"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "L'état enregistré est invalide"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "L'information est sensible et ne peut être révélée"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "L'état ne peut être enregistré"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Le module n'a pas été réinitialisé"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Le module a déjà été réinitialisé"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "impossible de verrouillé les données"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Les données ne peuvent être verrouillées"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "La demande a été rejetée par l'utilisateur"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Erreur inconnue"
diff --git a/po/ga.po b/po/ga.po
deleted file mode 100644
index 7acd071..0000000
--- a/po/ga.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Irish (http://www.transifex.com/freedesktop/p11-kit/language/ga/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ga\n"
-"Plural-Forms: nplurals=5; plural=(n==1 ? 0 : n==2 ? 1 : n<7 ? 2 : n<11 ? 3 : 4);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/gl.po b/po/gl.po
deleted file mode 100644
index 15202e2..0000000
--- a/po/gl.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Fran Diéguez <frandieguez@ubuntu.com>, 2012-2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Fran Diéguez <frandieguez@ubuntu.com>\n"
-"Language-Team: Galician (http://www.transifex.com/freedesktop/p11-kit/language/gl/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: gl\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Cancelouse a operación"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Non hai memoria dispoñíbel dabondo"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "O ID do slot especificado non é válido"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Erro interno"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Operacción fallada"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Argumentos non válidos"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "O módulo non pode crear os fíos necesarios"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "O módulo non pode bloquear os datos correctamente"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "O campo é de só lectura"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "O campo é sensíbel e non pode ser revelado"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "O campo non é válido ou non existe"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Valor non válido para o campo"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "O dato non é válido ou non se recoñece"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "O dato é demasiado longo"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Produciuse un erro no dispositivo"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "A memoria dispoñíbel no dispositivo non é suficiente"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "O dispositivo foi extraído ou desconectado"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Os datos cifrados non son válidos ou non se recoñecen"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Os datos cifrados son demasiado longos"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Esta operación non se admite"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Falta a chave ou non é válida"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "A chave ten un tamaño incorrecto"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "A chave é dun tipo incorrecto"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Non se precisa chave"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "A chave é diferente da anterior"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Precísase unha chave"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Non é posíbel incluir a chave no digest"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Esta operación non pode levarse a cabo con esta chave"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "A chave non pode envolverse"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Non é posíbel exportar esta chave"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "O mecanismo de criptografía non é válido ou non se recoñece"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "O mecanismo de criptografía ten un argumento non válido"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "O obxecto falta ou non é válido"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Xa se esta executando outra operación"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Non se está levando a cabo outra operación"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "O contrasinal ou PIN é incorrecto"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "O contrasinal ou PIN non é válido"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "O contrasinal ou PIN ten unha lonxitude non válida"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "O contrasinal ou PIN expirou"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "O contrasinal ou PIN está bloqueado"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "A sesión está pechada"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Demasiadas sesións activas"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "A sesión non é válida"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "A sesión é e só lectura"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Existe unha sesión aberta"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Existe unha sesión de só lectura"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Existe unha sesión de administrador"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "A sinatura é mala ou está corrompida"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "A sinatura non se recoñece ou está corrompida"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Faltan algúns campos requiridos"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Certos campos teñen valores non válidos"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "O dispositivo non está presente ou non está conectado"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "O dispositivo non é válido ou non está conectado"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "O dispositivo está protexido contra a escritura"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Non é posíbel importar porque a chave non é válida"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Non é posíbel importar a chave xa que ten un tamaño incorrecto"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Non é posíbel importar porque a chave ten un tipo non válido"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Xa ten unha sesión iniciada"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Non hai usuarios coa sesión iniciada"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "O contrasinal ou PIN do usuario non está estabelecido"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "O usuario ten un tipo non válido"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Xa hai outro usuario coa sesión iniciada"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Hai varios usuarios de tipos diferentes coa sesión iniciada"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Non é posíble importar unha chave non válida"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Non é posíbel importar unha chave de tamaño incorrecto"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Non é posíbel exportar a chave porque non é válida"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Non é posíbel exportar a chave porque ten un tamaño incorrecto "
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Non é posíbel exportar a chave porque é do tipo incorrecto"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Non é posíbel inicializar o xerador de números aleatorios"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Non hai ningún xerador de números aleatorios dispoñíbel"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "O mecanismo criptográfico ten un parámetro non válido"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Non hai espazo dabondo para almacenar o resultado"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "O estado gardado non é válido"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "A información é sensíbel e non pode revelarse"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Non é posíbel gardar o estado"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "O módulo non foi inicializado"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "O módulo xa foi inicializado"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Non é posíbel bloquear os datos"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Non é posíbel bloquear os datos"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "A solicitude foi rexeitada polo usuario"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Erro descoñecido"
diff --git a/po/gu.po b/po/gu.po
deleted file mode 100644
index 144e22d..0000000
--- a/po/gu.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Gujarati (http://www.transifex.com/freedesktop/p11-kit/language/gu/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: gu\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/he.po b/po/he.po
deleted file mode 100644
index 33ccec9..0000000
--- a/po/he.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Hebrew (http://www.transifex.com/freedesktop/p11-kit/language/he/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: he\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/hi.po b/po/hi.po
deleted file mode 100644
index 0148733..0000000
--- a/po/hi.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Hindi (http://www.transifex.com/freedesktop/p11-kit/language/hi/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: hi\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/hr.po b/po/hr.po
deleted file mode 100644
index c601d44..0000000
--- a/po/hr.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Tomislav Krznar <tomislav.krznar@gmail.com>, 2012
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Croatian (http://www.transifex.com/freedesktop/p11-kit/language/hr/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: hr\n"
-"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Operacija je otkazana"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Nema dovoljno memorije"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Identifikator navedenog utora nije ispravan"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Interna greška"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Operacija nije uspjela"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Neispravni argumenti"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Modul ne može stvoriti potrebne dretve"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Modul ne može pravilno zaključati podatke"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Polje ima dozvole samo za čitanje"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Polje je osjetljivo i ne može se prikazati"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Polje ne postoji ili nije ispravno"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Neispravna vrijednost za polje"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Podaci nisu prepoznati ili nisu ispravni"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Podaci su predugački"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Došlo je do pogreške na uređaju"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Nema dovoljno memorije na uređaju"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Uređaj je uklonjen"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Kriptirani podaci nisu prepoznati ili nisu ispravni"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Kriptirani podaci su predugački"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Ova operacija nije podržana"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Nema ključa ili nije ispravan"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Ključ je pogrešne veličine"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Ključ je pogrešne vrste"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Ključ nije potreban"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Ključ se razlikuje od prethodnog"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Potreban je ključ"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Ne mogu uključiti ključ u kontrolnu sumu"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Ova operacija se ne može izvršiti s ovim ključem"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Sadržaj ključa se ne može prelomiti u više redaka"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Ne mogu izvesti ključ"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Mehanizam kriptiranja nije prepoznat ili nije ispravan"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Mehanizam kriptiranja ima neispravan argument"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Nedostaje objekt ili nije ispravan"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Već se izvršava druga operacija"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Ne izvršava se niti jedna operacija"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Lozinka ili PIN su pogrešni"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Lozinka ili PIN nisu ispravni"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Lozinka ili PIN nemaju ispravnu duljinu"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Lozinki ili PIN-u je istekao rok trajanja"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Lozinka ili PIN su zaključani"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Sjednica je zatvorena"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Previše sjednica je aktivno"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Sjednica nije ispravna"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Sjednica je samo za čitanje"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Postoji otvorena sjednica"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Postoji sjednica samo za čitanje"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Postoji administratorska sjednica"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Potpis je neispravan ili oštećen"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Potpis nije prepoznat ili je oštećen"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Nedostaju neka nužna polja"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Neka polja imaju neispravne vrijednosti"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Uređaj nije prisutan ili je iskopčan"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Uređaj je neispravan ili neprepoznat"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Uređaj ima zaštitu pisanja"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Ne mogu uvesti zbog neispravnog ključa"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Ne mogu uvesti zbog ključa pogrešne veličine"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Ne mogu uvesti zbog ključa pogrešne vrste"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Već ste prijavljeni"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Nijedan korisnik nije prijavljen"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Korisnička lozinka ili PIN nisu postavljeni"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Vrsta korisnika nije ispravna"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Drugi korisnik je već prijavljen"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Prijavljeno je previše korisnika različitih vrsta"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Ne mogu uvesti neispravan ključ"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Ne mogu uvesti ključ pogrešne veličine"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Ne mogu izvesti neispravan ključ"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Ne mogu izvesti ključ pogrešne veličine"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Ne mogu izvesti ključ pogrešne vrste"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Ne mogu inicijalizirati generator slučajnih brojeva"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Nema dostupnih generatora slučajnih brojeva"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Mehanizam kriptiranja ima neispravan parametar"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Nema dovoljno prostora za spremanje rezultata"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Spremljeno stanje nije ispravno"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Informacije su osjetljive i ne mogu se prikazati"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Stanje se ne može spremiti"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Modul nije inicijaliziran"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Modul je već inicijaliziran"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Ne mogu zaključati podatke"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Podaci se ne mogu zaključati"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Nepoznata greška"
diff --git a/po/hu.po b/po/hu.po
deleted file mode 100644
index 00acd1e..0000000
--- a/po/hu.po
+++ /dev/null
@@ -1,344 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Gabor Kelemen <kelemeng at gnome dot hu>, 2012
-# kelemeng <kelemeng@ubuntu.com>, 2014
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2014-03-02 02:04+0000\n"
-"Last-Translator: kelemeng <kelemeng@ubuntu.com>\n"
-"Language-Team: Hungarian (http://www.transifex.com/freedesktop/p11-kit/language/hu/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: hu\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "A művelet megszakítva"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Nincs elég memória"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "A megadott helyazonosító nem érvényes"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Belső hiba"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "A művelet meghiúsult"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Érvénytelen argumentumok"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "A modul nem képes létrehozni a szükséges szálakat"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "A modul nem képes megfelelően zárolni az adatokat"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "A mező írásvédett"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "A mező adatai érzékenyek és nem fedhetők fel"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "A mező érvénytelen vagy nem létezik"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "A mező értéke érvénytelen"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Az adat érvénytelen vagy ismeretlen"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Az adat túl hosszú"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Hiba történt az eszközön"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Nem érhető el elegendő memória az eszközön"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Az eszköz eltávolításra vagy leválasztásra került"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "A titkosított adatok érvénytelenek vagy ismeretlenek"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "A titkosított adatok túl hosszúak"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "A művelet nem támogatott"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "A kulcs hiányzik vagy érvénytelen"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "A kulcs mérete hibás"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "A kulcs nem megfelelő típusú"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Nem szükséges kulcs"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "A kulcs megváltozott"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Kulcs szükséges"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "A kivonatba nem vehető fel a kulcs"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Ez a művelet nem végezhető el a kulccsal"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "A kulcs nem alakítható át"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "A kulcs nem exportálható"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "A titkosítási mód érvénytelen vagy ismeretlen"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "A titkosítási mód argumentuma érvénytelen"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Az objektum hiányzik vagy érvénytelen"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Már folyamatban van egy művelet"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Nincs folyamatban művelet"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "A jelszó vagy PIN helytelen"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "A jelszó vagy PIN érvénytelen"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "A jelszó vagy PIN érvénytelen hosszúságú"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "A jelszó vagy PIN lejárt"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "A jelszó vagy PIN zárolva van"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "A munkamenet le van zárva"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Túl sok munkamenet aktív"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "A munkamenet érvénytelen"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "A munkamenet írásvédett"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Már létezik nyitott munkamenet"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Már létezik írásvédett munkamenet"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Már létezik adminisztrátori munkamenet"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Az aláírás rossz vagy sérült"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Az aláírás ismeretlen vagy sérült"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Néhány szükséges mező hiányzik"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Néhány szükséges mező értéke érvénytelen"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Az eszköz nincs jelen vagy eltávolították"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Az eszköz érvénytelen vagy felismerhetetlen"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Az eszköz írásvédett"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Nem importálható, mert a kulcs érvénytelen"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Nem importálható, mert a kulcs hibás méretű"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Nem importálható, mert a kulcs hibás típusú"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Már bejelentkezett"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Senki sem jelentkezett be"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "A felhasználó jelszava vagy PIN kódja nincs beállítva"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "A felhasználó érvénytelen típusú"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Már bejelentkezett egy másik felhasználó"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Túl sok eltérő típusú felhasználó jelentkezett be"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Nem importálható érvénytelen kulcs"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Nem importálható hibás méretű kulcs"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Nem lehet exportálni, mert a kulcs érvénytelen"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Nem lehet exportálni, mert a kulcs hibás méretű"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Nem lehet exportálni, mert a kulcs hibás típusú"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "A véletlenszám-generátor nem készíthető elő"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Nem áll rendelkezésre véletlenszám-generátor"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "A titkosítási mechanizmus egy paramétere érvénytelen"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Nincs elég hely az eredmény tárolásához"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "A mentett állapot érvénytelen"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Az információk érzékenyek és nem fedhetők fel"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Az állapot nem menthető"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "A modul nincs előkészítve"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "A modul már elő lett készítve"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Nem zárolhatók az adatok"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Az adatok nem zárolhatók"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "A felhasználó elutasította a kérést"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Ismeretlen hiba"
diff --git a/po/ia.po b/po/ia.po
deleted file mode 100644
index d86365e..0000000
--- a/po/ia.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Interlingua (http://www.transifex.com/freedesktop/p11-kit/language/ia/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ia\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/id.po b/po/id.po
deleted file mode 100644
index 67b0c7c..0000000
--- a/po/id.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Andika Triwidada <andika@gmail.com>, 2012-2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-12-06 02:12+0000\n"
-"Last-Translator: Andika Triwidada <andika@gmail.com>\n"
-"Language-Team: Indonesian (http://www.transifex.com/freedesktop/p11-kit/language/id/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: id\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Operasi dibatalkan"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Tak tersedia cukup memori"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "ID slot yang dinyatakan tak valid"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Galat internal"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Operasi gagal"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Argumen tak valid"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Modul tak bisa membuat thread yang diperlukan"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Modul tak bisa mengunci data secara benar"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Ruas hanya-baca"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Ruas sensitif dan tak bisa diungkapkan"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Ruas tak valid atau tak ada"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Nilai tak valid bagi ruas"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Data tak valid atau tak dikenali"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Data terlalu panjang"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Terjadi galat pada perangkat"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Tak tersedia cukup memori pada perangkat"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Perangkat dihapus atau dicabut"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Data terenkripsi tak valid atau tak dikenali"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Data terenkripsi terlalu panjang"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Operasi ini tak didukung"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Kunci hilang atau tak valid"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Ukuran kunci salah"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Jenis kunci salah"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Tak perlu kunci"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Kunci berbeda dengan sebelumnya"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Perlu suatu kunci"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Tak bisa menyertakan kunci dalam digest"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Operasi ini tak bisa dilakukan dengan kunci ini"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Kunci tak bisa dibungkus"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Tak bisa mengekspor kunci ini"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Mekanisme kripto tak valid atau tak dikenali"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Mekanisme kripto memiliki argumen yang tak valid"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Objek hilang atau tak valid"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Operasi lain tengah berjalan"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Tak ada operasi yang sedang berjalan"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Sandi atau PIN salah"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Sandi atau PIN tak valid"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Panjang sandi atau PIN tak valid"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Sandi atau PIN kadaluarsa"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Sandi atau PIN terkunci"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Sesi ditutup"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Terlalu banyak sesi yang aktif"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Sesi tak valid"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Sesi hanya-baca"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Ada sesi terbuka"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Ada sesi hanya-baca"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Ada sesi administrator"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Tanda tangan buruk atau rusak"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Tanda tangan tak dikenali atau rusak"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Ruas tertentu yang diperlukan hilang"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Ruas tertentu memiliki nilai yang tak valid"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Perangkat tak ada atau dicabut"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Perangkat tak valid atau tak dikenali"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Perangkat terlindung tulis"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Tak bisa mengimpor karena kunci tak valid"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Tak bisa mengimpor karena ukuran kunci salah"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Tak bisa mengimpor karena jenis kunci salah"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Anda sudah log masuk"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Tak ada pengguna yang log masuk"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Sandi atau PIN pengguna belum diisi"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Jenis pengguna tak valid"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Pengguna lain telah log masuk"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Terlalu banyak pengguna dengan jenis berbeda sedang log masuk"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Tak bisa mengimpor kunci yang tak valid"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Tak bisa mengimpor kunci salah ukuran"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Tak bisa mengekspor karena kunci tak valid"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Tak bisa mengekspor karena kunci salah ukuran"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Tak bisa mengekspor karena kunci salah jenis"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Tak bisa menginisialisasi pembangkit bilangan acak"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Tak tersedia pembangkit bilangan acak"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Mekanisme kripto memiliki parameter yang tak valid"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Tak cukup ruang untuk menyimpan hasil"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Keadaan tersimpan tak valid"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Informasi sensitif dan tak dapat diungkapkan"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Keadaan tak dapat disimpan"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Modul belum diinisialisasi"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Modul telah diinisialisasi"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Tak bisa mengunci data"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Data tak bisa dikunci"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Permintaan ditolak oleh pengguna"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Galat tak dikenal"
diff --git a/po/insert-header.sin b/po/insert-header.sin
deleted file mode 100644
index b26de01..0000000
--- a/po/insert-header.sin
+++ /dev/null
@@ -1,23 +0,0 @@
-# Sed script that inserts the file called HEADER before the header entry.
-#
-# At each occurrence of a line starting with "msgid ", we execute the following
-# commands. At the first occurrence, insert the file. At the following
-# occurrences, do nothing. The distinction between the first and the following
-# occurrences is achieved by looking at the hold space.
-/^msgid /{
-x
-# Test if the hold space is empty.
-s/m/m/
-ta
-# Yes it was empty. First occurrence. Read the file.
-r HEADER
-# Output the file's contents by reading the next line. But don't lose the
-# current line while doing this.
-g
-N
-bb
-:a
-# The hold space was nonempty. Following occurrences. Do nothing.
-x
-:b
-}
diff --git a/po/it.po b/po/it.po
deleted file mode 100644
index c15396e..0000000
--- a/po/it.po
+++ /dev/null
@@ -1,345 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Luca Ferretti <elle.uca@libero.it>, 2012
-# Milo Casagrande <milo@ubuntu.com>, 2013
-# Milo Casagrande <milo@ubuntu.com>, 2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Milo Casagrande <milo@ubuntu.com>\n"
-"Language-Team: Italian (http://www.transifex.com/freedesktop/p11-kit/language/it/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: it\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "L'operazione è stata annullata"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Memoria disponibile non sufficiente"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "L'ID dello slot specificato non è valido"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Errore interno"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "L'operazione non è riuscita"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Argomenti non validi"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Il modulo non può creare i thread richiesti"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Il modulo non può bloccare i dati in modo corretto"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Il campo è a sola lettura"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Il campo è sensibile e non può essere mostrato"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Il campo non è valido oppure non esiste"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Valore non valido per il campo"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "I dati sono non validi oppure non riconosciuti"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "I dati sono troppo lunghi"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Si è verificato un errore sul dispositivo"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Memoria disponibile sul dispositivo non sufficiente"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Il dispositivo è stato rimosso o scollegato"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "I dati cifrati sono non validi oppure non riconosciuti"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "I dati cifrati sono troppo lunghi"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Questa operazione non è supportata"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "La chiave manca o non è valida"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "La dimensione della chiave è errata"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Il tipo della chiave è errato"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Nessuna chiave richiesta"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "La chiave è diversa rispetto prima"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "È richiesta una chiave"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Impossibile includere la chiave nel digest"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Impossibile eseguire questa operazione con questa chiave"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "La chiave non può essere terminata"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Impossibile esportare questa chiave"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Il meccanismo di crittografia è non valido oppure non riconosciuto"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Il meccanismo di crittografia presenta un argomento non valido"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Manca l'oggetto oppure non è valido"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Un'altra operazione è già in corso"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Nessuna operazione in corso"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "La password o il PIN non è corretto"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "La password o il PIN non è valido"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "La password o il PIN è di lunghezza non valida"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "La password o il PIN è scaduto"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "La password o il PIN è bloccato"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "La sessione è chiusa"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Troppe sessioni attive"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "La sessione non è valida"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "La sessione è in sola-lettura"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Esiste già una sessione aperta"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Esiste già una sessione in sola-lettura"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Esiste già una sessione amministratore"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "La firma non è corretta o danneggiata"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "La firma è rovinata o non leggibile"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Mancano alcuni campi richiesti"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Alcuni campi presentano valori non validi"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Il dispositivo non è presente o è scollegato"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Il dispositivo non è valido o non è riconoscibile"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Il dispositivo è protetto in scrittura"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Impossibile importare poiché la chiave non è valida"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Impossibile importare poiché la chiave è della dimensione errata"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Impossibile importare poiché la tipologia della chiave è errata"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Accesso già eseguito"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Nessun utente ha effettuato l'accesso"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "La password o il PIN dell'utente non è impostato"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "L'utente è di tipo errato"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Un altro utente ha già effettuato l'accesso"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Troppi utenti di diversi tipi hanno eseguito l'accesso"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Impossibile importare una chiave non valida"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Impossibile importare una chiave della dimensione errata"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Impossibile esportare poiché la chiave non è valida"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Impossibile esportare poiché la chiave è della dimensione errata"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Impossibile esportare poiché la tipologia della chiave è errata"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Impossibile inizializzare il generatore di numeri casuali"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Nessun generatore di numeri casuali disponibile"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Il meccanismo di cifratura presenta un parametro non valido"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Spazio insufficiente per salvare il risultato"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Lo stato salvato non è valido"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Le informazioni sono private e non possono essere mostrate"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Impossibile salvare lo stato"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Il modulo non è stato inizializzato"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Il modulo è già stato inizializzato"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Impossibile bloccare i dati"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "I dati non possono essere bloccati"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "La richiesta è stata rifiutata dall'utente"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Errore sconosciuto"
diff --git a/po/ja.po b/po/ja.po
deleted file mode 100644
index 7753456..0000000
--- a/po/ja.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Tomoyuki KATO <tomo@dream.daynight.jp>\n"
-"Language-Team: Japanese (http://www.transifex.com/freedesktop/p11-kit/language/ja/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ja\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "操作が取り消されました"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "利用可能なメモリーが不足しています"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "指定されたスロット ID が無効です"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "内部エラー"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "操作が失敗しました"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "無効な引数"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "モジュールが必要なスレッドを作成できません"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "モジュールがデータを適切にロックできません"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "項目が読み込み専用です"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "項目は大文字小文字を区別します、明らかにできません"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "項目が無効です、または存在しません"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "項目に対する無効な値"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "データが有効ではありません、または認識されません"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "データが長すぎます"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "デバイスにおいてエラーが発生しました"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "デバイスにおいて利用可能なメモリーが不足しています"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "デバイスが削除されました、または取り外されました"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "暗号化されたデータが有効ではありません、または認識されません"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "暗号化されたデータが長すぎます"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "この操作はサポートされません"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "キーがありません、または無効です"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "キーが誤った大きさです"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "キーが誤った形式です"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "キーは必要ありません"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "キーが以前のものと異なります"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "キーが必要です"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "ダイジェストにキーを含められません"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "この操作はこのキーを用いて実行できません"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "キーをラップできません"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "このキーをエクスポートできません"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "暗号化機能が無効です、または認識されません"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "暗号化機能が無効な引数を持ちます"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "オブジェクトがありません、または無効です"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "他の操作がすでに起きています"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "発生している操作がありません"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "パスワードまたは PIN が正しくありません"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "パスワードまたは PIN が無効です"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "パスワードまたは PIN が不正な長さです"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "パスワードまたは PIN が失効しています"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "パスワードまたは PIN がロックされています"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "セッションが終了しました"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "有効なセッションが多すぎます"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "セッションが無効です"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "セッションが読み込み専用です"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "開いているセッションが存在します"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "読み込み専用のセッションが存在します"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "管理者セッションが存在します"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "署名が不正です、または破損しています"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "署名が認識できません、または破損しています"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "特定の必須項目がありません"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "特定の必須項目が無効な値を持っています"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "デバイスが存在しません、または取り外されました"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "デバイスが無効です、まあは認識されません"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "デバイスが書き込み保護されています"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "キーが無効なためインポートできません"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "キーの大きさが不正なためインポートできません"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "キーの形式が不正なためインポートできません"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "すでにログインしています"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "ログインしているユーザーはいません"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "ユーザーのパスワードまたは PIN が設定されていません"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "ユーザーが無効な種類です"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "他のユーザーがすでにログインしています"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "異なる種類の多すぎるユーザーがログインしています"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "無効なキーをインポートできません"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "不正な大きさのキーをインポートできません"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "キーが無効なためエクスポートできません"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "キーが誤った大きさのためエクスポートできません"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "キーが誤った形式のためエクスポートできません"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "乱数生成器を初期化できません"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "利用可能な乱数生成器がありません"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "暗号化機能が無効なパラメーターを持っています"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "結果を保存するために十分な領域がありません"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "保存された状態が無効です"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "情報は大文字小文字を区別しますが、明らかにできません"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "状態が保存できません"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "モジュールが初期化されませんでした"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "モジュールがすでに初期化されています"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "データをロックできません"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "データがロックできません"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "リクエストがユーザーにより拒否されました。"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "未知のエラー"
diff --git a/po/ka.po b/po/ka.po
deleted file mode 100644
index aae858f..0000000
--- a/po/ka.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# George Machitidze <giomac@gmail.com>, 2012
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Georgian (http://www.transifex.com/freedesktop/p11-kit/language/ka/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ka\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "ოპერაცია შეწყვეტილ იქნა"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "ხელმისაწვდომი მეხსიერება არასაკმარისია"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "მითითებული სლოტის ID არასწორია"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "შიდა შეცდომა"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "ოპერაცია ვერ განხორციელდა"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "არგუმენტები არასწორია"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "ველი მხოლოდ კითხვადია"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "ველი მგრძნობიარეა და მისი გამოტანა არ არის დაშვებული"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "ველი არასწორია ან არ არსებობს"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "ცვლადის მნიშვნელობა არასწორია"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "მონაცემები არასწორია ან ამოუცნობი"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "მონაცემები ძალიან დიდია"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "შეცდომა მოწყობილობაში"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "დაშიფრული მონაცემები არასწორია ან ამოუცნოი"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "დაშიფრული მონაცემები ძალიან დიდია"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "ოპერაცია არ არის მხარდაჭერილი"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "გასაღები არ არის ან არასწორია"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "გასაღები არასწორი ზომისაა"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "გასაღები არასწორი ტიპისაა"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "გასაღები არ არის საჭირო"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "გასაღები ძველისგან განსხვავდება"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "საჭიროა გასაღები"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "ამ გასაღების დაექსპორტება შეუძლებელია"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "ობიექტი არ არის ან არასწორია"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "პაროლი ან PIN მცდარია"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "პაროლი ან PIN არასწორია"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "სესია დაკეტილია"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "სესია არასწორია"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "სესია მხოლოდ კითხვადია"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "მონაცემების დაბლოკვა შეუძლებელია"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "უცნობი შეცდომა"
diff --git a/po/kk.po b/po/kk.po
deleted file mode 100644
index 55c310f..0000000
--- a/po/kk.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Baurzhan Muftakhidinov <baurthefirst@gmail.com>, 2014
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2014-01-13 09:01+0000\n"
-"Last-Translator: Baurzhan Muftakhidinov <baurthefirst@gmail.com>\n"
-"Language-Team: Kazakh (http://www.transifex.com/freedesktop/p11-kit/language/kk/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: kk\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Әрекеттен бас тартылды"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Қолжетерлік жады жеткіліксіз"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Ішкі қате"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Әрекет сәтсіз аяқталды"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/kn.po b/po/kn.po
deleted file mode 100644
index db16763..0000000
--- a/po/kn.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Kannada (http://www.transifex.com/freedesktop/p11-kit/language/kn/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: kn\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/ko.po b/po/ko.po
deleted file mode 100644
index fd360ad..0000000
--- a/po/ko.po
+++ /dev/null
@@ -1,345 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Seong-ho Cho <darkcircle.0426@gmail.com>, 2013
-# Seong-ho Cho <darkcircle.0426@gmail.com>, 2013
-# Shinjo Park <kde@peremen.name>, 2012
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Seong-ho Cho <darkcircle.0426@gmail.com>\n"
-"Language-Team: Korean (http://www.transifex.com/freedesktop/p11-kit/language/ko/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ko\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "작업이 취소됨"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "사용 가능한 메모리가 부족함"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "지정한 슬롯 ID가 올바르지 않음"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "내부 오류"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "작업이 실패함"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "인자가 잘못됨"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "모듈에서 필요한 스레드를 만들 수 없음"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "모듈에서 데이터를 올바르게 잠글 수 없음"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "필드가 읽기 전용임"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "필드가 민감한 정보를 포함하고 있어서 볼 수 없음"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "필드가 잘못되었거나 존재하지 않음"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "필드의 값이 잘못됨"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "데이터가 올바르지 않거나 인식되지 않음"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "데이터가 너무 김"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "장치에 오류가 발생함"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "장치에 메모리가 부족함"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "장치가 제거되었거나 연결이 해제됨"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "암호화된 데이터가 올바르지 않거나 인식되지 않음"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "암호화된 데이터가 너무 김"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "이 동작이 지원되지 않음"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "키가 없거나 올바르지 않음"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "키 크기가 잘못됨"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "키 종류가 잘못됨"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "키가 필요하지 않음"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "키가 이전과 달라짐"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "키가 필요함"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "다이제스트에 키를 포함할 수 없음"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "이 키를 사용하여 작업을 수행할 수 없음"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "키를 둘러쌀 수 없음"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "키를 내보낼 수 없음"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "암호화 방식이 잘못되었거나 인식할 수 없음"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "암호화 방식의 인자가 잘못됨"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "객체가 존재하지 않거나 잘못됨"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "다른 작업이 진행 중"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "진행 중인 작업 없음"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "암호나 PIN이 올바르지 않음"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "암호나 PIN이 잘못됨"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "암호나 PIN의 길이가 잘못됨"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "암호나 PIN이 만료됨"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "암호나 PIN이 잠김"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "세션이 닫힘"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "세션이 너무 많이 열려 있음"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "세션이 잘못됨"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "세션이 읽기 전용임"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "열린 세션이 존재함"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "읽기 전용 세션이 존재함"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "관리자 세션이 존재함"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "서명이 잘못되었거나 손상됨"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "서명이 인식되지 않았거나 손상됨"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "필요한 필드의 값이 빠졌음"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "필드의 값이 잘못됨"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "장치가 존재하지 않거나 연결이 해제됨"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "장치가 잘못되었거나 인식할 수 없음"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "장치가 쓰기 금지되어 있음"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "키가 잘못되어 가져올 수 없음"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "키 크기가 잘못되어 가져올 수 없음"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "키 종류가 잘못되어 가져올 수 없음"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "이미 로그인되어 있음"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "로그인한 사용자가 없음"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "사용자의 암호나 PIN이 설정되지 않음"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "사용자 종류가 잘못됨"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "다른 사용자가 로그인되어 있음"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "다른 종류의 사용자가 너무 많이 로그인되어 있음"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "잘못된 키를 가져올 수 없음"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "크기가 잘못된 키를 가져올 수 없음"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "잘못된 키를 내보낼 수 없음"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "크기가 잘못된 키를 내보낼 수 없음"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "종류가 잘못된 키를 내보낼 수 없음"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "난수 생성기를 초기화할 수 없음"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "난수 생성기를 사용할 수 없음"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "암호화 방식의 인자가 잘못됨"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "결과를 저장할 공간이 없음"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "저장된 상태가 잘못됨"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "민감한 정보를 노출할 수 없음"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "상태를 저장할 수 없음"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "모듈이 초기화되지 않았음"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "모듈이 이미 초기화되었음"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "데이터를 잠글 수 없음"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "데이터를 잠글 수 없음"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "사용자가 요청을 거절했습니다"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "알 수 없는 오류"
diff --git a/po/lt.po b/po/lt.po
deleted file mode 100644
index 0d81ef8..0000000
--- a/po/lt.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Lithuanian (http://www.transifex.com/freedesktop/p11-kit/language/lt/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: lt\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/lv.po b/po/lv.po
deleted file mode 100644
index 0a91eed..0000000
--- a/po/lv.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Rūdolfs Mazurs <rudolfs.mazurs@gmail.com>, 2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Latvian (http://www.transifex.com/freedesktop/p11-kit/language/lv/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: lv\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Darbība tika atcelta"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Nav pietiekami daudz brīvas atmiņas"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Norādītais slota ID nav derīgs"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Iekšēja kļūda"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Darbība cieta neveiksmi"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Nederīgi parametri"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Modulis nevar izveidot vajadzīgos pavedienus"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Modulis nevar noslēgt datu īpašību"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Lauks ir tikai lasāms"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Lauks ir sensitīvs un to nevar atklāt"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Lauks ir nederīgs vai arī neeksistē"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Nederīga vērtība vai lauks"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Dati nav derīgi vai arī nav atpazīti"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Pārāk daudz datu"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Uz ierīces gadījās kļūda"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Uz ierīces nepietiek brīvās atmiņas"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Ierīce tika izņemta vai atvienota"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Šifrētie dati nav derīgi vai nav atpazīti"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Šifrētie dati ir pārāk daudz"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Darbība nav atbalstīta"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Trūkst vai nav derīga atslēga"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Atslēgai ir nepareizs izmērs"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Atslēgai ir nepareizs tips"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Atslēgas nav vajadzīgas"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Atslēga ir citādāka, kā iepriekš"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Ir nepieciešama atslēga"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Īssavilkumā nevar iekļaut atslēgu"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Ar šo atslēgu nevar izpildīt šo darbību"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Atslēgu nevar ietīt"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Nevar eksportēt šo atslēgu"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Šifrēšanas mehānisms ir nederīgs vai nav atpazīts"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Šifrēšanas mehānismam ir nederīgi parametri"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Trūkst objekta, vai arī tas ir nederīgs"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Jau notiek cita darbība"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Pašlaik nenotiek neviena darbība"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Parole vai PIN nav pareiza"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Parole vai PIN nav derīga"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Parolei vai PIN ir nederīgs garums"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Parolei vai PIN ir beidzies termiņš"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Parole vai PIN ir bloķēta"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Sesija ir aizvērta"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Ir pārāk daudz aktīvu sesiju"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Sesija nav derīga"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Sesija ir tikai lasāma"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Eksistē atvērta sesija"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Eksistē tikai lasāma sesija"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Eksistē administratora sesija"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Paraksts ir slikts vai bojāts"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Paraksts ir neatpazīts vai bojāts"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Trūkst noteikti pieprasītie lauki"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Noteiktiem laukiem ir nederīgas vērtības"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Ierīce nav pievienota"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Ierīce ir nederīga vai nav atpazīta"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Ierīcē nevar rakstīt"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Nevar importēt, jo atslēga nav derīga"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Nevar importēt, jo atslēgai ir nepareizs izmērs"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Nevar importēt, jo atslēgai ir nepareizs tips"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Jūs jau esat ierakstījies"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Neviens lietotājs nav ierakstījies"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Lietotāja parole vai PIN nav iestatīta"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Lietotājam ir nederīgs tips"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Kāds cits lietotājs jau ir ierakstījies"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Ir ierakstījušies pārāk daudz dažādu veidu lietotāji"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Nevar importēt nederīgu atslēgu"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Nevar eksportēt, jo atslēgai ir nepareizs izmērs"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Nevar eksportēt, jo atslēga ir nederīga"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Nevar eksportēt, jo atslēgai ir nepareizs izmērs"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Nevar eksportēt, jo atslēgai ir nepareizs tips"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Nevar inicializēt nejaušo skaitļu ģeneratoru"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Nav pieejams nejaušo skaitļu ģenerators"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Šifrēšanas mehānismam ir nederīgs parametrs"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Nepietiek vietas, lai saglabātu rezultātu"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Saglabātais stāvoklis nav derīgs"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Informācija ir sensitīva un to nevar atklāt"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Stāvokli nevar saglabāt"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Modulis nav inicializēts"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Modulis jau ir inicializēts"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Nevar noslēgt datus"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Datus nevar noslēgt"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Nezināma kļūda"
diff --git a/po/ml.po b/po/ml.po
deleted file mode 100644
index 2d1a3b8..0000000
--- a/po/ml.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Malayalam (http://www.transifex.com/freedesktop/p11-kit/language/ml/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ml\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/mr.po b/po/mr.po
deleted file mode 100644
index cd2efb6..0000000
--- a/po/mr.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Marathi (http://www.transifex.com/freedesktop/p11-kit/language/mr/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: mr\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/ms.po b/po/ms.po
deleted file mode 100644
index 7c9ffa6..0000000
--- a/po/ms.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Malay (http://www.transifex.com/freedesktop/p11-kit/language/ms/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ms\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/nb.po b/po/nb.po
deleted file mode 100644
index ec7ecd6..0000000
--- a/po/nb.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Norwegian Bokmål (http://www.transifex.com/freedesktop/p11-kit/language/nb/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: nb\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/nl.po b/po/nl.po
deleted file mode 100644
index 0b15bd0..0000000
--- a/po/nl.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Richard E. van der Luit <nippur@fedoraproject.org>, 2012
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Dutch (http://www.transifex.com/freedesktop/p11-kit/language/nl/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: nl\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "De bewerking werd afgebroken"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Onvoldoende geheugen beschikbaar"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "De opgegeven slot ID is niet geldig"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Interne fout"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "De bewerking mislukte"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Ongeldige argumenten"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "De module kan de noodzakelijke threads niet aanmaken"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "De module kan de data niet naar behoren vergrendelen"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Het veld is alleen-lezen"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Het veld is vertrouwelijk en kan niet worden onthuld"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Het veld is ongeldig of bestaat niet"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Ongeldige waarde voor veld"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "De data is niet geldig of wordt niet herkend"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "De data is te lang"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Er trad een fout op bij het apparaat"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Onvoldoende geheugen op het apparaat beschikbaar"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Het apparaat werd verwijderd of afgekoppeld"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "De versleutelde data is niet geldig of wordt niet herkend"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "De versleutelde data is te lang"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Deze bewerking wordt niet ondersteund"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "De sleutel ontbreekt of is ongeldig"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "De sleutel heeft een verkeerde grootte"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "De sleutel is van het verkeerde type"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Er is geen sleutel nodig"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "De sleutel is anders dan voorheen"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Er is een sleutel nodig"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Kan geen sleutel in de digest opnemen"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Deze bewerking kan niet met deze sleutel uitgevoerd worden"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Sleutelwrapping niet gelukt"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Kan deze sleutel niet exporteren"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Het crypto mechanisme is ongeldig of wordt niet herkend"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Het crypto mechanisme heeft een ongeldig argument"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Het object mist of is ongeldig"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Er wordt al een andere bewerking uitgevoerd"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Er wordt momenteel geen bewerking uitgevoerd"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Het wachtwoord of PIN in incorrect"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Het wachtwoord of PIN is ongeldig"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Het wachtwoord of PIN heeft een ongeldige lengte"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Het wachtwoord of PIN is verlopen"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Het wachtwoord of PIN is vergrendeld"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "De sessie is afgesloten"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Er zijn te veel sessies actief"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "De sessie is ongeldig"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "De sessie is alleen-lezen"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Er is een open sessie"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Er is een alleen-lezen sessie"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Er is een beheerder sessie"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "De handtekening is fout of gecorrumpeerd"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "De handtekening wordt niet herkend of is gecorrumpeerd"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Sommige verplichte velden ontbreken"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Bepaalde velden hebben ongeldige waarden"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Het apparaat is niet aanwezig of afgekoppeld "
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Het apparaat is ongeldig of onherkenbaar"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Het apparaat is beveiligd tegen schrijven"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Kan niet importeren omdat de sleutel ongeldig is"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Kan niet importeren omdat de sleutel de verkeerde lengte heeft"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Kan niet importeren omdat de sleutel van het verkeerde type is"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "U bent reeds ingelogd"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Er is geen gebruiker ingelogd"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Het wachtwoord of PIN van gebruiker is niet ingesteld"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "De gebruiker is van het verkeerde gebruikerstype"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Er is reeds een andere gebruiker ingelogd"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Er zijn te veel gebruikers van verschillende types ingelogd"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Kan geen ongeldige sleutel importeren"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Kan geen sleutel importeren van de verkeerde grootte"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Kan niet exporteren omdat de sleutel ongeldig is"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Kan niet exporteren omdat de sleutel de verkeerde grootte heeft"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Kan niet exporteren omdat de sleutel van het verkeerde type is"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Niet in staat de random-number-generator te initialiseren"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Geen random-number-generator beschikbaar"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Het crypto mechanisme heeft een ongeldige parameter"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Niet genoeg ruimte om het resultaat op te slaan"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "De opgeslagen status is ongeldig "
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "De informatie is vertrouwelijk en kan niet worden onthuld"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "De status kan niet opgeslagen worden"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "De module is niet geïnitialiseerd"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "De module is reeds geïnitialiseerd"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Kan data niet vergrendelen"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "De data kan niet vergrendeld worden"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Onbekende fout"
diff --git a/po/nn.po b/po/nn.po
deleted file mode 100644
index e5d1b41..0000000
--- a/po/nn.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Norwegian Nynorsk (http://www.transifex.com/freedesktop/p11-kit/language/nn/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: nn\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/oc.po b/po/oc.po
deleted file mode 100644
index 4c595fb..0000000
--- a/po/oc.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Occitan (post 1500) (http://www.transifex.com/freedesktop/p11-kit/language/oc/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: oc\n"
-"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/or.po b/po/or.po
deleted file mode 100644
index 82eb651..0000000
--- a/po/or.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Oriya (http://www.transifex.com/freedesktop/p11-kit/language/or/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: or\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/pa.po b/po/pa.po
deleted file mode 100644
index 0947a58..0000000
--- a/po/pa.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# A S Alam <apreet.alam@gmail.com>, 2012
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Panjabi (Punjabi) (http://www.transifex.com/freedesktop/p11-kit/language/pa/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: pa\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "ਕਾਰਵਾਈ ਰੱਦ ਕੀਤੀ ਗਈ"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "ਲੋੜੀਦੀ ਮੈਮੋਰੀ ਉਪਲੱਬਧ ਨਹੀਂ"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "ਦਿੱਤੀ ਸਲਾਟ ID ਉਪਲੱਬਧ ਨਹੀਂ"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "ਅੰਦਰੂਨੀ ਗਲਤੀ"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "ਕਾਰਵਾਈ ਫੇਲ੍ਹ ਹੋਈ"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "ਗਲਤ ਆਰਗੂਮੈਂਟ"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "ਮੋਡੀਊਲ ਲੋੜੀਦੇ ਥਰਿੱਡ ਨਹੀਂ ਬਣਾ ਸਕਦਾ ਹੈ"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "ਮੋਡੀਊਲ ਲਾਕ ਡਾਟਾ ਠੀਕ ਤਰ੍ਹਾਂ ਨਹੀਂ ਕਰ ਸਕਦਾ ਹੈ"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "ਖੇਤਰ ਕੇਵਲ ਪੜ੍ਹਨ ਲਈ ਹੈ"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "ਖੇਤਰ ਗਲਤ ਹੈ ਜਾਂ ਮੌਜੂਦ ਨਹੀਂ ਹੈ"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "ਖੇਤਰ ਲਈ ਗਲਤ ਮੁੱਲ"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "ਡਾਟਾ ਗਲਤ ਹੈ ਜਾਂ ਪਛਾਣਿਆ ਨਹੀਂ ਜਾ ਸਕਦਾ"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "ਡਾਟਾ ਬਹੁਤ ਲੰਮਾ ਹੈ"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "ਜੰਤਰ ਉੱਤੇ ਗਲਤੀ ਆਈ ਹੈ"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "ਜੰਤਰ ਉੱਤੇ ਲੋੜੀਦੀ ਮੈਮੋਰੀ ਨਹੀਂ ਹੈ"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "ਜੰਤਰ ਹਟਾਇਆ ਗਿਆ ਜਾਂ ਪਲੱਗ ਕੱਢਿਆ"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "ਇੰਕ੍ਰਿਪਟ ਕੀਤਾ ਡਾਟਾ ਠੀਕ ਨਹੀਂ ਜਾਂ ਪਛਾਣ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕੀ"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "ਇੰਕ੍ਰਿਪਟ ਕੀਤਾ ਡਾਟਾ ਬਹੁਤ ਲੰਮਾ ਹੈ"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "ਇਹ ਕਾਰਵਾਈ ਸਹਾਇਕ ਨਹੀਂ ਹੈ"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "ਕੁੰਜੀ ਮੌਜੂਦ ਨਹੀਂ ਜਾਂ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "ਕੁੰਜੀ ਦਾ ਆਕਾਰ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "ਕੁੰਜੀ ਦੀ ਕਿਸਮ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "ਕਿਸੇ ਕੁੰਜੀ ਦੀ ਲੋੜ ਨਹੀਂ ਹੈ"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "ਕੁੰਜੀ ਪਹਿਲਾਂ ਤੋਂ ਵੱਖਰੀ ਹੈ"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "ਕੁੰਜੀ ਦੀ ਲੋੜ ਹੈ"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "ਇਹ ਕਾਰਵਾਈ ਇਸ ਕੁੰਜੀ ਨਾਲ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ ਹੈ"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "ਇਹ ਕੁੰਜੀ ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "ਕ੍ਰਿਪਟੂ ਢੰਗ ਗਲਤ ਜਾਂ ਬੇਪਛਾਣ ਹੈ"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "ਕ੍ਰਿਪਟੂ ਢੰਗ ਵਿੱਚ ਗਲਤ ਆਰਗੂਮੈਂਟ ਹੈ"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "ਆਬਜੈਕਟ ਗੁੰਮ ਹੈ ਜਾਂ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "ਹੋਰ ਕਾਰਵਾਈ ਪਹਿਲਾਂ ਹੀ ਜਾਰੀ ਹੈ"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "ਕੋਈ ਕਾਰਵਾਈ ਜਾਰੀ ਨਹੀਂ ਹੈ"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਅਵੈਧ ਹੈ"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਦੀ ਲੰਬਾਈ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਦੀ ਮਿਆਦ ਪੁੱਗ ਚੁੱਕੀ ਹੈ"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਲਾਕ ਹੈ"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "ਸ਼ੈਸ਼ਨ ਬੰਦ ਹੈ"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "ਬਹੁਤ ਸਾਰੇ ਸ਼ੈਸ਼ਨ ਐਕਟਿਵ ਹਨ"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "ਸ਼ੈਸ਼ਨ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "ਸ਼ੈਸ਼ਨ ਕੇਵਲ ਪੜ੍ਹਨ ਲਈ ਹ"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "ਖੁੱਲ੍ਹਾ ਸ਼ੈਸ਼ਨ ਮੌਜੂਦ ਹੈ"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "ਕੇਵਲ ਪੜ੍ਹਨ ਵਾਲਾ ਸ਼ੈਸ਼ਨ ਮੌਜੂਦ ਹੈ"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "ਪਰਸ਼ਾਸ਼ਕੀ ਸ਼ੈਸ਼ਨ ਮੌਜੂਦ ਹੈ"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "ਦਸਤਖਤ ਖ਼ਰਾਬ ਜਾਂ ਨਿਕਾਰਾ ਹਨ"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "ਦਸਤਖਤ ਬੇਪਛਾਣ ਜਾਂ ਨਿਕਾਰਾ ਹਨ"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "ਕੁਝ ਲੋੜੀਦੇ ਖੇਤਰ ਗੁੰਮ ਹਨ"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "ਕੁਝ ਖੇਤਰਾਂ ਵਿੱਚ ਗਲਤ ਮੁੱਲ ਹਨ"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "ਜੰਤਰ ਮੌਜੂਦ ਨਹੀਂ ਜਾਂ ਪਲੱਗ ਕੱਢਿਆ ਹੋਇਆ ਹੈ"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "ਜੰਤਰ ਗਲਤ ਜਾਂ ਬੇਪਛਾਣ ਹੈ"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "ਜੰਤਰ ਲਿਖਣ ਤੋਂ ਸੁਰੱਖਿਅਤ ਹੈ"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦਾ ਆਕਾਰ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦੀ ਕਿਸਮ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "ਤੁਸੀਂ ਪਹਿਲਾਂ ਹੀ ਲਾਗਇਨ ਹੋ"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "ਕੋਈ ਯੂਜ਼ਰ ਲਾਗਇਨ ਨਹੀਂ ਹੈ"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "ਯੂਜ਼ਰ ਦਾ ਪਾਸਵਰਡ ਜਾਂ ਪਿੰਨ ਸੈੱਟ ਨਹੀਂ ਹੈ"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "ਯੂਜ਼ਰ ਦੀ ਕਿਸਮ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "ਹੋਰ ਯੂਜ਼ਰ ਪਹਿਲਾਂ ਹੀ ਲਾਗਇਨ ਹੈ"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "ਗਲਤ ਕੁੰਜੀ ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "ਗਲਤ ਆਕਾਰ ਦੀ ਕੁੰਜੀ ਇੰਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤੀ ਜਾ ਸਕਦੀ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦਾ ਆਕਾਰ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "ਐਕਸਪੋਰਟ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ, ਕਿਉਂਕਿ ਕੁੰਜੀ ਦੀ ਗਲਤ ਕਿਸਮ ਹੈ"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "ਰੈਂਡਮ ਨੰਬਰ ਜਰਨੇਟਰ ਸ਼ੁਰੂ ਕਰਨ ਲਈ ਅਸਮਰੱਥ"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "ਕੋਈ ਰੈਂਡਮ ਨੰਬਰ ਜਰਨੇਟਰ ਉਪਲੱਬਧ ਨਹੀਂ"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "ਨਤੀਜਾ ਸਟੋਰ ਕਰਨ ਲਈ ਲੋੜੀਦੀ ਥਾਂ ਨਹੀਂ ਹੈ"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "ਸੰਭਾਲੀ ਹਾਲਤ ਗਲਤ ਹੈ"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "ਹਾਲਤ ਸੰਭਾਲੀ ਨਹੀਂ ਜਾ ਸਕਦੀ"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "ਮੋਡੀਊਲ ਸ਼ੁਰੂ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "ਮੋਡੀਊਲ ਪਹਿਲਾਂ ਹੀ ਸ਼ੁਰੂ ਕੀਤਾ ਜਾ ਚੁੱਕਾ ਹੈ"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "ਡਾਟਾ ਲਾਕ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "ਡਾਟਾ ਲਾਕ ਨਹੀਂ ਕੀਤਾ ਜਾ ਸਕਦਾ"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "ਅਣਜਾਣ ਗਲਤੀ"
diff --git a/po/pl.po b/po/pl.po
deleted file mode 100644
index f966f63..0000000
--- a/po/pl.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Piotr Drąg <piotrdrag@gmail.com>, 2012-2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
-"Language-Team: Polish (http://www.transifex.com/freedesktop/p11-kit/language/pl/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: pl\n"
-"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Anulowano działanie"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Brak wystarczającej ilości pamięci"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Podany identyfikator gniazda jest nieprawidłowy"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Wewnętrzny błąd"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Działanie się nie powiodło"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Nieprawidłowe parametry"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Moduł nie może utworzyć wymaganych wątków"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Moduł nie może poprawnie zablokować danych"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Pole jest tylko do odczytu"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Pole jest prywatne i nie może zostać ujawnione"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Pole jest nieprawidłowe lub nie istnieje"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Nieprawidłowa wartość dla pola"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Dane są nieprawidłowe lub nierozpoznane"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Dane są za długie"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Wystąpił błąd na urządzeniu"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Dostępna jest niewystarczająca ilość pamięci na urządzeniu"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Urządzenie zostało usunięte lub rozłączone"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Zaszyfrowane dane są nieprawidłowe lub nierozpoznane"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Zaszyfrowane dane są za długie"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "To działanie nie jest obsługiwane"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Brak klucza lub jest nieprawidłowy"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Klucz ma błędny rozmiar"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Klucz jest błędnego typu"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Klucz nie jest wymagany"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Klucz jest inny niż poprzednio"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Wymagany jest klucz"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Nie można dołączyć klucza w wyciągu"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "To działanie nie może zostać wykonane za pomocą tego klucza"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Nie można opakować klucza"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Nie można wyeksportować tego klucza"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Mechanizm kryptograficzny jest nieprawidłowy lub nierozpoznany"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Mechanizm kryptograficzny posiada nieprawidłowy parametr"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Brak obiektu lub jest nieprawidłowy"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Inne działanie jest teraz wykonywane"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Żadne działanie nie jest wykonywane"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Hasło lub kod PIN jest niepoprawny"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Hasło lub kod PIN jest nieprawidłowy"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Hasło lub kod PIN ma nieprawidłową długość"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Hasło lub kod PIN wygasł"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Hasło lub kod PIN jest zablokowany"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Sesja jest zamknięta"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Za dużo sesji jest aktywnych"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Sesja jest nieprawidłowa"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Sesja jest tylko do odczytu"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Istnieje otwarta sesja"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Istnieje sesja tylko do odczytu"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Istnieje sesja administratora"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Podpis jest błędny lub uszkodzony"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Podpis jest nierozpoznany lub uszkodzony"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Brak pewnych wymaganych pól"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Pewne pola zawierają nieprawidłowe wartości"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Urządzenie nie jest obecne lub jest odłączone"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Urządzenie jest nieprawidłowe lub nierozpoznane"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Urządzenie jest chronione przed zapisem"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Nie można zaimportować, ponieważ klucz jest nieprawidłowy"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Nie można zaimportować, ponieważ klucz ma błędny rozmiar"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Nie można zaimportować, ponieważ klucz jest błędnego typu"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Użytkownik jest już zalogowany"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Żaden użytkownik nie jest zalogowany"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Hasło lub kod PIN użytkownika nie jest ustawiony"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Użytkownik jest nieprawidłowego typu"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Inny użytkownik jest już zalogowany"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Za dużo użytkowników różnych typów jest zalogowanych"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Nie można zaimportować nieprawidłowego klucza"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Nie można zaimportować klucza o błędnym rozmiarze"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Nie można wyeksportować, ponieważ klucz jest nieprawidłowy"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Nie można wyeksportować, ponieważ klucz ma błędny rozmiar"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Nie można wyeksportować, ponieważ klucz jest błędnego typu"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Nie można zainicjować generatora liczb losowych"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Brak dostępnych generatorów liczb losowych"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Mechanizm kryptograficzny posiada nieprawidłowy parametr"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Brak wystarczającej ilości miejsca, by przechować wynik"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Zapisany stan jest nieprawidłowy"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Informacja jest prywatna i nie może zostać ujawniona"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Nie można zapisać stanu"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Moduł nie został zainicjowany"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Moduł został już zainicjowany"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Nie można zablokować danych"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Nie można zablokować danych"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Żądanie zostało odrzucone przez użytkownika"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Nieznany błąd"
diff --git a/po/pt.po b/po/pt.po
deleted file mode 100644
index 8a2b888..0000000
--- a/po/pt.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Portuguese (http://www.transifex.com/freedesktop/p11-kit/language/pt/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: pt\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/pt_BR.po b/po/pt_BR.po
deleted file mode 100644
index c000fa0..0000000
--- a/po/pt_BR.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Rafael Fontenelle <rffontenelle@gmail.com>, 2012-2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Rafael Fontenelle <rffontenelle@gmail.com>\n"
-"Language-Team: Portuguese (Brazil) (http://www.transifex.com/freedesktop/p11-kit/language/pt_BR/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: pt_BR\n"
-"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "A operação foi cancelada"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Memória insuficiente disponível"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "O ID do slot especificado não é válido"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Erro interno"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "A operação falhou"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Argumentos inválidos"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "O módulo não pode criar threads necessárias"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "O módulo não pode travar os dados da forma apropriada"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "O campo é somente leitura"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "O campo é sensitivo e não pode ser revelado"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "O campo é inválido ou não existe"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Valor inválido para o campo"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Os dados não são válidos ou irreconhecíveis"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Os dados são muito longos"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Um erro ocorreu no dispositivo"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Memória insuficiente disponível no dispositivo"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "O dispositivo foi removido ou desconectado"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Os dados criptografados não são válidos ou são irreconhecíveis"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Os dados criptografados são muito longos"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "A operação não é suportada"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "A chave está faltando ou é inválido"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "A chave possui tamanho incorreto"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "A chave possui tipo incorreto"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Nenhuma chave é necessária"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "A chave é diferente da anterior"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Uma chave é necessária"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Falha na inclusão da chave no digest"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Essa operação não pode ser executada com esta chave"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "A chave não pode ser ajustada"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Não pode exportar essa chave"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "O mecanismo de criptografia é inválido ou irreconhecível"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "O mecanismo de criptografia tem um argumento inválido"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "O objeto está faltando ou inválido"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Outra operação já está em execução"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Nenhuma operação está em execução"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "A senha ou PIN é incorreta"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "A senha ou PIN é inválida"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "A senha ou PIN possui um comprimeto inválido"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "A senha ou PIN expirou"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "A senha ou PIN está travada"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "A sessão está fechada"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Sessões demais estão ativas"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "A sessão é inválida"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "A sessão é somente leitura"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Uma sessão aberta existe"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Uma sessão somente leitura existe"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Uma sessão de administração existe"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "A assinatura está ruim ou corrompida"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "A assinatura está irreconhecível ou corrompida"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Certos campos necessários estão faltando"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Certos campos possuem valores inválidos"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "O dispositivo não está presente ou está desconectado"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "O dispositivo é inválido ou irreconhecível"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "O dispositivo está protegido contra gravação"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Não é possível importar porque a chave é inválida"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Não é possível importar porque a chave possui tamanho incorreto"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Não é possível importar porque a chave é do tipo incorreto"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Você já está conectado"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Nenhum usuário está conectado"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "A senha do usuário ou PIN não foi definida"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "O usuário é de um tipo inválido"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Outro usuário já está conectado"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Usuários demais de diferentes tipos estão conectados"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Não é possível importar uma chave inválida"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Não é possível importar uma chave do tamanho incorreto"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Não é possível exportar porque a chave é inválida"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Não é possível exportar porque a chave é do tamanho errado"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Não é possível exportar porque a chave é do tipo errado"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Não conseguiu inicializar o gerador de número aleatório"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Nenhum gerador de número aleatório disponível"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "O mecanismo de criptografia possui um parâmetro inválido"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Não há espaço suficiente para armazenar o resultado"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "O estado salvado é inválido"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "A informação é sensível e não pode ser revelada"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "O estado não pode ser salvado"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "O módulo não foi inicializado"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "O módulo já foi inicializado"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Não é possível travar os dados"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Os dados não podem ser travados"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "A requisição foi rejeitada pelo usuário"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Erro desconhecido"
diff --git a/po/quot.sed b/po/quot.sed
deleted file mode 100644
index 0122c46..0000000
--- a/po/quot.sed
+++ /dev/null
@@ -1,6 +0,0 @@
-s/"\([^"]*\)"/“\1”/g
-s/`\([^`']*\)'/‘\1’/g
-s/ '\([^`']*\)' / ‘\1’ /g
-s/ '\([^`']*\)'$/ ‘\1’/g
-s/^'\([^`']*\)' /‘\1’ /g
-s/“”/""/g
diff --git a/po/remove-potcdate.sin b/po/remove-potcdate.sin
deleted file mode 100644
index 2436c49..0000000
--- a/po/remove-potcdate.sin
+++ /dev/null
@@ -1,19 +0,0 @@
-# Sed script that remove the POT-Creation-Date line in the header entry
-# from a POT file.
-#
-# The distinction between the first and the following occurrences of the
-# pattern is achieved by looking at the hold space.
-/^"POT-Creation-Date: .*"$/{
-x
-# Test if the hold space is empty.
-s/P/P/
-ta
-# Yes it was empty. First occurrence. Remove the line.
-g
-d
-bb
-:a
-# The hold space was nonempty. Following occurrences. Do nothing.
-x
-:b
-}
diff --git a/po/ro.po b/po/ro.po
deleted file mode 100644
index d14c0d3..0000000
--- a/po/ro.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Romanian (http://www.transifex.com/freedesktop/p11-kit/language/ro/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ro\n"
-"Plural-Forms: nplurals=3; plural=(n==1?0:(((n%100>19)||((n%100==0)&&(n!=0)))?2:1));\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/ru.po b/po/ru.po
deleted file mode 100644
index 290b71f..0000000
--- a/po/ru.po
+++ /dev/null
@@ -1,345 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# FIRST AUTHOR <EMAIL@ADDRESS>, 2011
-# Stas Solovey <whats_up@tut.by>, 2013
-# Yuri Kozlov <yuray@komyakino.ru>, 2014
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2014-03-29 13:45+0000\n"
-"Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
-"Language-Team: Russian (http://www.transifex.com/freedesktop/p11-kit/language/ru/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ru\n"
-"Plural-Forms: nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Действие было отменено"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Недостаточно свободной памяти"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Указанный идентификатор слота не действителен"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Внутренняя ошибка"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Сбой при выполнении операции"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Недопустимые аргументы"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Модуль не может создать необходимые потоки"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Модуль не может блокировать данные должным образом"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Поле доступно только для чтения"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Поле содержит важную информацию и не может быть показано"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Поле не действительно или не существует"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Недействительное значение для поля"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Данные неверны или не распознаны"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Данные слишком длинные"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "На устройстве произошла ошибка"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "На устройстве недостаточно свободной памяти"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Устройство было удалено или отключено"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Зашифрованные данные неверны или не распознаны"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Зашифрованные данные слишком длинные"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Операция не поддерживается"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Ключ отсутствует или неверен"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Ключ имеет неправильный размер"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Ключ имеет неправильный тип"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Ключ не требуется"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Ключ отличается от предыдущего"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Необходим ключ"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Невозможно включить ключ в каталог"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Операция не может быть выполнена с данным ключом"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Ключ не может быть обернут"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Невозможно экспортировать данный ключ"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Механизм шифрования неверен или не распознан"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Механизм шифрования имеет неверный параметр"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Объект отсутствует или неверен"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "В данный момент выполняется другое действие"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "В данный момент никаких других операций не проводится"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Пароль или PIN неверен"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Пароль или PIN недействителен"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Пароль или PIN недопустимой длины"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Пароль или PIN устарел"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Пароль или PIN заблокирован"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Сеанс закрыт"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Слишком много активных сеансов"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Сеанс некорректен"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Сеанс доступен только для чтения"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Есть открытый сеанс"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Есть сеанс только для чтения"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Есть административный сеанс"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Подпись плоха или повреждена"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Подпись не распознана или повреждена"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Определённые необходимые поля отсутствуют"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Некоторые поля имеют неверные значения"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Устройство отсутствует или отключено"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Устройство неверно или неопознаваемо"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Устройство защищено от записи"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Не удалось импортировать, поскольку ключ неверен"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Не удалось импортировать, поскольку ключ неправильной длины"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Не удалось импортировать, поскольку ключ неправильного типа"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Вы уже вошли"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Нет вошедших пользователей"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Пароль пользователя, или его PIN не установлен"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Пользователь неверного типа"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Другой пользователь уже вошёл"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Слишком ного пользователей различных типов вошли в систему"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Не удалось импортировать неверный ключ"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Не удалось импортировать ключ неверного размера"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Не удалось экспортировать, потому что ключ неверен"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Не удалось экспортировать, потому что ключ имеет неверный размер"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Не удалось экспортировать, потому что ключ имеет неправильный тип"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Не могу инициализировать генератор случайных чисел"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Генератор случайных чисел недоступен"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Механизм шифрования имеет неверный параметр"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Недостаточно места для сохранения результата"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Сохранённое состояние неверно"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Информация засекречена и не может быть показана"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Состояние не может быть сохранено"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Модуль не был инициализирован"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Модуль уже инициализирован"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Не удалось заблокировать данные"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Данные не могут быть заблокированы"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Запрос отклонён пользователем"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Неизвестная ошибка"
diff --git a/po/sk.po b/po/sk.po
deleted file mode 100644
index 4b8e0ac..0000000
--- a/po/sk.po
+++ /dev/null
@@ -1,344 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Dušan Kazik <prescott66@gmail.com>, 2015
-# helix84 <helix84@centrum.sk>, 2015
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2015-10-16 08:03+0000\n"
-"Last-Translator: Dušan Kazik <prescott66@gmail.com>\n"
-"Language-Team: Slovak (http://www.transifex.com/freedesktop/p11-kit/language/sk/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: sk\n"
-"Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Operácia bola zrušená"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Nie je k dispozícii dostatok pamäte"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Uvedený ID slotu nie je platný"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Vnútorná chyba"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Operácia zlyhala"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Neplatné argumenty"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Modul nedokáže vytvoriť potrebné vlákna"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Modul nedokáže správne zamknúť dáta"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Pole je iba na čítanie"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Pole je citlivé a nemožno ho odhaliť"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Pole je neplatné alebo neexistuje"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Neplatná hodnota poľa"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Dáta nie sú platné alebo rozpoznané"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Dáta sú príliš dlhé"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Na zariadení sa vyskytla chyba"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Na zariadení nie je k dispozícii dostatok pamäte"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Zariadenie bolo odstránené alebo odpojené"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Šifrované dáta nie sú platné alebo rozpoznané"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Šifrované dáta sú príliš dlhé"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Operácia nie je podporovaná"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Kľúč chýba alebo je neplatný"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Kľúč má nesprávnu veľkosť"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Kľúč je nesprávneho typu"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Kľúč nie je potrebný"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Kľúč je iný ako predtým"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Kľúč je potrebný"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Nie je možné zahrnúť kľúč do výťahu"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Túto operáciu nie je možné vykonať s týmto kľúčom"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Kľúč nie je možné zabaliť"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Tento kľúč nemožno exportovať"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Šifrovací mechanizmus je neplatný alebo nerozpoznaný"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Šifrovací mechanizmus má neplatný argument"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Objekt chýba alebo je neplatný"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Už prebieha iná operácia"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Neprebieha žiadna operácia"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Heslo alebo PIN je nesprávny"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Heslo alebo PIN je neplatný"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Heslo alebo PIN má neplatnú dĺžku"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Heslo alebo PIN vypršalo"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Heslo alebo PIN je zamknutý"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Relácia je zatvorená"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Je aktívnych príliš mnoho relácií"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Relácia je neplatná"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Relácia je iba na čítanie"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Existuje otvorená relácia"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Existuje relácia iba na čítanie"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Existuje relácia správcu"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Signatúra je chybná alebo poškodená"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Signatúra je nerozpoznaná alebo poškodená"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Chýbajú niektoré povinné polia"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Niektoré polia majú neplatné hodnoty"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Zariadenie nie je prítomné alebo je odpojené"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Zariadenie je neplatné alebo sa nedá rozpoznať"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Zariadenie je chránené proti zápisu"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Nie je možné importovať, pretože kľúč je neplatný"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Nie je možné importovať, pretože kľúč má nesprávnu veľkosť"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Nie je možné importovať, pretože kľúč je nesprávneho typu"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Už ste prihlásený"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Nie je prihlásený žiaden používateľ"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Heslo alebo PIN používateľa nie je nastavený"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Používateľ je neplatného typu"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Iný používateľ je už prihlásený"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Je prihlásených príliš veľa používateľov rozličných typov"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Nedá sa importovať neplatný kľúč"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Nedá sa importovať kľúč nesprávnej veľkosti"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Nedá sa exportovať, pretože kľúč je neplatný"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Nedá sa exportovať, pretože kľúč je nesprávnej veľkosti"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Nedá sa exportovať, pretože kľúč je nesprávneho typu"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Nie je možné inicializovať generátor náhodných čísel"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Nie je dostupný žiadny generátor náhodných čísel"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Šifrovací mechanizmus má neplatný parameter"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Nedostatok miesta na uloženie výsledku"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Uložený stav je neplatný"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Informácie sú citlivé a nemôžu byť odhalené"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Stav sa nedá uložiť"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Modul nebol inicializovaný"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Modul už bol inicializovaný"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Nedajú sa uzamknúť údaje"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Údaje nemôžu byť uzamknuté"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Požiadavka bola odmietnutá používateľom"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Neznáma chyba"
diff --git a/po/sl.po b/po/sl.po
deleted file mode 100644
index a088b78..0000000
--- a/po/sl.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Martin Srebotnjak <miles@filmsi.net>, 2012-2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Martin Srebotnjak <miles@filmsi.net>\n"
-"Language-Team: Slovenian (http://www.transifex.com/freedesktop/p11-kit/language/sl/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: sl\n"
-"Plural-Forms: nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Operacija je bila preklicana"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Na voljo ni dovolj pomnilnika"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Navedeni ID mesta ni veljaven"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Notranja napaka"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Operacija ni uspela"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Neveljavni argumenti"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Modul ne more ustvariti potrebnih niti"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Modul ne more ustrezno zakleniti podatkov"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Polje je samo za branje"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Polje je občutljive narave in ga ni mogoče razkriti"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Polje ni veljavno ali ne obstaja"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Neveljavna vrednost za polje"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Podatki niso veljavni ali prepoznavni"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Podatki so preobsežni"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Na napravi je prišlo do naprave"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Na napravi ni dovolj pomnilnika"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Naprava je bila odstranjena ali iztaknjena"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Šifrirani podatki niso veljavni ali prepoznavni"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Šifrirani podatki so preobsežni"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Ta operacija ni podprta"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Ključ manjka ali ni veljaven"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Ključ je napačne velikosti"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Ključ je napačne vrste"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Ključ ni potreben"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Ključ se razlikuje od prejšnjega"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Potreben je ključ"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Ključa ni mogoče vključiti v povzetek"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "S tem ključem te operacije ni moč opraviti"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Ključa ni mogoče ovijati"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Tega ključa ni mogoče izvoziti"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Šifrirni mehanizem ni veljaven ali prepoznan"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Šifrirni mehanizem ima neveljaven argument"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Predmet manjka ali ni veljaven"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Poteka že druga operacija"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Ne poteka nobena operacija"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Geslo ali PIN ni pravilen"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Geslo ali PIN ni veljaven"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Geslo ali PIN ni ustrezne dolžine"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Geslo ali PIN je potekel"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Geslo ali PIN je zaklenjen"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Seja je zaprta"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Aktivnih je preveč sej"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Seja ni veljavna"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Seja je samo za branje"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Obstaja odprta seja"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Obstaja seja le za branje"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Obstaja skrbniška seja"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Podpis je slab ali okvarjen"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Podpis ni razpoznaven ali je okvarjen"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Določena obvezna polja manjkajo"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Določena polja imajo neveljavne vrednosti"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Naprava ni prisotna ali pa je iztaknjena"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Naprava ni veljavna ali prepoznavna"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Naprava je zaščitena pred pisanjem"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Uvoz ni možen, ker je ključ neveljaven"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Ker ključ ni ustrezne velikosti, uvoz ni mogoč"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Ker ključ ni ustrezne vrste, uvoz ni mogoč"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Ste že prijavljeni"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Prijavil se ni noben uporabnik"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Geslo ali PIN uporabnika ni nastavljen"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Uporabnik je neveljavne vrste"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Prijavljen je že drug uporabnik"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Prijavljenih je preveč uporabnikov različnih vrst"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Neveljavnega ključa ni mogoče uvoziti"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Ključa neprimerne velikosti ni mogoče uvoziti"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Ključa ni mogoče izvoziti, ker je neveljaven"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Ključa ni mogoče izvoziti, ker ni ustrezne velikosti"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Ključa ni mogoče izvoziti, ker je napačne vrste"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Generatorja naključnih števil ni mogoče inicializirati"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Noben generator naključnih števil ni na voljo"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Mehanizem šifriranja ima neveljaven parameter"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Za shranjevanje rezultata primanjkuje prostora"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Shranjeno stanje ni veljavno"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Podatki so občutljive narave in jih ni mogoče razkriti"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Stanja ni mogoče shraniti"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Modil ni bil inicializiran"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Modul je že inicializiran"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Podatkov ni mogoče zakleniti"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Podatkov ni mogoče zakleniti"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Zahtevo je zavrnil uporabnik"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Neznana napaka"
diff --git a/po/sq.po b/po/sq.po
deleted file mode 100644
index 3b71e94..0000000
--- a/po/sq.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Albanian (http://www.transifex.com/freedesktop/p11-kit/language/sq/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: sq\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/sr.po b/po/sr.po
deleted file mode 100644
index a4bb0e3..0000000
--- a/po/sr.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Мирослав Николић <miroslavnikolic@rocketmail.com>, 2013-2014
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2014-11-22 10:52+0000\n"
-"Last-Translator: Мирослав Николић <miroslavnikolic@rocketmail.com>\n"
-"Language-Team: Serbian (http://www.transifex.com/freedesktop/p11-kit/language/sr/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: sr\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Радња је отказана"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Недовољно доступне меморије"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "ИБ наведеног уреза није исправан"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Унутрашња грешка"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Радња није успела"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Неисправни аргументи"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Модул не може да направи потребне нити"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Модул не може исправно да закључа податке"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Поље је само за читање"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Поље је осетљиво и не може бити откривено"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Поље је неисправно или не постоји"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Неисправна вредност за поље"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Подаци нису исправни или су непрепознатљиви"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Подаци су предуги"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Дошло је до грешке на уређају"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Нема довољно доступне меморије на уређају"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Уређај је уклоњен или је искључен"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Шифровани подаци нису исправни или су непрепознатљиви"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Шифровани подаци су предуги"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Ова радња није подржана"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Кључ недостаје или је неисправан"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Кључ је погрешне величине"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Кључ је погрешне врсте"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Није потребан кључ"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Кључ је другачији него раније"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Потребан је кључ"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Не могу да укључим кључ у одабиру"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Ова радња не може бити обављена овим кључем"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Кључ не може бити прекинут"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Не могу да извезем овај кључ"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Механизам шифровања је неисправан или непрепознатљив"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Механизам шифровања има неисправан аргумент"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Предмет недостаје или је неисправан"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Друга радња је ступила на снагу"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Ниједна радња није ступила на снагу"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Није тачна лозинка или ПИН"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Није исправна лозинка или ПИН"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Лозинка или ПИН су неисправне дужине"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Истекла је лозинка или ПИН"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Закључана је лозинка или ПИН"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Сесија је затворена"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Превише радних сесија"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Сесија је неисправна"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Сесија је само за читање"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Постоји отворена сесија"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Постоји сесија само за читање"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Постоји сесија администратора"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Потпис је лош или оштећен"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Потпис је непрепознатљив или оштећен"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Недостају одређена потребна поља"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Одређена поља имају неисправне вредности"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Уређај није присутан или је откачен"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Уређај је неисправан или је непрепознатљив"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Уређај је заштићен од писања"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Не могу да увезем јер је кључ неисправан"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Не могу да увезем јер је кључ погрешне величине"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Не могу да увезем јер је кључ погрешне врсте"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Већ сте пријављени"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Ниједан корисник није пријављен"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Није подешена корисничка лозинка или ПИН"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Корисник је неисправне врсте"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Други корисник је већ пријављен"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Пријављено је превише корисника различитих врста"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Не могу да увезем неисправан кључ"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Не могу да увезем кључ погрешне величине"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Не могу да извезем јер је кључ неисправан"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Не могу да извезем јер је кључ погрешне величине"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Не могу да извезем јер је кључ погрешне врсте"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Не могу да покренем ствараоца насумичног броја"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Није доступан стваралац насумичног броја"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Механизам шифровања има неисправан параметар"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Недовољно места за складиштење резултата"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Сачувано стање је неисправно"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Подаци су осетљиви и не могу бити откривени"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Стање не може бити сачувано"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Модул није покренут"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Модул је већ покренут"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Не могу да закључам податке"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Подаци не могу бити закључани"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Корисник је одбио захтев"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Непозната грешка"
diff --git a/po/sr@latin.po b/po/sr@latin.po
deleted file mode 100644
index 99f3e0f..0000000
--- a/po/sr@latin.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Serbian (Latin) (http://www.transifex.com/freedesktop/p11-kit/language/sr@latin/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: sr@latin\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/sv.po b/po/sv.po
deleted file mode 100644
index cf7ba4e..0000000
--- a/po/sv.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Josef Andersson <josef.andersson@fripost.org>, 2015
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2015-02-23 01:04+0000\n"
-"Last-Translator: Josef Andersson <josef.andersson@fripost.org>\n"
-"Language-Team: Swedish (http://www.transifex.com/freedesktop/p11-kit/language/sv/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: sv\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Åtgärden avbröts"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Otillräckligt med tillgängligt minne"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Angivet plats-ID är ogiltigt"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Internt fel"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Åtgärden misslyckades"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Ogiltiga argument"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Modulen kan inte skapa behövda trådar"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Modulen kan inte låsa data korrekt"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Fältet är endast läsbart"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Fältet är känsligt och kan inte avslöjas"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Fältet är ogiltigt eller existerar inte"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Ogiltigt värde för fält"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Datan är ogiltig eller okänd"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Datan är för lång"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Ett fel uppstod i enheten"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Otillräckligt med tillgängligt minne på enheten"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Enheten togs bort eller matades ut"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Den krypterade datan är ogiltig eller okänd"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Den krypterade datan är för lång"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Denna åtgärd stöds inte"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Nyckeln saknas eller är ogiltig"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Nyckeln har fel storlek"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Nyckeln är av fel typ"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Ingen nyckel behövs"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Nyckeln skiljer sig mot tidigare"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "En nyckel behövs"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Kan inte inkludera nyckeln i sammandraget"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Åtgärden kan inte utföras med denna nyckel"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Nyckeln kan inte paketeras"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Kan inte exportera denna nyckel"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Krypteringsmekanismen har ett ogiltigt argument eller är okänd"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Krypteringsmekanismen har ett ogiltigt argument"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Objektet saknas eller är ogiltigt"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "En annan åtgärd pågår redan"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Ingen åtgärd pågår"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Lösenordet eller PIN-koden stämmer inte"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Lösenordet eller PIN-koden är ogiltig"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Lösenordets eller PIN-kodens längd är ogiltig"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Lösenordets eller PIN-kodens tidsgräns är passerad"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Lösenordet eller PIN-koden är låst"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Sessionen är stängd"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "För många aktiva sessioner"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Sessionen är ogiltig"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Sessionen är endast läsbar"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "En öppen session existerar"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "En endast läsbar session existerar"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "En administratörsession existerar"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Signaturen är dålig eller korrupt"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Signaturen är okänd eller korrupt"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Vissa begärda fält saknas"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Vissa fält har ogiltiga värden"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Enheten är inte närvarande eller utmatad"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Enheten är ogiltig eller okänd"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Enheten är skrivskyddad"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Kan inte importera eftersom nyckeln är ogiltig"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Kan inte importera eftersom nyckeln har fel storlek"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Kan inte importera eftersom nyckeln har fel typ"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Du är redan inloggad"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Ingen användare har loggat in"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Användarens lösenord eller PIN-kod är inte angivet"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Användaren är av en ogiltig typ"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "En annan användare är redan inloggad"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "För många användare av olika typer är redan inloggade"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Kan inte importera en ogiltig nyckel"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Kan inte importera en nyckel med fel storlek"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Kan inte exportera eftersom nyckeln är ogiltig"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Kan inte exportera eftersom nyckeln har fel storlek"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Kan inte exportera eftersom nyckeln har fel typ"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Kan inte initiera slumptalsgeneratorn"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Ingen slumptalsgenerator tillgänglig"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Krypteringsmekanismen har en ogiltig parameter"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Inte tillräckligt med utrymme för att lagra resultatet"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Det sparade tillståndet är ogiltigt"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Informationen är känslig och kan inte avslöjas"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Tillståndet kan inte sparas"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Modulen har inte initierats"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Modulen har redan initierats"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Kan inte låsa data"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Datan kan inte låsas"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Begäran avvisades av användaren"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Okänt fel"
diff --git a/po/ta.po b/po/ta.po
deleted file mode 100644
index f4f6033..0000000
--- a/po/ta.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Tamil (http://www.transifex.com/freedesktop/p11-kit/language/ta/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: ta\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/te.po b/po/te.po
deleted file mode 100644
index fb4b852..0000000
--- a/po/te.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Telugu (http://www.transifex.com/freedesktop/p11-kit/language/te/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: te\n"
-"Plural-Forms: nplurals=2; plural=(n != 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/th.po b/po/th.po
deleted file mode 100644
index 96fb86c..0000000
--- a/po/th.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Thai (http://www.transifex.com/freedesktop/p11-kit/language/th/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: th\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/tr.po b/po/tr.po
deleted file mode 100644
index dadb5b4..0000000
--- a/po/tr.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Necdet Yücel <necdetyucel@gmail.com>, 2012
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2014-11-12 09:33+0000\n"
-"Last-Translator: Necdet Yücel <necdetyucel@gmail.com>\n"
-"Language-Team: Turkish (http://www.transifex.com/freedesktop/p11-kit/language/tr/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: tr\n"
-"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "İşlem iptal edildi"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Yeterli hafıza yok"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Belirtilen yuva kimliği geçersiz"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "İç hata"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "İşlem başarısız oldu"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Geçersiz değişkenler"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Modül ihtiyaç duyulan iş parçacıklarını oluşturamadı"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Modül veriyi düzgün kilitleyemedi"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Bu alan salt-okunur"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Bu alan hassas olduğundan gösterilemez"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Alan geçersiz veya mevcut değil"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Alan için geçersiz değer"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Veri geçersiz veya algılanamadı"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Veri çok uzun"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "Aygıtta bir hata oluştu"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "Aygıtta yeterli hafıza yok"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Aygıt kaldırıldı veya çıkartıldı"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Şifrelenmiş veri geçersiz veya algılanamadı"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Şifrelenmiş veri çok uzun"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Bu işlem desteklenmiyor"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Anahtar eksik veya geçersiz"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Anahtar boyutu hatalı"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Anahtar hatalı türde"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Anahtar gerekli değil"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Anahtar öncekinden farklı"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Anahtar gerekli"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Anahtar özete dahil edilemez"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Bu işlem bu anahtarla gerçekleştirilemez"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Anahtar kaydırılamaz"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Bu anahtar dışa aktarılamaz"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Şifreleme mekanizması geçersiz veya algılanamadı"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Şifreleme mekanizması geçersiz bir değişken içeriyor"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Nesne eksik veya geçersiz"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Başka bir işlem zaten sürüyor"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Devam eden işlem yok"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Parola veya PIN hatalı"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Parola veya PIN geçersiz"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Parola veya PIN geçersiz uzunlukta"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Parola veya PIN'in süresi geçmiş"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Parola veya PIN kilitli"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Oturum kapatıldı"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "Çok fazla aktif oturum var"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Oturum geçersiz"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Oturum salt-okunur"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Açık bir oturum var"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Salt okunur bir oturum var"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Bir yönetici oturumu var"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "İmza kötü veya hatalı"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "İmza algılanamadı veya bozulmuş"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Bazı gerekli alanlar eksik"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "Bazı alanlar geçersiz değerlere sahip"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Aygıt bulunmuyor veya çıkartılmış"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Aygıt geçersiz veya algılanamadı"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Aygıt yazma korumalı"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Anahtar geçersiz olduğundan içe aktarılamaz"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Anahtar hatalı boyutta olduğundan içe aktarılamaz"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Anahtar hatalı türde olduğundan içe aktarılamaz"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Zaten oturum açtınız"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "Oturum açmış kullanıcı yok"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Kullanıcı parolası veya PIN'i ayarlanmadı"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Kullanıcı geçersiz türde"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "Başka bir kullanıcı zaten oturum açtı"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "Farklı türden çok fazla kullanıcı oturum açtı"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Geçersiz bir anahtar içe aktarılamaz"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Hatalı boyuttaki bir anahtar içe aktarılamaz"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Anahtar geçersiz olduğundan dışa aktarılamaz"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Anahtar hatalı boyutta olduğundan dışa aktarılamaz"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Anahtar hatalı türde olduğundan dışa aktarılamaz"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Rastgele sayı oluşturucuyu başlatılamadı"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Kullanılabilir rasgele sayı oluşturucu yok"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Şifreleme mekanizması geçersiz değişken içeriyor"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Sonucu saklamak için yeterli alan yok"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Kaydedilen durum geçersiz"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Bu alan hassas olduğundan gösterilemez"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Durum kaydedilemedi"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Modül başlatılamadı"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Modül zaten başlatıldı"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Veri kilitlenemedi"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Veri kilitlenemez"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "İstek kullanıcı tarafından reddedildi"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Bilinmeyen hata"
diff --git a/po/uk.po b/po/uk.po
deleted file mode 100644
index 4348f33..0000000
--- a/po/uk.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Yuri Chornoivan <yurchor@ukr.net>, 2012-2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-21 13:15+0000\n"
-"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
-"Language-Team: Ukrainian (http://www.transifex.com/freedesktop/p11-kit/language/uk/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: uk\n"
-"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "Дію було скасовано"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "Недостатній об’єм пам’яті"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "Вказаний ідентифікатор слоту не є коректним"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "Внутрішня помилка"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "Не вдалося виконати дію"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "Некоректні параметри"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "Модулеві не вдалося створити потрібні потоки обробки"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "Модулеві не вдалося заблокувати дані належним чином"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "Поле є придатним лише для читання"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "Дані поля є конфіденційними, їх не можна розголошувати"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "Вказано некоректну назву поля, такого поля не існує"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "Некоректне значення поля"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "Дані є некоректними або непридатними до розпізнавання"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "Дані є занадто об’ємними"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "На пристрої сталася помилка"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "На пристрої недостатньо пам’яті"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "Пристрій було вилучено або від’єднано"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "Зашифровані дані є некоректними або непридатними до розпізнавання"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "Зашифровані дані є занадто об’ємними"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "Підтримки цієї дії не передбачено"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "Не вказано ключа або вказано некоректний ключ"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "Розмір ключа є помилковим"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "Тип ключа є помилковим"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "Ключ не потрібен"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "Значення ключа відрізняється від попереднього"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "Потрібен ключ"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "Не можна включати ключ до контрольної суми"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "Цю дію над цим ключем виконати неможливо"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "Ключ не може бути загорнуто"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "Експортування цього ключа неможливе"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "Некоректний або непридатний механізм шифрування"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "Механізмові шифрування передано некоректний аргумент"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "Не вказано об’єкт або вказано некоректний об’єкт"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "Вже виконується інша дія"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "Не виконується жодної дії"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "Помилковий пароль або PIN-код"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "Некоректний пароль або PIN-код"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "Довжина пароля або PIN-коду є некоректною"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "Строк дії пароля або PIN-коду вичерпано"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "Пароль або PIN-код заблоковано"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "Сеанс закрито"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "У активному режимі працює забагато сеансів"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "Некоректний сеанс"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "Сеанс у режимі лише читання"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "Виявлено відкритий сеанс"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "Виявлено сеанс роботи у режимі лише читання"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "Виявлено сеанс роботи від імені адміністратора"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "Помилковий або пошкоджений підпис"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "Підпис непридатний до розпізнавання або підпис пошкоджено"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "Деякі з полів, які мало бути заповнено, є порожніми"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "У деяких з полів містяться некоректні значення"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "Пристрою не виявлено або пристрій було від’єднано"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "Пристрій є некоректним або непридатним до розпізнавання"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "Пристрій захищено від запису"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "Не вдалося імпортувати, оскільки ключ є некоректним"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "Не вдалося імпортувати, оскільки ключ має помилковий розмір"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "Не вдалося імпортувати, оскільки ключ належить до помилкового типу"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "Ви вже увійшли до облікового запису"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "До системи не увійшов жоден користувач"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "Не встановлено пароль або PIN-код користувача"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "Запис користувача належить до некоректного типу"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "До системи вже увійшов інший користувач"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "До системи увійшло надто багато користувачів різних типів"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "Імпортування некоректних ключів неможливе"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "Імпортування ключів з помилковими розмірами неможливе"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "Не вдалося експортувати, оскільки ключ є некоректним"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "Не вдалося експортувати, оскільки ключ має помилковий розмір"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "Не вдалося експортувати, оскільки ключ належить до помилкового типу"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "Не вдалося ініціалізувати засіб створення псевдовипадкових чисел"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "Не виявлено жодного доступного засобу створення псевдовипадкових чисел"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "Механізмові шифрування передано некоректний параметр"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "Недостатньо простору для зберігання результату"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "Збережений стан є некоректним"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "Дані є конфіденційними, їх не можна розголошувати"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "Не вдалося зберегти стан"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "Модуль ще не було інціалізовано"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "Модуль вже було ініціалізовано"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "Не вдалося заблокувати дані"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "Не вдалося заблокувати дані"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "Користувач відмовив у задоволенні запиту"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "Невідома помилка"
diff --git a/po/vi.po b/po/vi.po
deleted file mode 100644
index 96cbc48..0000000
--- a/po/vi.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Vietnamese (http://www.transifex.com/freedesktop/p11-kit/language/vi/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: vi\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/wa.po b/po/wa.po
deleted file mode 100644
index 4808597..0000000
--- a/po/wa.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2012-02-29 09:23+0000\n"
-"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
-"Language-Team: Walloon (http://www.transifex.com/freedesktop/p11-kit/language/wa/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: wa\n"
-"Plural-Forms: nplurals=2; plural=(n > 1);\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/zh_CN.po b/po/zh_CN.po
deleted file mode 100644
index 8fa8dea..0000000
--- a/po/zh_CN.po
+++ /dev/null
@@ -1,344 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Michael Jay Tong <michaeljayt@gmail.com>, 2014
-# Wylmer Wang <wantinghard@gmail.com>, 2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2014-08-19 02:57+0000\n"
-"Last-Translator: Michael Jay Tong <michaeljayt@gmail.com>\n"
-"Language-Team: Chinese (China) (http://www.transifex.com/freedesktop/p11-kit/language/zh_CN/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: zh_CN\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr "操作已被取消"
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr "可用内存不足"
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr "指定的槽 ID 无效"
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "内部错误"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr "操作失败"
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr "参数无效"
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr "该模块无法创建需要的线程"
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr "该模块无法正确锁定数据"
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr "该字段为只读"
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr "该字段为敏感字段,不能显示"
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr "该字段无效或不存在"
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr "字段值无效"
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr "数据无效或无法识别"
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr "数据过长"
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr "设备上出现了错误"
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr "设备上的可用空间不足"
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr "设备已被移除或拔出"
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr "加密数据无效或无法识别"
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr "加密数据过长"
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr "不支持该操作"
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr "密钥缺失或无效"
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr "密钥长度不对"
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr "密钥类型不对"
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr "无需密钥"
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr "密钥与之前不同"
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr "需要密钥"
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr "摘要中无法包含此密钥"
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr "不能对该密钥进行这一操作"
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr "该密钥不能折行"
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr "无法导出这个密钥"
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr "加密机制无效或无法识别"
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr "加密机制中有无效参数"
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr "对象缺失或无效"
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr "另一操作正在进行"
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr "没有正在进行的操作"
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr "密码或 PIN 不正确"
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr "密码或 PIN 无效"
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr "密码或 PIN 长度无效"
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr "密码或 PIN 已过期"
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr "密码或 PIN 已锁定"
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr "会话已关闭"
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr "活动会话过多"
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr "会话无效"
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr "会话为只读"
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr "存在一个打开的会话"
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr "存在一个只读的会话"
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr "存在一个管理员会话"
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr "签名有误或已损坏"
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr "签名无法识别或已损坏"
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr "缺少某些要求的字段"
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr "某些字段的值无效"
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr "设备不存在或已拔出"
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr "设备无效或无法识别"
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr "设备已写保护"
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr "无法导入,因为密钥无效"
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr "无法导入,因为密钥长度错误"
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr "无法导入,因为密钥类型错误"
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr "您已经登录"
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr "没有登录用户"
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr "用户的密码或 PIN 未设置"
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr "用户的类型无效"
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr "另一用户已经登录"
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr "登录了太多不同类型的用户"
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr "无法导入无效的密钥"
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr "无法导入长度不对的密钥"
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr "无法导出,因为密钥无效"
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr "无法导出,因为密钥长度不对"
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr "无法导出,因为密钥类型不对"
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr "无法初始化随机数生成器"
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr "没有可用的随机数生成器"
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr "加密机制中有无效参数"
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr "没有足够的空间来保存结果"
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr "保存的状态无效"
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr "该信息为敏感信息,不能显示"
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr "无法保存状态"
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr "该模块未被初始化"
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr "该模块已经初始化"
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr "无法锁定数据"
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr "数据无法锁定"
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr "请求已被用户拒绝"
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr "未知错误"
diff --git a/po/zh_HK.po b/po/zh_HK.po
deleted file mode 100644
index 00764a7..0000000
--- a/po/zh_HK.po
+++ /dev/null
@@ -1,342 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Stef Walter <stefw@gnome.org>\n"
-"Language-Team: Chinese (Hong Kong) (http://www.transifex.com/freedesktop/p11-kit/language/zh_HK/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: zh_HK\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr ""
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/po/zh_TW.po b/po/zh_TW.po
deleted file mode 100644
index 161e025..0000000
--- a/po/zh_TW.po
+++ /dev/null
@@ -1,343 +0,0 @@
-# SOME DESCRIPTIVE TITLE.
-# Copyright (C) YEAR Collabora Ltd.
-# This file is distributed under the same license as the PACKAGE package.
-#
-# Translators:
-# Walter Cheuk <wwycheuk@gmail.com>, 2013
-msgid ""
-msgstr ""
-"Project-Id-Version: p11-kit\n"
-"Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue\n"
-"POT-Creation-Date: 2015-02-20 21:29+0100\n"
-"PO-Revision-Date: 2013-11-20 10:27+0000\n"
-"Last-Translator: Walter Cheuk <wwycheuk@gmail.com>\n"
-"Language-Team: Chinese (Taiwan) (http://www.transifex.com/freedesktop/p11-kit/language/zh_TW/)\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=UTF-8\n"
-"Content-Transfer-Encoding: 8bit\n"
-"Language: zh_TW\n"
-"Plural-Forms: nplurals=1; plural=0;\n"
-
-#: p11-kit/messages.c:78
-msgid "The operation was cancelled"
-msgstr ""
-
-#: p11-kit/messages.c:81
-msgid "Insufficient memory available"
-msgstr ""
-
-#: p11-kit/messages.c:83
-msgid "The specified slot ID is not valid"
-msgstr ""
-
-#: p11-kit/messages.c:85
-msgid "Internal error"
-msgstr "內部出錯"
-
-#: p11-kit/messages.c:87
-msgid "The operation failed"
-msgstr ""
-
-#: p11-kit/messages.c:89
-msgid "Invalid arguments"
-msgstr ""
-
-#: p11-kit/messages.c:91
-msgid "The module cannot create needed threads"
-msgstr ""
-
-#: p11-kit/messages.c:93
-msgid "The module cannot lock data properly"
-msgstr ""
-
-#: p11-kit/messages.c:95
-msgid "The field is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:97
-msgid "The field is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:99
-msgid "The field is invalid or does not exist"
-msgstr ""
-
-#: p11-kit/messages.c:101
-msgid "Invalid value for field"
-msgstr ""
-
-#: p11-kit/messages.c:103
-msgid "The data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:105
-msgid "The data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:107
-msgid "An error occurred on the device"
-msgstr ""
-
-#: p11-kit/messages.c:109
-msgid "Insufficient memory available on the device"
-msgstr ""
-
-#: p11-kit/messages.c:111
-msgid "The device was removed or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:113
-msgid "The encrypted data is not valid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:115
-msgid "The encrypted data is too long"
-msgstr ""
-
-#: p11-kit/messages.c:117
-msgid "This operation is not supported"
-msgstr ""
-
-#: p11-kit/messages.c:119
-msgid "The key is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:121
-msgid "The key is the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:123
-msgid "The key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:125
-msgid "No key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:127
-msgid "The key is different than before"
-msgstr ""
-
-#: p11-kit/messages.c:129
-msgid "A key is needed"
-msgstr ""
-
-#: p11-kit/messages.c:131
-msgid "Cannot include the key in the digest"
-msgstr ""
-
-#: p11-kit/messages.c:133
-msgid "This operation cannot be done with this key"
-msgstr ""
-
-#: p11-kit/messages.c:135
-msgid "The key cannot be wrapped"
-msgstr ""
-
-#: p11-kit/messages.c:137
-msgid "Cannot export this key"
-msgstr ""
-
-#: p11-kit/messages.c:139
-msgid "The crypto mechanism is invalid or unrecognized"
-msgstr ""
-
-#: p11-kit/messages.c:141
-msgid "The crypto mechanism has an invalid argument"
-msgstr ""
-
-#: p11-kit/messages.c:143
-msgid "The object is missing or invalid"
-msgstr ""
-
-#: p11-kit/messages.c:145
-msgid "Another operation is already taking place"
-msgstr ""
-
-#: p11-kit/messages.c:147
-msgid "No operation is taking place"
-msgstr ""
-
-#: p11-kit/messages.c:149
-msgid "The password or PIN is incorrect"
-msgstr ""
-
-#: p11-kit/messages.c:151
-msgid "The password or PIN is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:153
-msgid "The password or PIN is of an invalid length"
-msgstr ""
-
-#: p11-kit/messages.c:155
-msgid "The password or PIN has expired"
-msgstr ""
-
-#: p11-kit/messages.c:157
-msgid "The password or PIN is locked"
-msgstr ""
-
-#: p11-kit/messages.c:159
-msgid "The session is closed"
-msgstr ""
-
-#: p11-kit/messages.c:161
-msgid "Too many sessions are active"
-msgstr ""
-
-#: p11-kit/messages.c:163
-msgid "The session is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:165
-msgid "The session is read-only"
-msgstr ""
-
-#: p11-kit/messages.c:167
-msgid "An open session exists"
-msgstr ""
-
-#: p11-kit/messages.c:169
-msgid "A read-only session exists"
-msgstr ""
-
-#: p11-kit/messages.c:171
-msgid "An administrator session exists"
-msgstr ""
-
-#: p11-kit/messages.c:173
-msgid "The signature is bad or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:175
-msgid "The signature is unrecognized or corrupted"
-msgstr ""
-
-#: p11-kit/messages.c:177
-msgid "Certain required fields are missing"
-msgstr ""
-
-#: p11-kit/messages.c:179
-msgid "Certain fields have invalid values"
-msgstr ""
-
-#: p11-kit/messages.c:181
-msgid "The device is not present or unplugged"
-msgstr ""
-
-#: p11-kit/messages.c:183
-msgid "The device is invalid or unrecognizable"
-msgstr ""
-
-#: p11-kit/messages.c:185
-msgid "The device is write protected"
-msgstr ""
-
-#: p11-kit/messages.c:187
-msgid "Cannot import because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:189
-msgid "Cannot import because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:191
-msgid "Cannot import because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:193
-msgid "You are already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:195
-msgid "No user has logged in"
-msgstr ""
-
-#: p11-kit/messages.c:197
-msgid "The user's password or PIN is not set"
-msgstr ""
-
-#: p11-kit/messages.c:199
-msgid "The user is of an invalid type"
-msgstr ""
-
-#: p11-kit/messages.c:201
-msgid "Another user is already logged in"
-msgstr ""
-
-#: p11-kit/messages.c:203
-msgid "Too many users of different types are logged in"
-msgstr ""
-
-#: p11-kit/messages.c:205
-msgid "Cannot import an invalid key"
-msgstr ""
-
-#: p11-kit/messages.c:207
-msgid "Cannot import a key of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:209
-msgid "Cannot export because the key is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:211
-msgid "Cannot export because the key is of the wrong size"
-msgstr ""
-
-#: p11-kit/messages.c:213
-msgid "Cannot export because the key is of the wrong type"
-msgstr ""
-
-#: p11-kit/messages.c:215
-msgid "Unable to initialize the random number generator"
-msgstr ""
-
-#: p11-kit/messages.c:217
-msgid "No random number generator available"
-msgstr ""
-
-#: p11-kit/messages.c:219
-msgid "The crypto mechanism has an invalid parameter"
-msgstr ""
-
-#: p11-kit/messages.c:221
-msgid "Not enough space to store the result"
-msgstr ""
-
-#: p11-kit/messages.c:223
-msgid "The saved state is invalid"
-msgstr ""
-
-#: p11-kit/messages.c:225
-msgid "The information is sensitive and cannot be revealed"
-msgstr ""
-
-#: p11-kit/messages.c:227
-msgid "The state cannot be saved"
-msgstr ""
-
-#: p11-kit/messages.c:229
-msgid "The module has not been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:231
-msgid "The module has already been initialized"
-msgstr ""
-
-#: p11-kit/messages.c:233
-msgid "Cannot lock data"
-msgstr ""
-
-#: p11-kit/messages.c:235
-msgid "The data cannot be locked"
-msgstr ""
-
-#: p11-kit/messages.c:237
-msgid "The request was rejected by the user"
-msgstr ""
-
-#: p11-kit/messages.c:240
-msgid "Unknown error"
-msgstr ""
diff --git a/trust/Makefile.am b/trust/Makefile.am
deleted file mode 100644
index cc91bce..0000000
--- a/trust/Makefile.am
+++ /dev/null
@@ -1,295 +0,0 @@
-
-noinst_LTLIBRARIES += \
- libtrust-testable.la \
- libtrust-data.la
-
-libtrust_data_la_SOURCES = \
- trust/asn1.c trust/asn1.h \
- trust/basic.asn trust/basic.asn.h \
- trust/base64.c trust/base64.h \
- trust/pem.c trust/pem.h \
- trust/pkix.asn trust/pkix.asn.h \
- trust/oid.c trust/oid.h \
- trust/openssl.asn trust/openssl.asn.h \
- trust/utf8.c trust/utf8.h \
- trust/x509.c trust/x509.h \
- $(NULL)
-
-libtrust_data_la_CFLAGS = \
- $(LIBTASN1_CFLAGS)
-
-libtrust_data_la_LIBADD = \
- $(LIBTASN1_LIBS) \
- $(NULL)
-
-TRUST_SRCS = \
- trust/builder.c trust/builder.h \
- trust/digest.c trust/digest.h \
- trust/index.c trust/index.h \
- trust/parser.c trust/parser.h \
- trust/persist.c trust/persist.h \
- trust/module.c trust/module.h \
- trust/save.c trust/save.h \
- trust/session.c trust/session.h \
- trust/token.c trust/token.h \
- trust/types.h \
- $(NULL)
-
-configdir = $(p11_package_config_modules)
-config_DATA = trust/p11-kit-trust.module
-
-moduledir = $(p11_module_path)
-module_LTLIBRARIES = \
- p11-kit-trust.la
-
-p11_kit_trust_la_CFLAGS = \
- $(LIBTASN1_CFLAGS)
-
-p11_kit_trust_la_LIBADD = \
- libtrust-data.la \
- libp11-library.la \
- libp11-common.la \
- $(LIBTASN1_LIBS) \
- $(HASH_LIBS) \
- $(NULL)
-
-p11_kit_trust_la_LDFLAGS = \
- -no-undefined -module -avoid-version \
- -version-info $(P11KIT_LT_RELEASE) \
- -export-symbols-regex 'C_GetFunctionList' \
- $(NULL)
-
-p11_kit_trust_la_SOURCES = $(TRUST_SRCS)
-
-libtrust_testable_la_LDFLAGS = \
- -no-undefined
-
-libtrust_testable_la_SOURCES = $(TRUST_SRCS)
-
-libtrust_testable_la_CFLAGS = \
- $(LIBTASN1_CFLAGS)
-
-libtrust_testable_la_LIBADD = \
- $(LIBTASN1_LIBS)
-
-bin_PROGRAMS += trust/trust
-
-trust_trust_LDADD = \
- libtrust-data.la \
- libp11-kit.la \
- libp11-common.la \
- libp11-tool.la \
- $(LTLIBINTL) \
- $(LIBTASN1_LIBS) \
- $(HASH_LIBS) \
- $(NULL)
-
-trust_trust_CFLAGS = \
- -DP11_KIT_FUTURE_UNSTABLE_API \
- $(LIBTASN1_CFLAGS) \
- $(NULL)
-
-trust_trust_SOURCES = \
- trust/anchor.c trust/anchor.h \
- trust/parser.c trust/parser.h \
- trust/persist.c trust/persist.h \
- trust/digest.c trust/digest.h \
- trust/enumerate.c trust/enumerate.h \
- trust/extract.c trust/extract.h \
- trust/extract-jks.c \
- trust/extract-openssl.c \
- trust/extract-pem.c \
- trust/extract-cer.c \
- trust/list.c trust/list.h \
- trust/openssl.asn trust/openssl.asn.h \
- trust/save.c trust/save.h \
- trust/trust.c \
- $(NULL)
-
-externaldir = $(privatedir)
-external_SCRIPTS = \
- trust/trust-extract-compat
-
-EXTRA_DIST += \
- trust/p11-kit-trust.module
-
-asn:
- asn1Parser -o $(srcdir)/trust/pkix.asn.h $(srcdir)/trust/pkix.asn
- asn1Parser -o $(srcdir)/trust/openssl.asn.h $(srcdir)/trust/openssl.asn
- asn1Parser -o $(srcdir)/trust/basic.asn.h $(srcdir)/trust/basic.asn
-
-# Tests ----------------------------------------------------------------
-
-trust_CFLAGS = \
- $(LIBTASN1_CFLAGS) \
- $(NULL)
-
-trust_LIBS = \
- libtrust-testable.la \
- libtrust-data.la \
- libtrust-test.la \
- libp11-kit.la \
- libp11-library.la \
- libp11-test.la \
- libp11-common.la \
- $(LIBTASN1_LIBS) \
- $(HASH_LIBS) \
- $(NULL)
-
-noinst_LTLIBRARIES += \
- libtrust-test.la
-
-libtrust_test_la_SOURCES = \
- trust/test-trust.c trust/test-trust.h \
- trust/digest.c \
- $(NULL)
-
-CHECK_PROGS += \
- test-digest \
- test-asn1 \
- test-base64 \
- test-pem \
- test-oid \
- test-utf8 \
- test-x509 \
- test-persist \
- test-index \
- test-parser \
- test-builder \
- test-token \
- test-module \
- test-save \
- test-enumerate \
- test-cer \
- test-bundle \
- test-openssl \
- $(NULL)
-
-test_asn1_SOURCES = trust/test-asn1.c
-test_asn1_LDADD = $(trust_LIBS)
-test_asn1_CFLAGS = $(trust_CFLAGS)
-
-test_base64_SOURCES = trust/test-base64.c
-test_base64_LDADD = $(trust_LIBS)
-test_base64_CFLAGS = $(trust_CFLAGS)
-
-test_builder_SOURCES = trust/test-builder.c
-test_builder_LDADD = $(trust_LIBS)
-test_builder_CFLAGS = $(trust_CFLAGS)
-
-test_bundle_SOURCES = trust/test-bundle.c
-test_bundle_LDADD = $(trust_LIBS)
-test_bundle_CFLAGS = $(trust_CFLAGS)
-
-test_cer_SOURCES = trust/test-cer.c
-test_cer_LDADD = $(trust_LIBS)
-test_cer_CFLAGS = $(trust_CFLAGS)
-
-test_digest_SOURCES = trust/test-digest.c
-test_digest_LDADD = $(trust_LIBS)
-test_digest_CFLAGS = $(trust_CFLAGS)
-
-test_enumerate_SOURCES = trust/test-enumerate.c
-test_enumerate_LDADD = $(trust_LIBS)
-test_enumerate_CFLAGS = $(trust_CFLAGS)
-
-test_index_SOURCES = trust/test-index.c
-test_index_LDADD = $(trust_LIBS)
-test_index_CFLAGS = $(trust_CFLAGS)
-
-test_module_SOURCES = trust/test-module.c
-test_module_LDADD = $(trust_LIBS)
-test_module_CFLAGS = $(trust_CFLAGS)
-
-test_oid_SOURCES = trust/test-oid.c
-test_oid_LDADD = $(trust_LIBS)
-test_oid_CFLAGS = $(trust_CFLAGS)
-
-test_openssl_SOURCES = trust/test-openssl.c
-test_openssl_LDADD = $(trust_LIBS)
-test_openssl_CFLAGS = $(trust_CFLAGS)
-
-test_parser_SOURCES = trust/test-parser.c
-test_parser_LDADD = $(trust_LIBS)
-test_parser_CFLAGS = $(trust_CFLAGS)
-
-test_pem_SOURCES = trust/test-pem.c
-test_pem_LDADD = $(trust_LIBS)
-
-test_persist_SOURCES = trust/test-persist.c
-test_persist_LDADD = $(trust_LIBS)
-
-test_save_SOURCES = trust/test-save.c
-test_save_LDADD = $(trust_LIBS)
-
-test_token_SOURCES = trust/test-token.c
-test_token_LDADD = $(trust_LIBS)
-test_token_CFLAGS = $(trust_CFLAGS)
-
-test_utf8_SOURCES = trust/test-utf8.c
-test_utf8_LDADD = $(trust_LIBS)
-
-test_x509_SOURCES = trust/test-x509.c
-test_x509_LDADD = $(trust_LIBS)
-test_x509_CFLAGS = $(trust_CFLAGS)
-
-noinst_PROGRAMS += \
- frob-pow \
- frob-token \
- frob-nss-trust \
- frob-cert \
- frob-bc \
- frob-ku \
- frob-eku \
- frob-ext \
- frob-oid \
- $(NULL)
-
-frob_bc_SOURCES = trust/frob-bc.c
-frob_bc_LDADD = $(trust_LIBS)
-frob_bc_CFLAGS = $(trust_CFLAGS)
-
-frob_cert_SOURCES = trust/frob-cert.c
-frob_cert_LDADD = $(trust_LIBS)
-frob_cert_CFLAGS = $(trust_CFLAGS)
-
-frob_eku_SOURCES = trust/frob-eku.c
-frob_eku_LDADD = $(trust_LIBS)
-frob_eku_CFLAGS = $(trust_CFLAGS)
-
-frob_ext_SOURCES = trust/frob-ext.c
-frob_ext_LDADD = $(trust_LIBS)
-frob_ext_CFLAGS = $(trust_CFLAGS)
-
-frob_ku_SOURCES = trust/frob-ku.c
-frob_ku_LDADD = $(trust_LIBS)
-frob_ku_CFLAGS = $(trust_CFLAGS)
-
-frob_nss_trust_SOURCES = trust/frob-nss-trust.c
-frob_nss_trust_LDADD = \
- libp11-common.la \
- libp11-kit.la \
- $(HASH_LIBS) \
- $(NULL)
-
-frob_oid_SOURCES = trust/frob-oid.c
-frob_oid_LDADD = $(trust_LIBS)
-frob_oid_CFLAGS = $(trust_CFLAGS)
-
-frob_pow_SOURCES = trust/frob-pow.c
-frob_pow_LDADD = $(trust_LIBS)
-frob_pow_CFLAGS = $(trust_CFLAGS)
-
-frob_token_SOURCES = trust/frob-token.c
-frob_token_LDADD = $(trust_LIBS)
-frob_token_CFLAGS = $(trust_CFLAGS)
-
-noinst_SCRIPTS += trust/test-extract
-
-installcheck-local:
- sh $(builddir)/trust/test-extract
-
-EXTRA_DIST += \
- trust/input \
- trust/fixtures \
- $(NULL)
diff --git a/trust/anchor.c b/trust/anchor.c
deleted file mode 100644
index baa1aeb..0000000
--- a/trust/anchor.c
+++ /dev/null
@@ -1,660 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_TOOL
-
-#include "anchor.h"
-#include "attrs.h"
-#include "debug.h"
-#include "constants.h"
-#include "extract.h"
-#include "message.h"
-#include "parser.h"
-#include "tool.h"
-
-#include "p11-kit/iter.h"
-#include "p11-kit/p11-kit.h"
-
-#include <assert.h>
-#include <getopt.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-static p11_parser *
-create_arg_file_parser (void)
-{
- p11_parser *parser;
-
- parser = p11_parser_new (NULL);
- return_val_if_fail (parser != NULL, NULL);
-
- p11_parser_formats (parser,
- p11_parser_format_x509,
- p11_parser_format_pem,
- NULL);
-
- return parser;
-}
-
-static bool
-iter_match_anchor (p11_kit_iter *iter,
- CK_ATTRIBUTE *attrs)
-{
- CK_ATTRIBUTE *attr;
-
- attr = p11_attrs_find_valid (attrs, CKA_CLASS);
- if (attr == NULL)
- return false;
-
- p11_kit_iter_add_filter (iter, attr, 1);
-
- attr = p11_attrs_find_valid (attrs, CKA_VALUE);
- if (attr == NULL)
- return false;
-
- p11_kit_iter_add_filter (iter, attr, 1);
- return true;
-}
-
-static p11_array *
-uris_or_files_to_iters (int argc,
- char *argv[],
- int behavior)
-{
- int flags = P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE;
- p11_parser *parser = NULL;
- p11_array *iters;
- p11_array *parsed;
- p11_kit_uri *uri;
- p11_kit_iter *iter;
- int ret;
- int i, j;
-
- iters = p11_array_new ((p11_destroyer)p11_kit_iter_free);
- return_val_if_fail (iters != NULL, NULL);
-
- for (i = 0; i < argc; i++) {
-
- /* A PKCS#11 URI */
- if (strncmp (argv[i], "pkcs11:", 7) == 0) {
- uri = p11_kit_uri_new ();
- if (p11_kit_uri_parse (argv[i], flags, uri) != P11_KIT_URI_OK) {
- p11_message ("invalid PKCS#11 uri: %s", argv[i]);
- p11_kit_uri_free (uri);
- break;
- }
-
- iter = p11_kit_iter_new (uri, behavior);
- return_val_if_fail (iter != NULL, NULL);
- p11_kit_uri_free (uri);
-
- if (!p11_array_push (iters, iter))
- return_val_if_reached (NULL);
-
- } else {
- if (parser == NULL)
- parser = create_arg_file_parser ();
-
- ret = p11_parse_file (parser, argv[i], NULL, P11_PARSE_FLAG_ANCHOR);
- switch (ret) {
- case P11_PARSE_SUCCESS:
- p11_debug ("parsed file: %s", argv[i]);
- break;
- case P11_PARSE_UNRECOGNIZED:
- p11_message ("unrecognized file format: %s", argv[i]);
- break;
- default:
- p11_message ("failed to parse file: %s", argv[i]);
- break;
- }
-
- if (ret != P11_PARSE_SUCCESS)
- break;
-
- parsed = p11_parser_parsed (parser);
- for (j = 0; j < parsed->num; j++) {
- iter = p11_kit_iter_new (NULL, behavior);
- return_val_if_fail (iter != NULL, NULL);
-
- iter_match_anchor (iter, parsed->elem[j]);
- if (!p11_array_push (iters, iter))
- return_val_if_reached (NULL);
- }
- }
- }
-
- if (parser)
- p11_parser_free (parser);
-
- if (argc != i) {
- p11_array_free (iters);
- return NULL;
- }
-
- return iters;
-}
-
-static p11_array *
-files_to_attrs (int argc,
- char *argv[])
-{
- p11_parser *parser;
- p11_array *parsed;
- p11_array *array;
- int ret = P11_PARSE_SUCCESS;
- int i, j;
-
- array = p11_array_new (p11_attrs_free);
- return_val_if_fail (array != NULL, NULL);
-
- parser = create_arg_file_parser ();
- return_val_if_fail (parser != NULL, NULL);
-
- for (i = 0; i < argc; i++) {
- ret = p11_parse_file (parser, argv[i], NULL, P11_PARSE_FLAG_ANCHOR);
- switch (ret) {
- case P11_PARSE_SUCCESS:
- p11_debug ("parsed file: %s", argv[i]);
- break;
- case P11_PARSE_UNRECOGNIZED:
- p11_message ("unrecognized file format: %s", argv[i]);
- break;
- default:
- p11_message ("failed to parse file: %s", argv[i]);
- break;
- }
-
- if (ret != P11_PARSE_SUCCESS)
- break;
-
- parsed = p11_parser_parsed (parser);
- for (j = 0; j < parsed->num; j++) {
- if (!p11_array_push (array, parsed->elem[j]))
- return_val_if_reached (NULL);
- parsed->elem[j] = NULL;
- }
- }
-
- p11_parser_free (parser);
-
- if (ret == P11_PARSE_SUCCESS)
- return array;
-
- p11_array_free (array);
- return NULL;
-
-}
-
-static CK_SESSION_HANDLE
-session_for_store_on_module (const char *name,
- CK_FUNCTION_LIST *module,
- bool *found_read_only)
-{
- CK_SESSION_HANDLE session = 0;
- CK_SLOT_ID *slots = NULL;
- CK_TOKEN_INFO info;
- CK_ULONG count;
- CK_ULONG i;
- CK_RV rv;
-
- rv = p11_kit_module_initialize (module);
- if (rv != CKR_OK) {
- p11_message ("%s: couldn't initialize: %s", name, p11_kit_message ());
- return 0UL;
- }
-
- rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count);
- if (rv == CKR_OK) {
- slots = calloc (count, sizeof (CK_ULONG));
- return_val_if_fail (slots != NULL, 0UL);
- rv = (module->C_GetSlotList) (CK_TRUE, slots, &count);
- }
- if (rv != CKR_OK) {
- p11_message ("%s: couldn't enumerate slots: %s", name, p11_kit_strerror (rv));
- free (slots);
- return 0UL;
- }
-
- for (i = 0; session == 0 && i < count; i++) {
- rv = (module->C_GetTokenInfo) (slots[i], &info);
- if (rv != CKR_OK) {
- p11_message ("%s: couldn't get token info: %s", name, p11_kit_strerror (rv));
- continue;
- }
-
- if (info.flags & CKF_WRITE_PROTECTED) {
- *found_read_only = true;
- continue;
- }
-
- rv = (module->C_OpenSession) (slots[i], CKF_SERIAL_SESSION | CKF_RW_SESSION,
- NULL, NULL, &session);
- if (rv != CKR_OK) {
- p11_message ("%s: couldn't open session: %s", name, p11_kit_strerror (rv));
- session = 0;
- }
-
- p11_debug ("opened writable session on: %s", name);
- }
-
- free (slots);
-
- if (session == 0UL)
- p11_kit_module_finalize (module);
-
- return session;
-}
-
-static CK_SESSION_HANDLE
-session_for_store (CK_FUNCTION_LIST **module)
-{
- CK_SESSION_HANDLE session = 0UL;
- CK_FUNCTION_LIST **modules;
- bool found_read_only = false;
- char *name;
- int i;
-
- modules = p11_kit_modules_load (NULL, P11_KIT_MODULE_TRUSTED);
- if (modules == NULL)
- return 0;
-
- for (i = 0; modules[i] != NULL; i++) {
- if (session == 0UL) {
- name = p11_kit_module_get_name (modules[i]);
- session = session_for_store_on_module (name, modules[i],
- &found_read_only);
-
- if (session != 0UL) {
- *module = modules[i];
- modules[i] = NULL;
- }
-
- free (name);
- }
-
- if (modules[i])
- p11_kit_module_release (modules[i]);
- }
-
- if (session == 0UL) {
- if (found_read_only)
- p11_message ("no configured writable location to store anchors");
- else
- p11_message ("no configured location to store anchors");
- }
-
- free (modules);
- return session;
-}
-
-static bool
-create_anchor (CK_FUNCTION_LIST *module,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE *attrs)
-{
- CK_BBOOL truev = CK_TRUE;
- CK_OBJECT_HANDLE object;
- char *string;
- CK_RV rv;
-
- CK_ATTRIBUTE basics[] = {
- { CKA_TOKEN, &truev, sizeof (truev) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_INVALID, },
- };
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (basics), true);
- p11_attrs_remove (attrs, CKA_MODIFIABLE);
-
- if (p11_debugging) {
- string = p11_attrs_to_string (attrs, -1);
- p11_debug ("storing: %s", string);
- free (string);
- }
-
- rv = (module->C_CreateObject) (session, attrs,
- p11_attrs_count (attrs), &object);
-
- p11_attrs_free (attrs);
-
- if (rv != CKR_OK) {
- p11_message ("couldn't create object: %s", p11_kit_strerror (rv));
- return false;
- }
-
- return true;
-}
-
-static bool
-modify_anchor (CK_FUNCTION_LIST *module,
- CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE *attrs)
-{
- CK_BBOOL truev = CK_TRUE;
- CK_ATTRIBUTE *changes;
- CK_ATTRIBUTE *label;
- char *string;
- CK_RV rv;
-
- CK_ATTRIBUTE trusted = { CKA_TRUSTED, &truev, sizeof (truev) };
-
- label = p11_attrs_find_valid (attrs, CKA_LABEL);
- changes = p11_attrs_build (NULL, &trusted, label, NULL);
- return_val_if_fail (attrs != NULL, FALSE);
-
- /* Don't need the attributes anymore */
- p11_attrs_free (attrs);
-
- if (p11_debugging) {
- string = p11_attrs_to_string (changes, -1);
- p11_debug ("setting: %s", string);
- free (string);
- }
-
- rv = (module->C_SetAttributeValue) (session, object, changes,
- p11_attrs_count (changes));
-
- p11_attrs_free (changes);
-
- if (rv != CKR_OK) {
- p11_message ("couldn't create object: %s", p11_kit_strerror (rv));
- return false;
- }
-
- return true;
-}
-
-static CK_OBJECT_HANDLE
-find_anchor (CK_FUNCTION_LIST *module,
- CK_SESSION_HANDLE session,
- CK_ATTRIBUTE *attrs)
-{
- CK_OBJECT_HANDLE object = 0UL;
- CK_ATTRIBUTE *attr;
- p11_kit_iter *iter;
-
- attr = p11_attrs_find_valid (attrs, CKA_CLASS);
- return_val_if_fail (attr != NULL, 0);
-
- iter = p11_kit_iter_new (NULL, 0);
- return_val_if_fail (iter != NULL, 0);
-
- if (iter_match_anchor (iter, attrs)) {
- p11_kit_iter_begin_with (iter, module, 0, session);
- if (p11_kit_iter_next (iter) == CKR_OK)
- object = p11_kit_iter_get_object (iter);
- }
-
- p11_kit_iter_free (iter);
-
- return object;
-}
-
-static int
-anchor_store (int argc,
- char *argv[],
- bool *changed)
-{
- CK_ATTRIBUTE *attrs;
- CK_FUNCTION_LIST *module = NULL;
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE object;
- p11_array *anchors;
- int ret;
- int i;
-
- anchors = files_to_attrs (argc, argv);
- if (anchors == NULL)
- return 1;
-
- if (anchors->num == 0) {
- p11_message ("specify at least one anchor input file");
- p11_array_free (anchors);
- return 2;
- }
-
- session = session_for_store (&module);
- if (session == 0UL) {
- p11_array_free (anchors);
- return 1;
- }
-
- for (i = 0, ret = 0; i < anchors->num; i++) {
- attrs = anchors->elem[i];
- anchors->elem[i] = NULL;
-
- object = find_anchor (module, session, attrs);
- if (object == 0) {
- p11_debug ("don't yet have this anchor");
- if (create_anchor (module, session, attrs)) {
- *changed = true;
- } else {
- ret = 1;
- break;
- }
- } else {
- p11_debug ("already have this anchor");
- if (modify_anchor (module, session, object, attrs)) {
- *changed = true;
- } else {
- ret = 1;
- break;
- }
- }
- }
-
- p11_array_free (anchors);
- p11_kit_module_finalize (module);
- p11_kit_module_release (module);
-
- return ret;
-}
-
-static const char *
-description_for_object_at_iter (p11_kit_iter *iter)
-{
- CK_OBJECT_CLASS klass;
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_INVALID },
- };
-
- const char *desc = "object";
- CK_RV rv;
-
- rv = p11_kit_iter_load_attributes (iter, attrs, 1);
- if (rv == CKR_OK)
- desc = p11_constant_nick (p11_constant_classes, klass);
-
- return desc;
-}
-
-static bool
-remove_all (p11_kit_iter *iter,
- bool *changed)
-{
- const char *desc;
- CK_RV rv;
-
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- desc = description_for_object_at_iter (iter);
- p11_debug ("removing %s: %lu", desc, p11_kit_iter_get_object (iter));
- rv = p11_kit_iter_destroy_object (iter);
- switch (rv) {
- case CKR_OK:
- *changed = true;
- /* fall through */
- case CKR_OBJECT_HANDLE_INVALID:
- continue;
- case CKR_TOKEN_WRITE_PROTECTED:
- case CKR_SESSION_READ_ONLY:
- case CKR_ATTRIBUTE_READ_ONLY:
- p11_message ("couldn't remove read-only %s", desc);
- continue;
- default:
- p11_message ("couldn't remove %s: %s", desc,
- p11_kit_strerror (rv));
- break;
- }
- }
-
- return (rv == CKR_CANCEL);
-}
-
-static int
-anchor_remove (int argc,
- char *argv[],
- bool *changed)
-{
- CK_FUNCTION_LIST **modules;
- p11_array *iters;
- p11_kit_iter *iter;
- int ret = 0;
- int i;
-
- iters = uris_or_files_to_iters (argc, argv, P11_KIT_ITER_WANT_WRITABLE);
- return_val_if_fail (iters != NULL, 1);
-
- if (iters->num == 0) {
- p11_message ("at least one file or uri must be specified");
- p11_array_free (iters);
- return 2;
- }
-
- modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
- if (modules == NULL)
- ret = 1;
-
- for (i = 0; ret == 0 && i < iters->num; i++) {
- iter = iters->elem[i];
-
- p11_kit_iter_begin (iter, modules);
- if (!remove_all (iter, changed))
- ret = 1;
- }
-
- p11_array_free (iters);
- p11_kit_modules_finalize_and_release (modules);
-
- return ret;
-}
-
-int
-p11_trust_anchor (int argc,
- char **argv)
-{
- bool changed = false;
- int action = 0;
- int opt;
- int ret;
-
- enum {
- opt_verbose = 'v',
- opt_quiet = 'q',
- opt_help = 'h',
-
- opt_store = 's',
- opt_remove = 'r',
- };
-
- struct option options[] = {
- { "store", no_argument, NULL, opt_store },
- { "remove", no_argument, NULL, opt_remove },
- { "verbose", no_argument, NULL, opt_verbose },
- { "quiet", no_argument, NULL, opt_quiet },
- { "help", no_argument, NULL, opt_help },
- { 0 },
- };
-
- p11_tool_desc usages[] = {
- { 0, "usage: trust anchor --store <file> ..." },
- { opt_verbose, "show verbose debug output", },
- { opt_quiet, "suppress command output", },
- { 0 },
- };
-
- while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
- switch (opt) {
- case opt_store:
- case opt_remove:
- if (action == 0) {
- action = opt;
- } else {
- p11_message ("an action was already specified");
- return 2;
- }
- break;
- case opt_verbose:
- case opt_quiet:
- break;
- case opt_help:
- p11_tool_usage (usages, options);
- return 0;
- case '?':
- p11_tool_usage (usages, options);
- return 2;
- default:
- assert_not_reached ();
- break;
- }
- };
-
- argc -= optind;
- argv += optind;
-
- if (action == 0)
- action = opt_store;
-
- /* Store is different, and only accepts files */
- if (action == opt_store)
- ret = anchor_store (argc, argv, &changed);
-
- else if (action == opt_remove)
- ret = anchor_remove (argc, argv, &changed);
-
- else
- assert_not_reached ();
-
- /* Extract the compat bundles after modification */
- if (ret == 0 && changed) {
- char *args[] = { argv[0], NULL };
- ret = p11_trust_extract_compat (1, args);
- }
-
- return ret;
-}
diff --git a/trust/anchor.h b/trust/anchor.h
deleted file mode 100644
index 7b08682..0000000
--- a/trust/anchor.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#ifndef P11_ANCHOR_H_
-#define P11_ANCHOR_H_
-
-int p11_trust_anchor (int argc,
- char **argv);
-
-#endif /* P11_ANCHOR_H_ */
diff --git a/trust/asn1.c b/trust/asn1.c
deleted file mode 100644
index dd1812d..0000000
--- a/trust/asn1.c
+++ /dev/null
@@ -1,374 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "asn1.h"
-#define P11_DEBUG_FLAG P11_DEBUG_TRUST
-#include "debug.h"
-#include "oid.h"
-
-#include "openssl.asn.h"
-#include "pkix.asn.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
-static void
-free_asn1_def (void *data)
-{
- node_asn *def = data;
- asn1_delete_structure (&def);
-}
-
-struct {
- const ASN1_ARRAY_TYPE* tab;
- const char *prefix;
- int prefix_len;
-} asn1_tabs[] = {
- { pkix_asn1_tab, "PKIX1.", 6 },
- { openssl_asn1_tab, "OPENSSL.", 8 },
- { NULL, },
-};
-
-p11_dict *
-p11_asn1_defs_load (void)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- node_asn *def;
- p11_dict *defs;
- int ret;
- int i;
-
- defs = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, free_asn1_def);
-
- for (i = 0; asn1_tabs[i].tab != NULL; i++) {
-
- def = NULL;
- ret = asn1_array2tree (asn1_tabs[i].tab, &def, message);
- if (ret != ASN1_SUCCESS) {
- p11_debug_precond ("failed to load %s* definitions: %s: %s\n",
- asn1_tabs[i].prefix, asn1_strerror (ret), message);
- return NULL;
- }
-
- if (!p11_dict_set (defs, (void *)asn1_tabs[i].prefix, def))
- return_val_if_reached (NULL);
- }
-
- return defs;
-}
-
-static node_asn *
-lookup_def (p11_dict *asn1_defs,
- const char *struct_name)
-{
- int i;
-
- for (i = 0; asn1_tabs[i].tab != NULL; i++) {
- if (strncmp (struct_name, asn1_tabs[i].prefix, asn1_tabs[i].prefix_len) == 0)
- return p11_dict_get (asn1_defs, asn1_tabs[i].prefix);
- }
-
- p11_debug_precond ("unknown prefix for element: %s\n", struct_name);
- return NULL;
-}
-
-node_asn *
-p11_asn1_create (p11_dict *asn1_defs,
- const char *struct_name)
-{
- node_asn *def;
- node_asn *asn;
- int ret;
-
- return_val_if_fail (asn1_defs != NULL, NULL);
-
- def = lookup_def (asn1_defs, struct_name);
- return_val_if_fail (def != NULL, NULL);
-
- ret = asn1_create_element (def, struct_name, &asn);
- if (ret != ASN1_SUCCESS) {
- p11_debug_precond ("failed to create element %s: %s\n",
- struct_name, asn1_strerror (ret));
- return NULL;
- }
-
- return asn;
-}
-
-node_asn *
-p11_asn1_decode (p11_dict *asn1_defs,
- const char *struct_name,
- const unsigned char *der,
- size_t der_len,
- char *message)
-{
- char msg[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
- node_asn *asn = NULL;
- int ret;
-
- return_val_if_fail (asn1_defs != NULL, NULL);
-
- asn = p11_asn1_create (asn1_defs, struct_name);
- return_val_if_fail (asn != NULL, NULL);
-
- /* asn1_der_decoding destroys the element if fails */
- ret = asn1_der_decoding (&asn, der, der_len, message ? message : msg);
-
- if (ret != ASN1_SUCCESS) {
- /* If caller passed in a message buffer, assume they're logging */
- if (!message) {
- p11_debug ("couldn't parse %s: %s: %s",
- struct_name, asn1_strerror (ret), msg);
- }
- return NULL;
- }
-
- return asn;
-}
-
-unsigned char *
-p11_asn1_encode (node_asn *asn,
- size_t *der_len)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
- unsigned char *der;
- int len;
- int ret;
-
- return_val_if_fail (der_len != NULL, NULL);
-
- len = 0;
- ret = asn1_der_coding (asn, "", NULL, &len, message);
- return_val_if_fail (ret != ASN1_SUCCESS, NULL);
-
- if (ret == ASN1_MEM_ERROR) {
- der = malloc (len);
- return_val_if_fail (der != NULL, NULL);
-
- ret = asn1_der_coding (asn, "", der, &len, message);
- }
-
- if (ret != ASN1_SUCCESS) {
- p11_debug_precond ("failed to encode: %s\n", message);
- return NULL;
- }
-
- if (der_len)
- *der_len = len;
- return der;
-}
-
-void *
-p11_asn1_read (node_asn *asn,
- const char *field,
- size_t *length)
-{
- unsigned char *value;
- int len;
- int ret;
-
- return_val_if_fail (asn != NULL, NULL);
- return_val_if_fail (field != NULL, NULL);
- return_val_if_fail (length != NULL, NULL);
-
- len = 0;
- ret = asn1_read_value (asn, field, NULL, &len);
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- return NULL;
-
- return_val_if_fail (ret == ASN1_MEM_ERROR, NULL);
-
- value = malloc (len + 1);
- return_val_if_fail (value != NULL, NULL);
-
- ret = asn1_read_value (asn, field, value, &len);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- /* Courtesy zero terminated */
- value[len] = '\0';
-
- *length = len;
- return value;
-}
-
-void
-p11_asn1_free (void *asn)
-{
- node_asn *node = asn;
- if (node != NULL)
- asn1_delete_structure (&node);
-}
-
-ssize_t
-p11_asn1_tlv_length (const unsigned char *data,
- size_t length)
-{
- unsigned char cls;
- int counter = 0;
- int cb, len;
- unsigned long tag;
-
- if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) {
- counter += cb;
- len = asn1_get_length_der (data + cb, length - cb, &cb);
- counter += cb;
- if (len >= 0) {
- len += counter;
- if (length >= len)
- return len;
- }
- }
-
- return -1;
-}
-
-typedef struct {
- node_asn *node;
- char *struct_name;
- size_t length;
-} asn1_item;
-
-static void
-free_asn1_item (void *data)
-{
- asn1_item *item = data;
- free (item->struct_name);
- asn1_delete_structure (&item->node);
- free (item);
-}
-
-struct _p11_asn1_cache {
- p11_dict *defs;
- p11_dict *items;
-};
-
-p11_asn1_cache *
-p11_asn1_cache_new (void)
-{
- p11_asn1_cache *cache;
-
- cache = calloc (1, sizeof (p11_asn1_cache));
- return_val_if_fail (cache != NULL, NULL);
-
- cache->defs = p11_asn1_defs_load ();
- return_val_if_fail (cache->defs != NULL, NULL);
-
- cache->items = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal,
- NULL, free_asn1_item);
- return_val_if_fail (cache->items != NULL, NULL);
-
- return cache;
-}
-
-node_asn *
-p11_asn1_cache_get (p11_asn1_cache *cache,
- const char *struct_name,
- const unsigned char *der,
- size_t der_len)
-{
- asn1_item *item;
-
- if (cache == NULL)
- return NULL;
-
- return_val_if_fail (struct_name != NULL, NULL);
- return_val_if_fail (der != NULL, NULL);
-
- item = p11_dict_get (cache->items, der);
- if (item != NULL) {
- return_val_if_fail (item->length == der_len, NULL);
- return_val_if_fail (strcmp (item->struct_name, struct_name) == 0, NULL);
- return item->node;
- }
-
- return NULL;
-}
-
-void
-p11_asn1_cache_take (p11_asn1_cache *cache,
- node_asn *node,
- const char *struct_name,
- const unsigned char *der,
- size_t der_len)
-{
- asn1_item *item;
-
- if (cache == NULL) {
- asn1_delete_structure (&node);
- return;
- }
-
- return_if_fail (struct_name != NULL);
- return_if_fail (der != NULL);
- return_if_fail (der_len != 0);
-
- item = calloc (1, sizeof (asn1_item));
- return_if_fail (item != NULL);
-
- item->length = der_len;
- item->node = node;
- item->struct_name = strdup (struct_name);
- return_if_fail (item->struct_name != NULL);
-
- if (!p11_dict_set (cache->items, (void *)der, item))
- return_if_reached ();
-}
-
-void
-p11_asn1_cache_flush (p11_asn1_cache *cache)
-{
- if (cache == NULL)
- return;
- p11_dict_clear (cache->items);
-}
-
-p11_dict *
-p11_asn1_cache_defs (p11_asn1_cache *cache)
-{
- return_val_if_fail (cache != NULL, NULL);
- return cache->defs;
-}
-
-void
-p11_asn1_cache_free (p11_asn1_cache *cache)
-{
- if (!cache)
- return;
- p11_dict_free (cache->items);
- p11_dict_free (cache->defs);
- free (cache);
-}
diff --git a/trust/asn1.h b/trust/asn1.h
deleted file mode 100644
index a5f9caf..0000000
--- a/trust/asn1.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include <libtasn1.h>
-
-#include "dict.h"
-
-#ifndef P11_ASN1_H_
-#define P11_ASN1_H_
-
-typedef struct _p11_asn1_cache p11_asn1_cache;
-
-p11_dict * p11_asn1_defs_load (void);
-
-node_asn * p11_asn1_decode (p11_dict *asn1_defs,
- const char *struct_name,
- const unsigned char *der,
- size_t der_len,
- char *message);
-
-node_asn * p11_asn1_create (p11_dict *asn1_defs,
- const char *struct_name);
-
-unsigned char * p11_asn1_encode (node_asn *asn,
- size_t *der_len);
-
-void * p11_asn1_read (node_asn *asn,
- const char *field,
- size_t *length);
-
-void p11_asn1_free (void *asn);
-
-ssize_t p11_asn1_tlv_length (const unsigned char *data,
- size_t length);
-
-p11_asn1_cache * p11_asn1_cache_new (void);
-
-p11_dict * p11_asn1_cache_defs (p11_asn1_cache *cache);
-
-node_asn * p11_asn1_cache_get (p11_asn1_cache *cache,
- const char *struct_name,
- const unsigned char *der,
- size_t der_len);
-
-void p11_asn1_cache_take (p11_asn1_cache *cache,
- node_asn *node,
- const char *struct_name,
- const unsigned char *der,
- size_t der_len);
-
-void p11_asn1_cache_flush (p11_asn1_cache *cache);
-
-void p11_asn1_cache_free (p11_asn1_cache *cache);
-
-#endif /* P11_ASN1_H_ */
diff --git a/trust/base64.c b/trust/base64.c
deleted file mode 100644
index a9eb966..0000000
--- a/trust/base64.c
+++ /dev/null
@@ -1,251 +0,0 @@
-/*
- * Copyright (c) 1996, 1998 by Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/*
- * Portions Copyright (c) 1995 by International Business Machines, Inc.
- *
- * International Business Machines, Inc. (hereinafter called IBM) grants
- * permission under its copyrights to use, copy, modify, and distribute this
- * Software with or without fee, provided that the above copyright notice and
- * all paragraphs of this notice appear in all copies, and that the name of IBM
- * not be used in connection with the marketing of any product incorporating
- * the Software or modifications thereof, without specific, written prior
- * permission.
- *
- * To the extent it has a right to do so, IBM grants an immunity from suit
- * under its patents, if any, for the use, sale or manufacture of products to
- * the extent that such products are used for performing Domain Name System
- * dynamic updates in TCP/IP networks by means of the Software. No immunity is
- * granted for any product per se or for any other function of any product.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
- * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
- * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
- */
-
-#include "config.h"
-
-#include "base64.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-
-static const char Base64[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-static const char Pad64 = '=';
-
-/* skips all whitespace anywhere.
- converts characters, four at a time, starting at (or after)
- src from base - 64 numbers into three 8 bit bytes in the target area.
- it returns the number of data bytes stored at the target, or -1 on error.
- */
-
-int
-p11_b64_pton (const char *src,
- size_t length,
- unsigned char *target,
- size_t targsize)
-{
- int tarindex, state, ch;
- char *pos;
- const char *end;
-
- state = 0;
- tarindex = 0;
- end = src + length;
-
- /* We can't rely on the null terminator */
- #define next_char(src, end) \
- (((src) == (end)) ? '\0': *(src)++)
-
- while ((ch = next_char (src, end)) != '\0') {
- if (isspace ((unsigned char) ch)) /* Skip whitespace anywhere. */
- continue;
-
- if (ch == Pad64)
- break;
-
- pos = strchr (Base64, ch);
- if (pos == 0) /* A non-base64 character. */
- return (-1);
-
- switch (state) {
- case 0:
- if (target) {
- if ((size_t)tarindex >= targsize)
- return (-1);
- target[tarindex] = (pos - Base64) << 2;
- }
- state = 1;
- break;
- case 1:
- if (target) {
- if ((size_t) tarindex + 1 >= targsize)
- return (-1);
- target[tarindex] |= (pos - Base64) >> 4;
- target[tarindex + 1] = ((pos - Base64) & 0x0f)
- << 4;
- }
- tarindex++;
- state = 2;
- break;
- case 2:
- if (target) {
- if ((size_t) tarindex + 1 >= targsize)
- return (-1);
- target[tarindex] |= (pos - Base64) >> 2;
- target[tarindex + 1] = ((pos - Base64) & 0x03)
- << 6;
- }
- tarindex++;
- state = 3;
- break;
- case 3:
- if (target) {
- if ((size_t) tarindex >= targsize)
- return (-1);
- target[tarindex] |= (pos - Base64);
- }
- tarindex++;
- state = 0;
- break;
- default:
- abort();
- }
- }
-
- /*
- * We are done decoding Base-64 chars. Let's see if we ended
- * on a byte boundary, and/or with erroneous trailing characters.
- */
-
- if (ch == Pad64) { /* We got a pad char. */
- ch = next_char (src, end); /* Skip it, get next. */
- switch (state) {
- case 0: /* Invalid = in first position */
- case 1: /* Invalid = in second position */
- return (-1);
-
- case 2: /* Valid, means one byte of info */
- /* Skip any number of spaces. */
- for ((void) NULL; ch != '\0'; ch = next_char (src, end))
- if (!isspace((unsigned char) ch))
- break;
- /* Make sure there is another trailing = sign. */
- if (ch != Pad64)
- return (-1);
- ch = next_char (src, end); /* Skip the = */
- /* Fall through to "single trailing =" case. */
- /* FALLTHROUGH */
-
- case 3: /* Valid, means two bytes of info */
- /*
- * We know this char is an =. Is there anything but
- * whitespace after it?
- */
- for ((void)NULL; src != end; ch = next_char (src, end))
- if (!isspace((unsigned char) ch))
- return (-1);
-
- /*
- * Now make sure for cases 2 and 3 that the "extra"
- * bits that slopped past the last full byte were
- * zeros. If we don't check them, they become a
- * subliminal channel.
- */
- if (target && target[tarindex] != 0)
- return (-1);
- }
- } else {
- /*
- * We ended by seeing the end of the string. Make sure we
- * have no partial bytes lying around.
- */
- if (state != 0)
- return (-1);
- }
-
- return (tarindex);
-}
-
-int
-p11_b64_ntop (const unsigned char *src,
- size_t srclength,
- char *target,
- size_t targsize,
- int breakl)
-{
- size_t len = 0;
- unsigned char input[3];
- unsigned char output[4];
- size_t i;
-
- while (srclength > 0) {
- if (2 < srclength) {
- input[0] = *src++;
- input[1] = *src++;
- input[2] = *src++;
- srclength -= 3;
-
- output[0] = input[0] >> 2;
- output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
- output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
- output[3] = input[2] & 0x3f;
-
- } else if (0 != srclength) {
- /* Get what's left. */
- input[0] = input[1] = input[2] = '\0';
- for (i = 0; i < srclength; i++)
- input[i] = *src++;
-
- output[0] = input[0] >> 2;
- output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
- if (srclength == 1)
- output[2] = 255;
- else
- output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
- output[3] = 255;
-
- srclength = 0;
- }
-
- for (i = 0; i < 4; i++) {
- if (breakl && len % (breakl + 1) == 0) {
- assert (len + 1 < targsize);
- target[len++] = '\n';
- }
-
- assert(output[i] == 255 || output[i] < 64);
- assert (len + 1 < targsize);
-
- if (output[i] == 255)
- target[len++] = Pad64;
- else
- target[len++] = Base64[output[i]];
- }
- }
-
- assert (len < targsize);
- target[len] = '\0'; /* Returned value doesn't count \0. */
- return len;
-}
diff --git a/trust/base64.h b/trust/base64.h
deleted file mode 100644
index cc27afd..0000000
--- a/trust/base64.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 1996, 1998 by Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-/*
- * Portions Copyright (c) 1995 by International Business Machines, Inc.
- *
- * International Business Machines, Inc. (hereinafter called IBM) grants
- * permission under its copyrights to use, copy, modify, and distribute this
- * Software with or without fee, provided that the above copyright notice and
- * all paragraphs of this notice appear in all copies, and that the name of IBM
- * not be used in connection with the marketing of any product incorporating
- * the Software or modifications thereof, without specific, written prior
- * permission.
- *
- * To the extent it has a right to do so, IBM grants an immunity from suit
- * under its patents, if any, for the use, sale or manufacture of products to
- * the extent that such products are used for performing Domain Name System
- * dynamic updates in TCP/IP networks by means of the Software. No immunity is
- * granted for any product per se or for any other function of any product.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
- * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
- * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
- * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
- */
-
-#ifndef P11_BASE64_H_
-#define P11_BASE64_H_
-
-#include <sys/types.h>
-
-int p11_b64_pton (const char *src,
- size_t length,
- unsigned char *target,
- size_t targsize);
-
-int p11_b64_ntop (const unsigned char *src,
- size_t srclength,
- char *target,
- size_t targsize,
- int breakl);
-
-#endif /* P11_BASE64_H_ */
diff --git a/trust/basic.asn b/trust/basic.asn
deleted file mode 100644
index 3c79a4b..0000000
--- a/trust/basic.asn
+++ /dev/null
@@ -1,12 +0,0 @@
-
-BASIC { }
-
-DEFINITIONS EXPLICIT TAGS ::=
-
-BEGIN
-
-Any ::= ANY
-
-ObjectIdentifier ::= OBJECT IDENTIFIER
-
-END \ No newline at end of file
diff --git a/trust/basic.asn.h b/trust/basic.asn.h
deleted file mode 100644
index b63447b..0000000
--- a/trust/basic.asn.h
+++ /dev/null
@@ -1,13 +0,0 @@
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <libtasn1.h>
-
-const ASN1_ARRAY_TYPE basic_asn1_tab[] = {
- { "BASIC", 536872976, NULL },
- { NULL, 1073741836, NULL },
- { "Any", 1073741837, NULL },
- { "ObjectIdentifier", 12, NULL },
- { NULL, 0, NULL }
-};
diff --git a/trust/builder.c b/trust/builder.c
deleted file mode 100644
index e0ce370..0000000
--- a/trust/builder.c
+++ /dev/null
@@ -1,1872 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_TRUST
-
-#include "array.h"
-#include "asn1.h"
-#include "attrs.h"
-#include "builder.h"
-#include "constants.h"
-#include "debug.h"
-#include "digest.h"
-#include "index.h"
-#include "message.h"
-#include "oid.h"
-#include "pkcs11i.h"
-#include "pkcs11x.h"
-#include "utf8.h"
-#include "x509.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
-struct _p11_builder {
- p11_asn1_cache *asn1_cache;
- p11_dict *asn1_defs;
- int flags;
-};
-
-enum {
- NONE = 0,
- CREATE = 1 << 0,
- MODIFY = 1 << 1,
- REQUIRE = 1 << 2,
- WANT = 1 << 3,
-};
-
-enum {
- NORMAL_BUILD = 0,
- GENERATED_CLASS = 1 << 0,
-};
-
-typedef struct {
- int build_flags;
- struct {
- CK_ATTRIBUTE_TYPE type;
- int flags;
- bool (*validate) (p11_builder *, CK_ATTRIBUTE *);
- } attrs[32];
- CK_ATTRIBUTE * (*populate) (p11_builder *, p11_index *, CK_ATTRIBUTE *);
- CK_RV (*validate) (p11_builder *, CK_ATTRIBUTE *, CK_ATTRIBUTE *);
-} builder_schema;
-
-static node_asn *
-decode_or_get_asn1 (p11_builder *builder,
- const char *struct_name,
- const unsigned char *der,
- size_t length)
-{
- node_asn *node;
-
- node = p11_asn1_cache_get (builder->asn1_cache, struct_name, der, length);
- if (node != NULL)
- return node;
-
- node = p11_asn1_decode (builder->asn1_defs, struct_name, der, length, NULL);
- if (node != NULL)
- p11_asn1_cache_take (builder->asn1_cache, node, struct_name, der, length);
-
- return node;
-}
-
-static unsigned char *
-lookup_extension (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *cert,
- CK_ATTRIBUTE *public_key,
- const unsigned char *oid,
- size_t *ext_len)
-{
- CK_OBJECT_CLASS klass = CKO_X_CERTIFICATE_EXTENSION;
- CK_OBJECT_HANDLE obj;
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *label;
- void *value;
- size_t length;
- node_asn *node;
-
- CK_ATTRIBUTE match[] = {
- { CKA_PUBLIC_KEY_INFO, },
- { CKA_OBJECT_ID, (void *)oid, p11_oid_length (oid) },
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_INVALID },
- };
-
- if (public_key == NULL || public_key->type == CKA_INVALID)
- public_key = p11_attrs_find_valid (cert, CKA_PUBLIC_KEY_INFO);
-
- /* Look for an attached certificate extension */
- if (public_key != NULL) {
- memcpy (match, public_key, sizeof (CK_ATTRIBUTE));
- obj = p11_index_find (index, match, -1);
- attrs = p11_index_lookup (index, obj);
- if (attrs != NULL) {
- value = p11_attrs_find_value (attrs, CKA_VALUE, &length);
- if (value != NULL) {
- node = decode_or_get_asn1 (builder, "PKIX1.Extension", value, length);
- if (node == NULL) {
- label = p11_attrs_find_valid (attrs, CKA_LABEL);
- if (label == NULL)
- label = p11_attrs_find_valid (cert, CKA_LABEL);
- p11_message ("%.*s: invalid certificate extension",
- label ? (int)label->ulValueLen : 7,
- label ? (char *)label->pValue : "unknown");
- return NULL;
- }
- return p11_asn1_read (node, "extnValue", ext_len);
- }
- }
- }
-
- /* Couldn't find a parsed extension, so look in the current certificate */
- value = p11_attrs_find_value (cert, CKA_VALUE, &length);
- if (value != NULL) {
- node = decode_or_get_asn1 (builder, "PKIX1.Certificate", value, length);
- return_val_if_fail (node != NULL, NULL);
- return p11_x509_find_extension (node, oid, value, length, ext_len);
- }
-
- return NULL;
-}
-
-static CK_OBJECT_HANDLE *
-lookup_related (p11_index *index,
- CK_OBJECT_CLASS klass,
- CK_ATTRIBUTE *attr)
-{
- CK_ATTRIBUTE match[] = {
- { attr->type, attr->pValue, attr->ulValueLen },
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_INVALID }
- };
-
- return p11_index_find_all (index, match, -1);
-}
-
-p11_builder *
-p11_builder_new (int flags)
-{
- p11_builder *builder;
-
- builder = calloc (1, sizeof (p11_builder));
- return_val_if_fail (builder != NULL, NULL);
-
- builder->asn1_cache = p11_asn1_cache_new ();
- return_val_if_fail (builder->asn1_cache, NULL);
- builder->asn1_defs = p11_asn1_cache_defs (builder->asn1_cache);
-
- builder->flags = flags;
- return builder;
-}
-
-static int
-atoin (const char *p,
- int digits)
-{
- int ret = 0, base = 1;
- while(--digits >= 0) {
- if (p[digits] < '0' || p[digits] > '9')
- return -1;
- ret += (p[digits] - '0') * base;
- base *= 10;
- }
- return ret;
-}
-
-static bool
-type_bool (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- return (attr->pValue != NULL &&
- sizeof (CK_BBOOL) == attr->ulValueLen);
-}
-
-static bool
-type_ulong (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- return (attr->pValue != NULL &&
- sizeof (CK_ULONG) == attr->ulValueLen);
-}
-
-static bool
-type_utf8 (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- if (attr->ulValueLen == 0)
- return true;
- if (attr->pValue == NULL)
- return false;
- return p11_utf8_validate (attr->pValue, attr->ulValueLen);
-}
-
-static bool
-type_date (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- CK_DATE *date;
- struct tm tm;
- struct tm two;
-
- if (attr->ulValueLen == 0)
- return true;
- if (attr->pValue == NULL || attr->ulValueLen != sizeof (CK_DATE))
- return false;
-
- date = attr->pValue;
- memset (&tm, 0, sizeof (tm));
- tm.tm_year = atoin ((char *)date->year, 4) - 1900;
- tm.tm_mon = atoin ((char *)date->month, 2);
- tm.tm_mday = atoin ((char *)date->day, 2);
-
- if (tm.tm_year < 0 || tm.tm_mon <= 0 || tm.tm_mday <= 0)
- return false;
-
- memcpy (&two, &tm, sizeof (tm));
- if (mktime (&two) < 0)
- return false;
-
- /* If mktime changed anything, then bad date */
- if (tm.tm_year != two.tm_year ||
- tm.tm_mon != two.tm_mon ||
- tm.tm_mday != two.tm_mday)
- return false;
-
- return true;
-}
-
-static bool
-check_der_struct (p11_builder *builder,
- const char *struct_name,
- CK_ATTRIBUTE *attr)
-{
- node_asn *asn;
-
- if (attr->ulValueLen == 0)
- return true;
- if (attr->pValue == NULL)
- return false;
-
- asn = p11_asn1_decode (builder->asn1_defs, struct_name,
- attr->pValue, attr->ulValueLen, NULL);
-
- if (asn == NULL)
- return false;
-
- asn1_delete_structure (&asn);
- return true;
-}
-
-static bool
-type_der_name (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- return check_der_struct (builder, "PKIX1.Name", attr);
-}
-
-static bool
-type_der_serial (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- return check_der_struct (builder, "PKIX1.CertificateSerialNumber", attr);
-}
-
-static bool
-type_der_oid (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- /* AttributeType is an OBJECT ID */
- return check_der_struct (builder, "PKIX1.AttributeType", attr);
-}
-
-static bool
-type_der_cert (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- return check_der_struct (builder, "PKIX1.Certificate", attr);
-}
-
-static bool
-type_der_key (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- return check_der_struct (builder, "PKIX1.SubjectPublicKeyInfo", attr);
-}
-
-static bool
-type_der_ext (p11_builder *builder,
- CK_ATTRIBUTE *attr)
-{
- return check_der_struct (builder, "PKIX1.Extension", attr);
-}
-
-#define COMMON_ATTRS \
- { CKA_CLASS, REQUIRE | CREATE, type_ulong }, \
- { CKA_TOKEN, CREATE | WANT, type_bool }, \
- { CKA_MODIFIABLE, CREATE | WANT, type_bool }, \
- { CKA_PRIVATE, CREATE, type_bool }, \
- { CKA_LABEL, CREATE | MODIFY | WANT, type_utf8 }, \
- { CKA_X_GENERATED, CREATE }, \
- { CKA_X_ORIGIN, NONE } \
-
-static CK_ATTRIBUTE *
-common_populate (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *unused)
-{
- CK_BBOOL tokenv = CK_FALSE;
- CK_BBOOL modifiablev = CK_TRUE;
- CK_BBOOL privatev = CK_FALSE;
- CK_BBOOL generatedv = CK_FALSE;
-
- CK_ATTRIBUTE token = { CKA_TOKEN, &tokenv, sizeof (tokenv), };
- CK_ATTRIBUTE privat = { CKA_PRIVATE, &privatev, sizeof (privatev) };
- CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) };
- CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) };
- CK_ATTRIBUTE label = { CKA_LABEL, "", 0 };
-
- if (builder->flags & P11_BUILDER_FLAG_TOKEN) {
- tokenv = CK_TRUE;
- modifiablev = CK_FALSE;
- }
-
- return p11_attrs_build (NULL, &token, &privat, &modifiable, &label, &generated, NULL);
-}
-
-static void
-calc_check_value (const unsigned char *data,
- size_t length,
- CK_BYTE *check_value)
-{
- unsigned char checksum[P11_DIGEST_SHA1_LEN];
- p11_digest_sha1 (checksum, data, length, NULL);
- memcpy (check_value, checksum, 3);
-}
-
-static int
-century_for_two_digit_year (int year)
-{
- time_t now;
- struct tm tm;
- int century, current;
-
- return_val_if_fail (year >= 0 && year <= 99, -1);
-
- /* Get the current year */
- now = time (NULL);
- return_val_if_fail (now >= 0, -1);
- if (!gmtime_r (&now, &tm))
- return_val_if_reached (-1);
-
- current = (tm.tm_year % 100);
- century = (tm.tm_year + 1900) - current;
-
- /*
- * Check if it's within 40 years before the
- * current date.
- */
- if (current < 40) {
- if (year < current)
- return century;
- if (year > 100 - (40 - current))
- return century - 100;
- } else {
- if (year < current && year > (current - 40))
- return century;
- }
-
- /*
- * If it's after then adjust for overflows to
- * the next century.
- */
- if (year < current)
- return century + 100;
- else
- return century;
-}
-
-static bool
-calc_date (node_asn *node,
- const char *field,
- CK_DATE *date)
-{
- node_asn *choice;
- char buf[64];
- int century;
- char *sub;
- int year;
- int len;
- int ret;
-
- if (!node)
- return false;
-
- choice = asn1_find_node (node, field);
- return_val_if_fail (choice != NULL, false);
-
- len = sizeof (buf) - 1;
- ret = asn1_read_value (node, field, buf, &len);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
-
- sub = strconcat (field, ".", buf, NULL);
-
- /*
- * So here we take a shortcut and just copy the date from the
- * certificate into the CK_DATE. This doesn't take into account
- * time zones. However the PKCS#11 spec does not say what timezone
- * the dates are in. In the PKCS#11 value have a day resolution,
- * and time zones aren't that critical.
- */
-
- if (strcmp (buf, "generalTime") == 0) {
- len = sizeof (buf) - 1;
- ret = asn1_read_value (node, sub, buf, &len);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- return_val_if_fail (len >= 8, false);
-
- /* Same as first 8 characters of date */
- memcpy (date, buf, 8);
-
- } else if (strcmp (buf, "utcTime") == 0) {
- len = sizeof (buf) - 1;
- ret = asn1_read_value (node, sub, buf, &len);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- return_val_if_fail (len >= 6, false);
-
- year = atoin (buf, 2);
- return_val_if_fail (year >= 0, false);
-
- century = century_for_two_digit_year (year);
- return_val_if_fail (century >= 0, false);
-
- snprintf ((char *)date->year, 3, "%02d", century);
- memcpy (((char *)date) + 2, buf, 6);
-
- } else {
- return_val_if_reached (false);
- }
-
- free (sub);
- return true;
-}
-
-static bool
-calc_element (node_asn *node,
- const unsigned char *data,
- size_t length,
- const char *field,
- CK_ATTRIBUTE *attr)
-{
- int ret;
- int start, end;
-
- if (!node)
- return false;
-
- ret = asn1_der_decoding_startEnd (node, data, length, field, &start, &end);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- return_val_if_fail (end >= start, false);
-
- attr->pValue = (void *)(data + start);
- attr->ulValueLen = (end - start) + 1;
- return true;
-}
-
-static bool
-is_v1_x509_authority (p11_builder *builder,
- CK_ATTRIBUTE *cert)
-{
- CK_ATTRIBUTE subject;
- CK_ATTRIBUTE issuer;
- CK_ATTRIBUTE *value;
- char buffer[16];
- node_asn *node;
- int len;
- int ret;
-
- value = p11_attrs_find_valid (cert, CKA_VALUE);
- if (value == NULL)
- return false;
-
- node = decode_or_get_asn1 (builder, "PKIX1.Certificate",
- value->pValue, value->ulValueLen);
- return_val_if_fail (node != NULL, false);
-
- len = sizeof (buffer);
- ret = asn1_read_value (node, "tbsCertificate.version", buffer, &len);
-
- /* The default value */
- if (ret == ASN1_ELEMENT_NOT_FOUND) {
- ret = ASN1_SUCCESS;
- buffer[0] = 0;
- len = 1;
- }
-
- return_val_if_fail (ret == ASN1_SUCCESS, false);
-
- /*
- * In X.509 version v1 is the integer zero. Two's complement
- * integer, but zero is easy to read.
- */
- if (len != 1 || buffer[0] != 0)
- return false;
-
- /* Must be self-signed, ie: same subject and issuer */
- if (!calc_element (node, value->pValue, value->ulValueLen, "tbsCertificate.subject", &subject))
- return_val_if_reached (false);
- if (!calc_element (node, value->pValue, value->ulValueLen, "tbsCertificate.issuer", &issuer))
- return_val_if_reached (false);
- return p11_attr_match_value (&subject, issuer.pValue, issuer.ulValueLen);
-}
-
-static bool
-calc_certificate_category (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *cert,
- CK_ATTRIBUTE *public_key,
- CK_ULONG *category)
-{
- CK_ATTRIBUTE *label;
- unsigned char *ext;
- size_t ext_len;
- bool is_ca = 0;
- bool ret;
-
- /*
- * In the PKCS#11 spec:
- * 0 = unspecified (default value)
- * 1 = token user
- * 2 = authority
- * 3 = other entity
- */
-
- /* See if we have a basic constraints extension */
- ext = lookup_extension (builder, index, cert, public_key, P11_OID_BASIC_CONSTRAINTS, &ext_len);
- if (ext != NULL) {
- ret = p11_x509_parse_basic_constraints (builder->asn1_defs, ext, ext_len, &is_ca);
- free (ext);
- if (!ret) {
- label = p11_attrs_find_valid (cert, CKA_LABEL);
- p11_message ("%.*s: invalid basic constraints certificate extension",
- label ? (int)label->ulValueLen : 7,
- label ? (char *)label->pValue : "unknown");
- return false;
- }
-
- } else if (is_v1_x509_authority (builder, cert)) {
- /*
- * If there is no basic constraints extension, and the CA version is
- * v1, and is self-signed, then we assume this is a certificate authority.
- * So we add a BasicConstraints attached certificate extension
- */
- is_ca = 1;
-
- } else if (!p11_attrs_find_valid (cert, CKA_VALUE)) {
- /*
- * If we have no certificate value, then this is unknown
- */
- *category = 0;
- return true;
-
- }
-
- *category = is_ca ? 2 : 3;
- return true;
-}
-
-static CK_ATTRIBUTE *
-certificate_value_attrs (p11_builder *builder,
- CK_ATTRIBUTE *attrs,
- node_asn *node,
- const unsigned char *der,
- size_t der_len,
- CK_ATTRIBUTE *public_key)
-{
- unsigned char checksum[P11_DIGEST_SHA1_LEN];
- unsigned char *keyid = NULL;
- size_t keyid_len;
- unsigned char *ext = NULL;
- size_t ext_len;
- CK_BBOOL falsev = CK_FALSE;
- CK_ULONG zero = 0UL;
- CK_BYTE checkv[3];
- CK_DATE startv;
- CK_DATE endv;
- char *labelv = NULL;
-
- CK_ATTRIBUTE trusted = { CKA_TRUSTED, &falsev, sizeof (falsev) };
- CK_ATTRIBUTE distrusted = { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) };
- CK_ATTRIBUTE url = { CKA_URL, "", 0 };
- CK_ATTRIBUTE hash_of_subject_public_key = { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) };
- CK_ATTRIBUTE hash_of_issuer_public_key = { CKA_HASH_OF_ISSUER_PUBLIC_KEY, "", 0 };
- CK_ATTRIBUTE java_midp_security_domain = { CKA_JAVA_MIDP_SECURITY_DOMAIN, &zero, sizeof (zero) };
- CK_ATTRIBUTE check_value = { CKA_CHECK_VALUE, &checkv, sizeof (checkv) };
- CK_ATTRIBUTE start_date = { CKA_START_DATE, &startv, sizeof (startv) };
- CK_ATTRIBUTE end_date = { CKA_END_DATE, &endv, sizeof (endv) };
- CK_ATTRIBUTE subject = { CKA_SUBJECT, };
- CK_ATTRIBUTE issuer = { CKA_ISSUER, "", 0 };
- CK_ATTRIBUTE serial_number = { CKA_SERIAL_NUMBER, "", 0 };
- CK_ATTRIBUTE label = { CKA_LABEL };
- CK_ATTRIBUTE id = { CKA_ID, NULL, 0 };
-
- return_val_if_fail (attrs != NULL, NULL);
-
- if (der == NULL)
- check_value.type = CKA_INVALID;
- else
- calc_check_value (der, der_len, checkv);
-
- if (!calc_date (node, "tbsCertificate.validity.notBefore", &startv))
- start_date.ulValueLen = 0;
- if (!calc_date (node, "tbsCertificate.validity.notAfter", &endv))
- end_date.ulValueLen = 0;
-
- if (calc_element (node, der, der_len, "tbsCertificate.subjectPublicKeyInfo", public_key))
- public_key->type = CKA_PUBLIC_KEY_INFO;
- else
- public_key->type = CKA_INVALID;
- calc_element (node, der, der_len, "tbsCertificate.issuer.rdnSequence", &issuer);
- if (!calc_element (node, der, der_len, "tbsCertificate.subject.rdnSequence", &subject))
- subject.type = CKA_INVALID;
- calc_element (node, der, der_len, "tbsCertificate.serialNumber", &serial_number);
-
- /* Try to build a keyid from an extension */
- if (node) {
- ext = p11_x509_find_extension (node, P11_OID_SUBJECT_KEY_IDENTIFIER, der, der_len, &ext_len);
- if (ext) {
- keyid = p11_x509_parse_subject_key_identifier (builder->asn1_defs, ext,
- ext_len, &keyid_len);
- id.pValue = keyid;
- id.ulValueLen = keyid_len;
- }
- }
-
- if (!node || !p11_x509_hash_subject_public_key (node, der, der_len, checksum))
- hash_of_subject_public_key.ulValueLen = 0;
-
- if (id.pValue == NULL) {
- id.pValue = hash_of_subject_public_key.pValue;
- id.ulValueLen = hash_of_subject_public_key.ulValueLen;
- }
-
- if (node) {
- labelv = p11_x509_lookup_dn_name (node, "tbsCertificate.subject",
- der, der_len, P11_OID_CN);
- if (!labelv)
- labelv = p11_x509_lookup_dn_name (node, "tbsCertificate.subject",
- der, der_len, P11_OID_OU);
- if (!labelv)
- labelv = p11_x509_lookup_dn_name (node, "tbsCertificate.subject",
- der, der_len, P11_OID_O);
- }
-
- if (labelv) {
- label.pValue = labelv;
- label.ulValueLen = strlen (labelv);
- } else {
- label.type = CKA_INVALID;
- }
-
- attrs = p11_attrs_build (attrs, &trusted, &distrusted, &url, &hash_of_issuer_public_key,
- &hash_of_subject_public_key, &java_midp_security_domain,
- &check_value, &start_date, &end_date, &id,
- &subject, &issuer, &serial_number, &label, public_key,
- NULL);
- return_val_if_fail (attrs != NULL, NULL);
-
- free (ext);
- free (keyid);
- free (labelv);
- return attrs;
-}
-
-static CK_ATTRIBUTE *
-certificate_populate (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *cert)
-{
- CK_ULONG categoryv = 0UL;
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE public_key;
- node_asn *node = NULL;
- unsigned char *der = NULL;
- size_t der_len = 0;
-
- CK_ATTRIBUTE category = { CKA_CERTIFICATE_CATEGORY, &categoryv, sizeof (categoryv) };
- CK_ATTRIBUTE empty_value = { CKA_VALUE, "", 0 };
-
- attrs = common_populate (builder, index, cert);
- return_val_if_fail (attrs != NULL, NULL);
-
- der = p11_attrs_find_value (cert, CKA_VALUE, &der_len);
- if (der != NULL)
- node = decode_or_get_asn1 (builder, "PKIX1.Certificate", der, der_len);
-
- attrs = certificate_value_attrs (builder, attrs, node, der, der_len, &public_key);
- return_val_if_fail (attrs != NULL, NULL);
-
- if (!calc_certificate_category (builder, index, cert, &public_key, &categoryv))
- categoryv = 0;
-
- return p11_attrs_build (attrs, &category, &empty_value, NULL);
-}
-
-static bool
-have_attribute (CK_ATTRIBUTE *attrs1,
- CK_ATTRIBUTE *attrs2,
- CK_ATTRIBUTE_TYPE type)
-{
- CK_ATTRIBUTE *attr;
-
- attr = p11_attrs_find (attrs1, type);
- if (attr == NULL)
- attr = p11_attrs_find (attrs2, type);
- return attr != NULL && attr->ulValueLen > 0;
-}
-
-static CK_RV
-certificate_validate (p11_builder *builder,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge)
-{
- /*
- * In theory we should be validating that in the absence of CKA_VALUE
- * various other fields must be set. However we do not enforce this
- * because we want to be able to have certificates without a value
- * but issuer and serial number, for blacklisting purposes.
- */
-
- if (have_attribute (attrs, merge, CKA_URL)) {
- if (!have_attribute (attrs, merge, CKA_HASH_OF_SUBJECT_PUBLIC_KEY)) {
- p11_message ("missing the CKA_HASH_OF_SUBJECT_PUBLIC_KEY attribute");
- return CKR_TEMPLATE_INCONSISTENT;
- }
-
- if (!have_attribute (attrs, merge, CKA_HASH_OF_SUBJECT_PUBLIC_KEY)) {
- p11_message ("missing the CKA_HASH_OF_ISSUER_PUBLIC_KEY attribute");
- return CKR_TEMPLATE_INCONSISTENT;
- }
- }
-
- return CKR_OK;
-}
-
-const static builder_schema certificate_schema = {
- NORMAL_BUILD,
- { COMMON_ATTRS,
- { CKA_CERTIFICATE_TYPE, REQUIRE | CREATE, type_ulong },
- { CKA_TRUSTED, CREATE | WANT, type_bool },
- { CKA_X_DISTRUSTED, CREATE | WANT, type_bool },
- { CKA_CERTIFICATE_CATEGORY, CREATE | WANT, type_ulong },
- { CKA_CHECK_VALUE, CREATE | WANT, },
- { CKA_START_DATE, CREATE | MODIFY | WANT, type_date },
- { CKA_END_DATE, CREATE | MODIFY | WANT, type_date },
- { CKA_SUBJECT, CREATE | WANT, type_der_name },
- { CKA_ID, CREATE | MODIFY | WANT },
- { CKA_ISSUER, CREATE | MODIFY | WANT, type_der_name },
- { CKA_SERIAL_NUMBER, CREATE | MODIFY | WANT, type_der_serial },
- { CKA_VALUE, CREATE, type_der_cert },
- { CKA_URL, CREATE, type_utf8 },
- { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, CREATE },
- { CKA_HASH_OF_ISSUER_PUBLIC_KEY, CREATE },
- { CKA_JAVA_MIDP_SECURITY_DOMAIN, CREATE, type_ulong },
- { CKA_PUBLIC_KEY_INFO, WANT, type_der_key },
- { CKA_INVALID },
- }, certificate_populate, certificate_validate,
-};
-
-static CK_ATTRIBUTE *
-extension_populate (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *extension)
-{
- unsigned char checksum[P11_DIGEST_SHA1_LEN];
- CK_ATTRIBUTE object_id = { CKA_INVALID };
- CK_ATTRIBUTE id = { CKA_INVALID };
- CK_ATTRIBUTE *attrs = NULL;
-
- void *der;
- size_t len;
- node_asn *asn;
-
- attrs = common_populate (builder, index, extension);
- return_val_if_fail (attrs != NULL, NULL);
-
- if (!p11_attrs_find_valid (attrs, CKA_ID)) {
- der = p11_attrs_find_value (extension, CKA_PUBLIC_KEY_INFO, &len);
- return_val_if_fail (der != NULL, NULL);
-
- p11_digest_sha1 (checksum, der, len, NULL);
- id.pValue = checksum;
- id.ulValueLen = sizeof (checksum);
- id.type = CKA_ID;
- }
-
- /* Pull the object id out of the extension if not present */
- if (!p11_attrs_find_valid (attrs, CKA_OBJECT_ID)) {
- der = p11_attrs_find_value (extension, CKA_VALUE, &len);
- return_val_if_fail (der != NULL, NULL);
-
- asn = decode_or_get_asn1 (builder, "PKIX1.Extension", der, len);
- return_val_if_fail (asn != NULL, NULL);
-
- if (calc_element (asn, der, len, "extnID", &object_id))
- object_id.type = CKA_OBJECT_ID;
- }
-
- attrs = p11_attrs_build (attrs, &object_id, &id, NULL);
- return_val_if_fail (attrs != NULL, NULL);
-
- return attrs;
-}
-
-const static builder_schema extension_schema = {
- NORMAL_BUILD,
- { COMMON_ATTRS,
- { CKA_VALUE, REQUIRE | CREATE, type_der_ext },
- { CKA_PUBLIC_KEY_INFO, REQUIRE | CREATE, type_der_key },
- { CKA_OBJECT_ID, CREATE | WANT, type_der_oid },
- { CKA_ID, CREATE | MODIFY },
- { CKA_INVALID },
- }, extension_populate,
-};
-
-static CK_ATTRIBUTE *
-data_populate (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *data)
-{
- static const CK_ATTRIBUTE value = { CKA_VALUE, "", 0 };
- static const CK_ATTRIBUTE application = { CKA_APPLICATION, "", 0 };
- static const CK_ATTRIBUTE object_id = { CKA_OBJECT_ID, "", 0 };
- CK_ATTRIBUTE *attrs;
-
- attrs = common_populate (builder, index, data);
- return_val_if_fail (attrs != NULL, NULL);
-
- return p11_attrs_build (attrs, &value, &application, &object_id, NULL);
-}
-
-const static builder_schema data_schema = {
- NORMAL_BUILD,
- { COMMON_ATTRS,
- { CKA_VALUE, CREATE | MODIFY | WANT },
- { CKA_APPLICATION, CREATE | MODIFY | WANT, type_utf8 },
- { CKA_OBJECT_ID, CREATE | MODIFY | WANT, type_der_oid },
- { CKA_INVALID },
- }, data_populate,
-};
-
-const static builder_schema trust_schema = {
- GENERATED_CLASS,
- { COMMON_ATTRS,
- { CKA_CERT_SHA1_HASH, CREATE },
- { CKA_CERT_MD5_HASH, CREATE },
- { CKA_ISSUER, CREATE },
- { CKA_SUBJECT, CREATE },
- { CKA_SERIAL_NUMBER, CREATE },
- { CKA_TRUST_SERVER_AUTH, CREATE },
- { CKA_TRUST_CLIENT_AUTH, CREATE },
- { CKA_TRUST_EMAIL_PROTECTION, CREATE },
- { CKA_TRUST_CODE_SIGNING, CREATE },
- { CKA_TRUST_IPSEC_END_SYSTEM, CREATE },
- { CKA_TRUST_IPSEC_TUNNEL, CREATE },
- { CKA_TRUST_IPSEC_USER, CREATE },
- { CKA_TRUST_TIME_STAMPING, CREATE },
- { CKA_TRUST_DIGITAL_SIGNATURE, CREATE },
- { CKA_TRUST_NON_REPUDIATION, CREATE },
- { CKA_TRUST_KEY_ENCIPHERMENT, CREATE },
- { CKA_TRUST_DATA_ENCIPHERMENT, CREATE },
- { CKA_TRUST_KEY_AGREEMENT, CREATE },
- { CKA_TRUST_KEY_CERT_SIGN, CREATE },
- { CKA_TRUST_CRL_SIGN, CREATE },
- { CKA_TRUST_STEP_UP_APPROVED, CREATE },
- { CKA_ID, CREATE },
- { CKA_INVALID },
- }, common_populate
-};
-
-const static builder_schema assertion_schema = {
- GENERATED_CLASS,
- { COMMON_ATTRS,
- { CKA_X_PURPOSE, REQUIRE | CREATE },
- { CKA_X_CERTIFICATE_VALUE, CREATE },
- { CKA_X_ASSERTION_TYPE, REQUIRE | CREATE },
- { CKA_ISSUER, CREATE },
- { CKA_SERIAL_NUMBER, CREATE },
- { CKA_X_PEER, CREATE },
- { CKA_ID, CREATE },
- { CKA_INVALID },
- }, common_populate
-};
-
-const static builder_schema builtin_schema = {
- GENERATED_CLASS,
- { COMMON_ATTRS,
- { CKA_INVALID },
- }, common_populate
-};
-
-static const char *
-value_name (const p11_constant *info,
- CK_ATTRIBUTE_TYPE type)
-{
- const char *name = p11_constant_name (info, type);
- return name ? name : "unknown";
-}
-
-static const char *
-type_name (CK_ATTRIBUTE_TYPE type)
-{
- return value_name (p11_constant_types, type);
-}
-
-static CK_RV
-build_for_schema (p11_builder *builder,
- p11_index *index,
- const builder_schema *schema,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- CK_ATTRIBUTE **extra)
-{
- CK_BBOOL modifiable;
- CK_ATTRIBUTE *attr;
- bool modifying;
- bool creating;
- bool populate;
- bool loading;
- bool found;
- int flags;
- int i, j;
- CK_RV rv;
-
- populate = false;
-
- /* Signifies that data is being loaded */
- loading = p11_index_loading (index);
-
- /* Signifies that this is being created by a caller, instead of loaded */
- creating = (attrs == NULL && !loading);
-
- /* Item is being modified by a caller */
- modifying = (attrs != NULL && !loading);
-
- /* This item may not be modifiable */
- if (modifying) {
- if (!p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &modifiable) || !modifiable) {
- p11_message ("the object is not modifiable");
- return CKR_ATTRIBUTE_READ_ONLY;
- }
- }
-
- if (creating && (builder->flags & P11_BUILDER_FLAG_TOKEN)) {
- if (schema->build_flags & GENERATED_CLASS) {
- p11_message ("objects of this type cannot be created");
- return CKR_TEMPLATE_INCONSISTENT;
- }
- }
-
- for (i = 0; merge[i].type != CKA_INVALID; i++) {
-
- /* Don't validate attribute if not changed */
- attr = p11_attrs_find (attrs, merge[i].type);
- if (attr && p11_attr_equal (attr, merge + i))
- continue;
-
- found = false;
- for (j = 0; schema->attrs[j].type != CKA_INVALID; j++) {
- if (schema->attrs[j].type != merge[i].type)
- continue;
-
- flags = schema->attrs[j].flags;
- if (creating && !(flags & CREATE)) {
- p11_message ("the %s attribute cannot be set",
- type_name (schema->attrs[j].type));
- return CKR_ATTRIBUTE_READ_ONLY;
- }
- if (modifying && !(flags & MODIFY)) {
- p11_message ("the %s attribute cannot be changed",
- type_name (schema->attrs[j].type));
- return CKR_ATTRIBUTE_READ_ONLY;
- }
- if (!loading && schema->attrs[j].validate != NULL &&
- !schema->attrs[j].validate (builder, merge + i)) {
- p11_message ("the %s attribute has an invalid value",
- type_name (schema->attrs[j].type));
- return CKR_ATTRIBUTE_VALUE_INVALID;
- }
- found = true;
- break;
- }
-
- if (!found) {
- p11_message ("the %s attribute is not valid for the object",
- type_name (merge[i].type));
- return CKR_TEMPLATE_INCONSISTENT;
- }
- }
-
- if (attrs == NULL) {
- for (j = 0; schema->attrs[j].type != CKA_INVALID; j++) {
- flags = schema->attrs[j].flags;
- found = false;
-
- if ((flags & REQUIRE) || (flags & WANT)) {
- for (i = 0; merge[i].type != CKA_INVALID; i++) {
- if (schema->attrs[j].type == merge[i].type) {
- found = true;
- break;
- }
- }
- }
-
- if (!found) {
- if (flags & REQUIRE) {
- p11_message ("missing the %s attribute",
- type_name (schema->attrs[j].type));
- return CKR_TEMPLATE_INCOMPLETE;
- } else if (flags & WANT) {
- populate = true;
- }
- }
- }
- }
-
- /* Validate the result, before committing to the change. */
- if (!loading && schema->validate) {
- rv = (schema->validate) (builder, attrs, merge);
- if (rv != CKR_OK)
- return rv;
- }
-
- if (populate && schema->populate)
- *extra = schema->populate (builder, index, merge);
-
- return CKR_OK;
-}
-
-CK_RV
-p11_builder_build (void *bilder,
- p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- CK_ATTRIBUTE **populate)
-{
- p11_builder *builder = bilder;
- CK_OBJECT_CLASS klass;
- CK_CERTIFICATE_TYPE type;
- CK_BBOOL token;
-
- return_val_if_fail (builder != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (merge != NULL, CKR_GENERAL_ERROR);
-
- if (!p11_attrs_find_ulong (attrs ? attrs : merge, CKA_CLASS, &klass)) {
- p11_message ("no CKA_CLASS attribute found");
- return CKR_TEMPLATE_INCOMPLETE;
- }
-
- if (!attrs && p11_attrs_find_bool (merge, CKA_TOKEN, &token)) {
- if (token != ((builder->flags & P11_BUILDER_FLAG_TOKEN) ? CK_TRUE : CK_FALSE)) {
- p11_message ("cannot create a %s object", token ? "token" : "non-token");
- return CKR_TEMPLATE_INCONSISTENT;
- }
- }
-
- switch (klass) {
- case CKO_CERTIFICATE:
- if (!p11_attrs_find_ulong (attrs ? attrs : merge, CKA_CERTIFICATE_TYPE, &type)) {
- p11_message ("missing %s on object", type_name (CKA_CERTIFICATE_TYPE));
- return CKR_TEMPLATE_INCOMPLETE;
- } else if (type == CKC_X_509) {
- return build_for_schema (builder, index, &certificate_schema, attrs, merge, populate);
- } else {
- p11_message ("%s unsupported %s", value_name (p11_constant_certs, type),
- type_name (CKA_CERTIFICATE_TYPE));
- return CKR_TEMPLATE_INCONSISTENT;
- }
-
- case CKO_X_CERTIFICATE_EXTENSION:
- return build_for_schema (builder, index, &extension_schema, attrs, merge, populate);
-
- case CKO_DATA:
- return build_for_schema (builder, index, &data_schema, attrs, merge, populate);
-
- case CKO_NSS_TRUST:
- return build_for_schema (builder, index, &trust_schema, attrs, merge, populate);
-
- case CKO_NSS_BUILTIN_ROOT_LIST:
- return build_for_schema (builder, index, &builtin_schema, attrs, merge, populate);
-
- case CKO_X_TRUST_ASSERTION:
- return build_for_schema (builder, index, &assertion_schema, attrs, merge, populate);
-
- default:
- p11_message ("%s unsupported object class",
- value_name (p11_constant_classes, klass));
- return CKR_TEMPLATE_INCONSISTENT;
- }
-}
-
-void
-p11_builder_free (p11_builder *builder)
-{
- return_if_fail (builder != NULL);
-
- p11_asn1_cache_free (builder->asn1_cache);
- free (builder);
-}
-
-p11_asn1_cache *
-p11_builder_get_cache (p11_builder *builder)
-{
- return_val_if_fail (builder != NULL, NULL);
- return builder->asn1_cache;
-}
-
-static CK_ATTRIBUTE *
-build_trust_object_ku (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *cert,
- CK_ATTRIBUTE *object,
- CK_TRUST present)
-{
- unsigned char *data = NULL;
- unsigned int ku = 0;
- size_t length;
- CK_TRUST defawlt;
- CK_ULONG i;
-
- struct {
- CK_ATTRIBUTE_TYPE type;
- unsigned int ku;
- } ku_attribute_map[] = {
- { CKA_TRUST_DIGITAL_SIGNATURE, P11_KU_DIGITAL_SIGNATURE },
- { CKA_TRUST_NON_REPUDIATION, P11_KU_NON_REPUDIATION },
- { CKA_TRUST_KEY_ENCIPHERMENT, P11_KU_KEY_ENCIPHERMENT },
- { CKA_TRUST_DATA_ENCIPHERMENT, P11_KU_DATA_ENCIPHERMENT },
- { CKA_TRUST_KEY_AGREEMENT, P11_KU_KEY_AGREEMENT },
- { CKA_TRUST_KEY_CERT_SIGN, P11_KU_KEY_CERT_SIGN },
- { CKA_TRUST_CRL_SIGN, P11_KU_CRL_SIGN },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE attrs[sizeof (ku_attribute_map)];
-
- defawlt = present;
-
- /* If blacklisted, don't even bother looking at extensions */
- if (present != CKT_NSS_NOT_TRUSTED)
- data = lookup_extension (builder, index, cert, NULL, P11_OID_KEY_USAGE, &length);
-
- if (data) {
- /*
- * If the certificate extension was missing, then *all* key
- * usages are to be set. If the extension was invalid, then
- * fail safe to none of the key usages.
- */
- defawlt = CKT_NSS_TRUST_UNKNOWN;
-
- if (!p11_x509_parse_key_usage (builder->asn1_defs, data, length, &ku))
- p11_message ("invalid key usage certificate extension");
- free (data);
- }
-
- for (i = 0; ku_attribute_map[i].type != CKA_INVALID; i++) {
- attrs[i].type = ku_attribute_map[i].type;
- if (data && (ku & ku_attribute_map[i].ku) == ku_attribute_map[i].ku) {
- attrs[i].pValue = &present;
- attrs[i].ulValueLen = sizeof (present);
- } else {
- attrs[i].pValue = &defawlt;
- attrs[i].ulValueLen = sizeof (defawlt);
- }
- }
-
- return p11_attrs_buildn (object, attrs, i);
-}
-
-static bool
-strv_to_dict (const char **array,
- p11_dict **dict)
-{
- int i;
-
- if (!array) {
- *dict = NULL;
- return true;
- }
-
- *dict = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
- return_val_if_fail (*dict != NULL, false);
-
- for (i = 0; array[i] != NULL; i++) {
- if (!p11_dict_set (*dict, (void *)array[i], (void *)array[i]))
- return_val_if_reached (false);
- }
-
- return true;
-}
-
-static CK_ATTRIBUTE *
-build_trust_object_eku (CK_ATTRIBUTE *object,
- CK_TRUST allow,
- const char **purposes,
- const char **rejects)
-{
- p11_dict *dict_purp;
- p11_dict *dict_rej;
- CK_TRUST neutral;
- CK_TRUST disallow;
- CK_ULONG i;
-
- struct {
- CK_ATTRIBUTE_TYPE type;
- const char *oid;
- } eku_attribute_map[] = {
- { CKA_TRUST_SERVER_AUTH, P11_OID_SERVER_AUTH_STR },
- { CKA_TRUST_CLIENT_AUTH, P11_OID_CLIENT_AUTH_STR },
- { CKA_TRUST_CODE_SIGNING, P11_OID_CODE_SIGNING_STR },
- { CKA_TRUST_EMAIL_PROTECTION, P11_OID_EMAIL_PROTECTION_STR },
- { CKA_TRUST_IPSEC_END_SYSTEM, P11_OID_IPSEC_END_SYSTEM_STR },
- { CKA_TRUST_IPSEC_TUNNEL, P11_OID_IPSEC_TUNNEL_STR },
- { CKA_TRUST_IPSEC_USER, P11_OID_IPSEC_USER_STR },
- { CKA_TRUST_TIME_STAMPING, P11_OID_TIME_STAMPING_STR },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE attrs[sizeof (eku_attribute_map)];
-
- if (!strv_to_dict (purposes, &dict_purp) ||
- !strv_to_dict (rejects, &dict_rej))
- return_val_if_reached (NULL);
-
- /* The neutral value is set if an purpose is not present */
- if (allow == CKT_NSS_NOT_TRUSTED)
- neutral = CKT_NSS_NOT_TRUSTED;
-
- /* If anything explicitly set, then neutral is unknown */
- else if (purposes || rejects)
- neutral = CKT_NSS_TRUST_UNKNOWN;
-
- /* Otherwise neutral will allow any purpose */
- else
- neutral = allow;
-
- /* The value set if a purpose is explicitly rejected */
- disallow = CKT_NSS_NOT_TRUSTED;
-
- for (i = 0; eku_attribute_map[i].type != CKA_INVALID; i++) {
- attrs[i].type = eku_attribute_map[i].type;
- if (dict_rej && p11_dict_get (dict_rej, eku_attribute_map[i].oid)) {
- attrs[i].pValue = &disallow;
- attrs[i].ulValueLen = sizeof (disallow);
- } else if (dict_purp && p11_dict_get (dict_purp, eku_attribute_map[i].oid)) {
- attrs[i].pValue = &allow;
- attrs[i].ulValueLen = sizeof (allow);
- } else {
- attrs[i].pValue = &neutral;
- attrs[i].ulValueLen = sizeof (neutral);
- }
- }
-
- p11_dict_free (dict_purp);
- p11_dict_free (dict_rej);
-
- return p11_attrs_buildn (object, attrs, i);
-}
-
-static void
-replace_nss_trust_object (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *cert,
- CK_BBOOL trust,
- CK_BBOOL distrust,
- CK_BBOOL authority,
- const char **purposes,
- const char **rejects)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *match = NULL;
- CK_TRUST allow;
- CK_RV rv;
-
- CK_OBJECT_CLASS klassv = CKO_NSS_TRUST;
- CK_BYTE sha1v[P11_DIGEST_SHA1_LEN];
- CK_BYTE md5v[P11_DIGEST_MD5_LEN];
- CK_BBOOL generatedv = CK_FALSE;
- CK_BBOOL falsev = CK_FALSE;
-
- CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) };
- CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &falsev, sizeof (falsev) };
- CK_ATTRIBUTE generated = { CKA_X_GENERATED, &generatedv, sizeof (generatedv) };
- CK_ATTRIBUTE invalid = { CKA_INVALID, };
-
- CK_ATTRIBUTE md5_hash = { CKA_CERT_MD5_HASH, md5v, sizeof (md5v) };
- CK_ATTRIBUTE sha1_hash = { CKA_CERT_SHA1_HASH, sha1v, sizeof (sha1v) };
-
- CK_ATTRIBUTE step_up_approved = { CKA_TRUST_STEP_UP_APPROVED, &falsev, sizeof (falsev) };
-
- CK_ATTRIBUTE_PTR label;
- CK_ATTRIBUTE_PTR id;
- CK_ATTRIBUTE_PTR subject;
- CK_ATTRIBUTE_PTR issuer;
- CK_ATTRIBUTE_PTR serial_number;
-
- p11_array *array;
- void *value;
- size_t length;
-
- issuer = p11_attrs_find_valid (cert, CKA_ISSUER);
- serial_number = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER);
- value = p11_attrs_find_value (cert, CKA_VALUE, &length);
-
- if (!issuer && !serial_number && !value) {
- p11_debug ("can't generate nss trust object for certificate without issuer+serial or value");
- return;
- }
-
- if (value == NULL) {
- md5_hash.type = CKA_INVALID;
- sha1_hash.type = CKA_INVALID;
- } else {
- p11_digest_md5 (md5v, value, length, NULL);
- p11_digest_sha1 (sha1v, value, length, NULL);
- }
- if (!issuer)
- issuer = &invalid;
- if (!serial_number)
- serial_number = &invalid;
-
- match = p11_attrs_build (NULL, issuer, serial_number, &sha1_hash,
- &generated, &klass, NULL);
- return_if_fail (match != NULL);
-
- /* If we find a non-generated object, then don't generate */
- if (p11_index_find (index, match, -1)) {
- p11_debug ("not generating nss trust object because one already exists");
- attrs = NULL;
-
- } else {
- generatedv = CK_TRUE;
- match = p11_attrs_build (match, &generated, NULL);
- return_if_fail (match != NULL);
-
- /* Copy all of the following attributes from certificate */
- id = p11_attrs_find_valid (cert, CKA_ID);
- if (id == NULL)
- id = &invalid;
- subject = p11_attrs_find_valid (cert, CKA_SUBJECT);
- if (subject == NULL)
- subject = &invalid;
- label = p11_attrs_find_valid (cert, CKA_LABEL);
- if (label == NULL)
- label = &invalid;
-
- attrs = p11_attrs_dup (match);
- return_if_fail (attrs != NULL);
-
- attrs = p11_attrs_build (attrs, &klass, &modifiable, id, label,
- subject, issuer, serial_number,
- &md5_hash, &sha1_hash, &step_up_approved, NULL);
- return_if_fail (attrs != NULL);
-
- /* Calculate the default allow trust */
- if (distrust)
- allow = CKT_NSS_NOT_TRUSTED;
- else if (trust && authority)
- allow = CKT_NSS_TRUSTED_DELEGATOR;
- else if (trust)
- allow = CKT_NSS_TRUSTED;
- else
- allow = CKT_NSS_TRUST_UNKNOWN;
-
- attrs = build_trust_object_ku (builder, index, cert, attrs, allow);
- return_if_fail (attrs != NULL);
-
- attrs = build_trust_object_eku (attrs, allow, purposes, rejects);
- return_if_fail (attrs != NULL);
- }
-
- /* Replace related generated object with this new one */
- array = p11_array_new (NULL);
- p11_array_push (array, attrs);
- rv = p11_index_replace_all (index, match, CKA_INVALID, array);
- return_if_fail (rv == CKR_OK);
- p11_array_free (array);
-
- p11_attrs_free (match);
-}
-
-static void
-build_assertions (p11_array *array,
- CK_ATTRIBUTE *cert,
- CK_X_ASSERTION_TYPE type,
- const char **oids)
-{
- CK_OBJECT_CLASS assertion = CKO_X_TRUST_ASSERTION;
- CK_BBOOL truev = CK_TRUE;
- CK_BBOOL falsev = CK_FALSE;
-
- CK_ATTRIBUTE klass = { CKA_CLASS, &assertion, sizeof (assertion) };
- CK_ATTRIBUTE private = { CKA_PRIVATE, &falsev, sizeof (falsev) };
- CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &falsev, sizeof (falsev) };
- CK_ATTRIBUTE assertion_type = { CKA_X_ASSERTION_TYPE, &type, sizeof (type) };
- CK_ATTRIBUTE autogen = { CKA_X_GENERATED, &truev, sizeof (truev) };
- CK_ATTRIBUTE purpose = { CKA_X_PURPOSE, };
- CK_ATTRIBUTE invalid = { CKA_INVALID, };
- CK_ATTRIBUTE certificate_value = { CKA_X_CERTIFICATE_VALUE, };
-
- CK_ATTRIBUTE *issuer;
- CK_ATTRIBUTE *serial;
- CK_ATTRIBUTE *value;
- CK_ATTRIBUTE *label;
- CK_ATTRIBUTE *id;
- CK_ATTRIBUTE *attrs;
- int i;
-
- if (type == CKT_X_DISTRUSTED_CERTIFICATE) {
- certificate_value.type = CKA_INVALID;
- issuer = p11_attrs_find_valid (cert, CKA_ISSUER);
- serial = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER);
-
- if (!issuer || !serial) {
- p11_debug ("not building negative trust assertion for certificate without serial or issuer");
- return;
- }
-
- } else {
- issuer = &invalid;
- serial = &invalid;
- value = p11_attrs_find_valid (cert, CKA_VALUE);
-
- if (value == NULL) {
- p11_debug ("not building positive trust assertion for certificate without value");
- return;
- }
-
- certificate_value.pValue = value->pValue;
- certificate_value.ulValueLen = value->ulValueLen;
- }
-
- label = p11_attrs_find (cert, CKA_LABEL);
- if (label == NULL)
- label = &invalid;
- id = p11_attrs_find (cert, CKA_ID);
- if (id == NULL)
- id = &invalid;
-
- for (i = 0; oids[i] != NULL; i++) {
- purpose.pValue = (void *)oids[i];
- purpose.ulValueLen = strlen (oids[i]);
-
- attrs = p11_attrs_build (NULL, &klass, &private, &modifiable,
- id, label, &assertion_type, &purpose,
- issuer, serial, &certificate_value, &autogen, NULL);
- return_if_fail (attrs != NULL);
-
- if (!p11_array_push (array, attrs))
- return_if_reached ();
- }
-}
-
-static void
-build_trust_assertions (p11_array *positives,
- p11_array *negatives,
- CK_ATTRIBUTE *cert,
- CK_BBOOL trust,
- CK_BBOOL distrust,
- CK_BBOOL authority,
- const char **purposes,
- const char **rejects)
-{
- const char *all_purposes[] = {
- P11_OID_SERVER_AUTH_STR,
- P11_OID_CLIENT_AUTH_STR,
- P11_OID_CODE_SIGNING_STR,
- P11_OID_EMAIL_PROTECTION_STR,
- P11_OID_IPSEC_END_SYSTEM_STR,
- P11_OID_IPSEC_TUNNEL_STR,
- P11_OID_IPSEC_USER_STR,
- P11_OID_TIME_STAMPING_STR,
- NULL,
- };
-
- /* Build assertions for anything that's explicitly rejected */
- if (rejects && negatives) {
- build_assertions (negatives, cert, CKT_X_DISTRUSTED_CERTIFICATE, rejects);
- }
-
- if (distrust && negatives) {
- /*
- * Trust assertions are defficient in that they don't blacklist a certificate
- * for any purposes. So we just have to go wild and write out a bunch of
- * assertions for all our known purposes.
- */
- build_assertions (negatives, cert, CKT_X_DISTRUSTED_CERTIFICATE, all_purposes);
- }
-
- /*
- * TODO: Build pinned certificate assertions. That is, trusted
- * certificates where not an authority.
- */
-
- if (trust && authority && positives) {
- if (purposes) {
- /* If purposes explicitly set, then anchor for those purposes */
- build_assertions (positives, cert, CKT_X_ANCHORED_CERTIFICATE, purposes);
- } else {
- /* If purposes not-explicitly set, then anchor for all known */
- build_assertions (positives, cert, CKT_X_ANCHORED_CERTIFICATE, all_purposes);
- }
- }
-}
-
-static void
-replace_trust_assertions (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *cert,
- CK_BBOOL trust,
- CK_BBOOL distrust,
- CK_BBOOL authority,
- const char **purposes,
- const char **rejects)
-{
- CK_OBJECT_CLASS assertion = CKO_X_TRUST_ASSERTION;
- CK_BBOOL generated = CK_TRUE;
- p11_array *positives = NULL;
- p11_array *negatives = NULL;
- CK_ATTRIBUTE *value;
- CK_ATTRIBUTE *issuer;
- CK_ATTRIBUTE *serial;
- CK_RV rv;
-
- CK_ATTRIBUTE match_positive[] = {
- { CKA_X_CERTIFICATE_VALUE, },
- { CKA_CLASS, &assertion, sizeof (assertion) },
- { CKA_X_GENERATED, &generated, sizeof (generated) },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match_negative[] = {
- { CKA_ISSUER, },
- { CKA_SERIAL_NUMBER, },
- { CKA_CLASS, &assertion, sizeof (assertion) },
- { CKA_X_GENERATED, &generated, sizeof (generated) },
- { CKA_INVALID }
- };
-
- value = p11_attrs_find_valid (cert, CKA_VALUE);
- if (value) {
- positives = p11_array_new (NULL);
- match_positive[0].pValue = value->pValue;
- match_positive[0].ulValueLen = value->ulValueLen;
- }
-
- issuer = p11_attrs_find_valid (cert, CKA_ISSUER);
- serial = p11_attrs_find_valid (cert, CKA_SERIAL_NUMBER);
- if (issuer && serial) {
- negatives = p11_array_new (NULL);
- memcpy (match_negative + 0, issuer, sizeof (CK_ATTRIBUTE));
- memcpy (match_negative + 1, serial, sizeof (CK_ATTRIBUTE));
- }
-
- build_trust_assertions (positives, negatives, cert, trust, distrust,
- authority, purposes, rejects);
-
- if (positives) {
- rv = p11_index_replace_all (index, match_positive, CKA_X_PURPOSE, positives);
- return_if_fail (rv == CKR_OK);
- p11_array_free (positives);
- }
-
- if (negatives) {
- rv = p11_index_replace_all (index, match_negative, CKA_X_PURPOSE, negatives);
- return_if_fail (rv == CKR_OK);
- p11_array_free (negatives);
- }
-}
-
-static void
-remove_trust_and_assertions (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *attrs)
-{
- replace_nss_trust_object (builder, index, attrs,
- CK_FALSE, CK_FALSE, CK_FALSE,
- NULL, NULL);
- replace_trust_assertions (builder, index, attrs,
- CK_FALSE, CK_FALSE, CK_FALSE,
- NULL, NULL);
-}
-
-static void
-replace_trust_and_assertions (p11_builder *builder,
- p11_index *index,
- CK_ATTRIBUTE *cert)
-{
- CK_BBOOL trust = CK_FALSE;
- CK_BBOOL distrust = CK_FALSE;
- CK_BBOOL authority = CK_FALSE;
- p11_array *purposes = NULL;
- p11_array *rejects = NULL;
- const char **purposev;
- const char **rejectv;
- CK_ULONG category;
- unsigned char *ext;
- size_t ext_len;
-
- /*
- * We look up all this information in advance, since it's used
- * by the various adapter objects, and we don't have to parse
- * it multiple times.
- */
-
- if (!p11_attrs_find_bool (cert, CKA_TRUSTED, &trust))
- trust = CK_FALSE;
- if (!p11_attrs_find_bool (cert, CKA_X_DISTRUSTED, &distrust))
- distrust = CK_FALSE;
- if (p11_attrs_find_ulong (cert, CKA_CERTIFICATE_CATEGORY, &category) && category == 2)
- authority = CK_TRUE;
-
- if (!distrust) {
- ext = lookup_extension (builder, index, cert, NULL, P11_OID_EXTENDED_KEY_USAGE, &ext_len);
- if (ext != NULL) {
- purposes = p11_x509_parse_extended_key_usage (builder->asn1_defs, ext, ext_len);
- if (purposes == NULL)
- p11_message ("invalid extended key usage certificate extension");
- free (ext);
- }
-
- ext = lookup_extension (builder, index, cert, NULL, P11_OID_OPENSSL_REJECT, &ext_len);
- if (ext != NULL) {
- rejects = p11_x509_parse_extended_key_usage (builder->asn1_defs, ext, ext_len);
- if (rejects == NULL)
- p11_message ("invalid reject key usage certificate extension");
- free (ext);
- }
- }
-
- /* null-terminate these arrays and use as strv's */
- purposev = rejectv = NULL;
- if (rejects) {
- if (!p11_array_push (rejects, NULL))
- return_if_reached ();
- rejectv = (const char **)rejects->elem;
- }
- if (purposes) {
- if (!p11_array_push (purposes, NULL))
- return_if_reached ();
- purposev = (const char **)purposes->elem;
- }
-
- replace_nss_trust_object (builder, index, cert, trust, distrust,
- authority, purposev, rejectv);
- replace_trust_assertions (builder, index, cert, trust, distrust,
- authority, purposev, rejectv);
-
- p11_array_free (purposes);
- p11_array_free (rejects);
-}
-
-static void
-replace_compat_for_cert (p11_builder *builder,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs)
-{
- static const CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
- static const CK_CERTIFICATE_TYPE x509 = CKC_X_509;
- CK_ATTRIBUTE *value;
-
- CK_ATTRIBUTE match[] = {
- { CKA_VALUE, },
- { CKA_CLASS, (void *)&certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, (void *)&x509, sizeof (x509) },
- { CKA_INVALID }
- };
-
- /*
- * If this certificate is going away, then find duplicate. In this
- * case all the trust assertions are recalculated with this new
- * certificate in mind.
- */
- if (handle == 0) {
- value = p11_attrs_find_valid (attrs, CKA_VALUE);
- if (value != NULL) {
- match[0].pValue = value->pValue;
- match[0].ulValueLen = value->ulValueLen;
- handle = p11_index_find (index, match, -1);
- }
- if (handle != 0)
- attrs = p11_index_lookup (index, handle);
- }
-
- if (handle == 0)
- remove_trust_and_assertions (builder, index, attrs);
- else
- replace_trust_and_assertions (builder, index, attrs);
-}
-
-static void
-replace_compat_for_ext (p11_builder *builder,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs)
-{
-
- CK_OBJECT_HANDLE *handles;
- CK_ATTRIBUTE *public_key;
- int i;
-
- public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO);
- if (public_key == NULL)
- return;
-
- handles = lookup_related (index, CKO_CERTIFICATE, public_key);
- for (i = 0; handles && handles[i] != 0; i++) {
- attrs = p11_index_lookup (index, handles[i]);
- replace_trust_and_assertions (builder, index, attrs);
- }
- free (handles);
-}
-
-static void
-update_related_category (p11_builder *builder,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs)
-{
- CK_OBJECT_HANDLE *handles;
- CK_ULONG categoryv = 0UL;
- CK_ATTRIBUTE *update;
- CK_ATTRIBUTE *cert;
- CK_ATTRIBUTE *public_key;
- CK_RV rv;
- int i;
-
- CK_ATTRIBUTE category[] = {
- { CKA_CERTIFICATE_CATEGORY, &categoryv, sizeof (categoryv) },
- { CKA_INVALID, },
- };
-
- public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO);
- if (public_key == NULL)
- return;
-
- /* Find all other objects with this handle */
- handles = lookup_related (index, CKO_CERTIFICATE, public_key);
-
- for (i = 0; handles && handles[i] != 0; i++) {
- cert = p11_index_lookup (index, handle);
-
- if (calc_certificate_category (builder, index, cert, public_key, &categoryv)) {
- update = p11_attrs_build (NULL, &category, NULL);
- rv = p11_index_update (index, handles[i], update);
- return_if_fail (rv == CKR_OK);
- }
- }
-
- free (handles);
-}
-
-void
-p11_builder_changed (void *bilder,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs)
-{
- static const CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
- static const CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION;
- static const CK_CERTIFICATE_TYPE x509 = CKC_X_509;
-
- static const CK_ATTRIBUTE match_cert[] = {
- { CKA_CLASS, (void *)&certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, (void *)&x509, sizeof (x509) },
- { CKA_INVALID }
- };
-
- static const CK_ATTRIBUTE match_eku[] = {
- { CKA_CLASS, (void *)&extension, sizeof (extension) },
- { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE,
- sizeof (P11_OID_EXTENDED_KEY_USAGE) },
- { CKA_INVALID }
- };
-
- static const CK_ATTRIBUTE match_ku[] = {
- { CKA_CLASS, (void *)&extension, sizeof (extension) },
- { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE,
- sizeof (P11_OID_KEY_USAGE) },
- { CKA_INVALID }
- };
-
- static const CK_ATTRIBUTE match_bc[] = {
- { CKA_CLASS, (void *)&extension, sizeof (extension) },
- { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS,
- sizeof (P11_OID_BASIC_CONSTRAINTS) },
- { CKA_INVALID }
- };
-
- p11_builder *builder = bilder;
-
- return_if_fail (builder != NULL);
- return_if_fail (index != NULL);
- return_if_fail (attrs != NULL);
-
- /*
- * Treat these operations as loading, not modifying/creating, so we get
- * around many of the rules that govern object creation
- */
- p11_index_load (index);
-
- /* A certificate */
- if (p11_attrs_match (attrs, match_cert)) {
- replace_compat_for_cert (builder, index, handle, attrs);
-
- /* An ExtendedKeyUsage extension */
- } else if (p11_attrs_match (attrs, match_eku) ||
- p11_attrs_match (attrs, match_ku)) {
- replace_compat_for_ext (builder, index, handle, attrs);
-
- /* A BasicConstraints extension */
- } else if (p11_attrs_match (attrs, match_bc)) {
- update_related_category (builder, index, handle, attrs);
- }
-
- p11_index_finish (index);
-}
diff --git a/trust/builder.h b/trust/builder.h
deleted file mode 100644
index ba130e1..0000000
--- a/trust/builder.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_BUILDER_H_
-#define P11_BUILDER_H_
-
-#include "asn1.h"
-#include "dict.h"
-#include "index.h"
-#include "pkcs11.h"
-
-enum {
- P11_BUILDER_FLAG_NONE = 0,
- P11_BUILDER_FLAG_TOKEN = 1 << 1,
-};
-
-typedef struct _p11_builder p11_builder;
-
-p11_builder * p11_builder_new (int flags);
-
-void p11_builder_free (p11_builder *builder);
-
-CK_RV p11_builder_build (void *builder,
- p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- CK_ATTRIBUTE **populate);
-
-void p11_builder_changed (void *builder,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs);
-
-p11_asn1_cache * p11_builder_get_cache (p11_builder *builder);
-
-#endif /* P11_BUILDER_H_ */
diff --git a/trust/digest.c b/trust/digest.c
deleted file mode 100644
index 5cac83a..0000000
--- a/trust/digest.c
+++ /dev/null
@@ -1,632 +0,0 @@
-/*
- * Copyright (C) 2004, 2005, 2007, 2011 Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*! \file
- * SHA-1 in C
- * \author By Steve Reid <steve@edmweb.com>
- * 100% Public Domain
- * \verbatim
- * Test Vectors
- * "abc"
- * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
- * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
- * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
- * A million repetitions of "a"
- * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
- * \endverbatim
- */
-
-#include "config.h"
-
-#include "digest.h"
-
-#include <assert.h>
-#include <stdarg.h>
-#include <stdint.h>
-#include <string.h>
-
-#ifdef WITH_FREEBL
-
-/*
- * NSS freebl3 has awkward headers not provided by appropriate packages
- * in many cases. So put these defines here inline. freebl3 seems completely
- * undocumented anyway. If you think this is a hack, then you guessed right.
- *
- * If you want a stable p11-kit without worries, use the builtin SHA1 and MD5
- * implementations. They're not used for crypto anyway. If you need p11-kit to
- * tick the "doesn't implement own crypto" checkbox, then the you're signing
- * up for this hack.
- */
-
-typedef enum {
- HASH_AlgMD5 = 2,
- HASH_AlgSHA1 = 3,
-} HASH_HashType;
-
-typedef struct NSSLOWInitContextStr NSSLOWInitContext;
-typedef struct NSSLOWHASHContextStr NSSLOWHASHContext;
-
-NSSLOWInitContext *NSSLOW_Init(void);
-NSSLOWHASHContext *NSSLOWHASH_NewContext(
- NSSLOWInitContext *initContext,
- HASH_HashType hashType);
-void NSSLOWHASH_Begin(NSSLOWHASHContext *context);
-void NSSLOWHASH_Update(NSSLOWHASHContext *context,
- const unsigned char *buf,
- unsigned int len);
-void NSSLOWHASH_End(NSSLOWHASHContext *context,
- unsigned char *buf,
- unsigned int *ret, unsigned int len);
-void NSSLOWHASH_Destroy(NSSLOWHASHContext *context);
-
-#endif /* WITH_FREEBL3 */
-
-#define SHA1_BLOCK_LENGTH 64U
-
-typedef struct {
- uint32_t state[5];
- uint32_t count[2];
- unsigned char buffer[SHA1_BLOCK_LENGTH];
-} sha1_t;
-
-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
-
-/*@{*/
-/*!
- * blk0() and blk() perform the initial expand.
- * I got the idea of expanding during the round function from SSLeay
- */
-#if !defined(WORDS_BIGENDIAN)
-# define blk0(i) \
- (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) \
- | (rol(block->l[i], 8) & 0x00FF00FF))
-#else
-# define blk0(i) block->l[i]
-#endif
-#define blk(i) \
- (block->l[i & 15] = rol(block->l[(i + 13) & 15] \
- ^ block->l[(i + 8) & 15] \
- ^ block->l[(i + 2) & 15] \
- ^ block->l[i & 15], 1))
-
-/*@}*/
-/*@{*/
-/*!
- * (R0+R1), R2, R3, R4 are the different operations (rounds) used in SHA1
- */
-#define R0(v,w,x,y,z,i) \
- z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \
- w = rol(w, 30);
-#define R1(v,w,x,y,z,i) \
- z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \
- w = rol(w, 30);
-#define R2(v,w,x,y,z,i) \
- z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); \
- w = rol(w, 30);
-#define R3(v,w,x,y,z,i) \
- z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \
- w = rol(w, 30);
-#define R4(v,w,x,y,z,i) \
- z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \
- w = rol(w, 30);
-
-/*@}*/
-
-typedef union {
- unsigned char c[64];
- unsigned int l[16];
-} CHAR64LONG16;
-
-/*!
- * Hash a single 512-bit block. This is the core of the algorithm.
- */
-static void
-transform_sha1 (uint32_t state[5],
- const unsigned char buffer[64])
-{
- uint32_t a, b, c, d, e;
- CHAR64LONG16 *block;
- CHAR64LONG16 workspace;
-
- assert (buffer != NULL);
- assert (state != NULL);
-
- block = &workspace;
- (void)memcpy(block, buffer, 64);
-
- /* Copy context->state[] to working vars */
- a = state[0];
- b = state[1];
- c = state[2];
- d = state[3];
- e = state[4];
-
- /* 4 rounds of 20 operations each. Loop unrolled. */
- R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
- R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
- R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
- R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
-
- /* Add the working vars back into context.state[] */
- state[0] += a;
- state[1] += b;
- state[2] += c;
- state[3] += d;
- state[4] += e;
-
- /* Wipe variables */
- a = b = c = d = e = 0;
- /* Avoid compiler warnings
- POST(a); POST(b); POST(c); POST(d); POST(e);
- */
-}
-
-
-/*!
- * isc_sha1_init - Initialize new context
- */
-static void
-sha1_init (sha1_t *context)
-{
- assert (context != NULL);
-
- /* SHA1 initialization constants */
- context->state[0] = 0x67452301;
- context->state[1] = 0xEFCDAB89;
- context->state[2] = 0x98BADCFE;
- context->state[3] = 0x10325476;
- context->state[4] = 0xC3D2E1F0;
- context->count[0] = 0;
- context->count[1] = 0;
-}
-
-static void
-sha1_invalidate (sha1_t *context)
-{
- memset (context, 0, sizeof (sha1_t));
-}
-
-/*!
- * Run your data through this.
- */
-static void
-sha1_update(sha1_t *context,
- const unsigned char *data,
- unsigned int len)
-{
- unsigned int i, j;
-
- assert (context != 0);
- assert (data != 0);
-
- j = context->count[0];
- if ((context->count[0] += len << 3) < j)
- context->count[1] += (len >> 29) + 1;
- j = (j >> 3) & 63;
- if ((j + len) > 63) {
- (void)memcpy(&context->buffer[j], data, (i = 64 - j));
- transform_sha1 (context->state, context->buffer);
- for (; i + 63 < len; i += 64)
- transform_sha1 (context->state, &data[i]);
- j = 0;
- } else {
- i = 0;
- }
-
- (void)memcpy(&context->buffer[j], &data[i], len - i);
-}
-
-
-/*!
- * Add padding and return the message digest.
- */
-
-static const unsigned char final_200 = 128;
-static const unsigned char final_0 = 0;
-
-static void
-sha1_final (sha1_t *context,
- unsigned char *digest)
-{
- unsigned int i;
- unsigned char finalcount[8];
-
- assert (digest != 0);
- assert (context != 0);
-
- for (i = 0; i < 8; i++) {
- /* Endian independent */
- finalcount[i] = (unsigned char)
- ((context->count[(i >= 4 ? 0 : 1)]
- >> ((3 - (i & 3)) * 8)) & 255);
- }
-
- sha1_update(context, &final_200, 1);
- while ((context->count[0] & 504) != 448)
- sha1_update(context, &final_0, 1);
- /* The next Update should cause a transform_sha1() */
- sha1_update(context, finalcount, 8);
-
- if (digest) {
- for (i = 0; i < 20; i++)
- digest[i] = (unsigned char)
- ((context->state[i >> 2]
- >> ((3 - (i & 3)) * 8)) & 255);
- }
-
- memset (context, 0, sizeof (sha1_t));
-}
-
-#ifdef WITH_FREEBL
-
-static bool
-nss_slow_hash (HASH_HashType type,
- unsigned char *hash,
- unsigned int hash_len,
- const void *input,
- size_t length,
- va_list va)
-{
- NSSLOWHASHContext *ctx;
- unsigned int len;
-
- ctx = NSSLOWHASH_NewContext(NSSLOW_Init (), type);
- if (ctx == NULL)
- return false;
-
- NSSLOWHASH_Begin (ctx);
- while (input != NULL) {
- NSSLOWHASH_Update (ctx, input, length);
- input = va_arg (va, const void *);
- if (input)
- length = va_arg (va, size_t);
- }
- NSSLOWHASH_End (ctx, hash, &len, hash_len);
- assert (len == hash_len);
- NSSLOWHASH_Destroy (ctx);
- return true;
-}
-
-#endif /* WITH_FREEBL */
-
-void
-p11_digest_sha1 (unsigned char *hash,
- const void *input,
- size_t length,
- ...)
-{
- va_list va;
- sha1_t sha1;
-
-#ifdef WITH_FREEBL
- bool ret;
-
- va_start (va, length);
- ret = nss_slow_hash (HASH_AlgSHA1, hash, P11_DIGEST_SHA1_LEN, input, length, va);
- va_end (va);
-
- if (ret)
- return;
-#endif
-
- sha1_init (&sha1);
-
- va_start (va, length);
- while (input != NULL) {
- sha1_update (&sha1, input, length);
- input = va_arg (va, const void *);
- if (input)
- length = va_arg (va, size_t);
- }
- va_end (va);
-
- sha1_final (&sha1, hash);
- sha1_invalidate (&sha1);
-}
-
-
-/*! \file
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- */
-
-typedef struct {
- uint32_t buf[4];
- uint32_t bytes[2];
- uint32_t in[16];
-} md5_t;
-
-static void
-byteSwap (uint32_t *buf,
- unsigned words)
-{
- unsigned char *p = (unsigned char *)buf;
-
- do {
- *buf++ = (uint32_t)((unsigned)p[3] << 8 | p[2]) << 16 |
- ((unsigned)p[1] << 8 | p[0]);
- p += 4;
- } while (--words);
-}
-
-/*!
- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-static void
-md5_init(md5_t *ctx)
-{
- ctx->buf[0] = 0x67452301;
- ctx->buf[1] = 0xefcdab89;
- ctx->buf[2] = 0x98badcfe;
- ctx->buf[3] = 0x10325476;
-
- ctx->bytes[0] = 0;
- ctx->bytes[1] = 0;
-}
-
-static void
-md5_invalidate(md5_t *ctx)
-{
- memset(ctx, 0, sizeof(md5_t));
-}
-
-/*@{*/
-/*! The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-/*@}*/
-
-/*! This is the central step in the MD5 algorithm. */
-#define MD5STEP(f,w,x,y,z,in,s) \
- (w += f(x,y,z) + in, w = (w<<s | w>>(32-s)) + x)
-
-/*!
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data. MD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-static void
-transform_md5 (uint32_t buf[4],
- uint32_t const in[16])
-{
- register uint32_t a, b, c, d;
-
- a = buf[0];
- b = buf[1];
- c = buf[2];
- d = buf[3];
-
- MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7);
- MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
- MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17);
- MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
- MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
- MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12);
- MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17);
- MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22);
- MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7);
- MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
- MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
- MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22);
- MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7);
- MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12);
- MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17);
- MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22);
-
- MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5);
- MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9);
- MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14);
- MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
- MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5);
- MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9);
- MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
- MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
- MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
- MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9);
- MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
- MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20);
- MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
- MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
- MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14);
- MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-
- MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4);
- MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11);
- MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
- MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23);
- MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4);
- MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
- MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
- MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
- MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
- MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
- MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
- MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23);
- MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
- MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
- MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
- MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-
- MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6);
- MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10);
- MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15);
- MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21);
- MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6);
- MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
- MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15);
- MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21);
- MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
- MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
- MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15);
- MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
- MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6);
- MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10);
- MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
- MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-/*!
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-static void
-md5_update (md5_t *ctx,
- const unsigned char *buf,
- unsigned int len)
-{
- uint32_t t;
-
- /* Update byte count */
-
- t = ctx->bytes[0];
- if ((ctx->bytes[0] = t + len) < t)
- ctx->bytes[1]++; /* Carry from low to high */
-
- t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */
- if (t > len) {
- memcpy((unsigned char *)ctx->in + 64 - t, buf, len);
- return;
- }
- /* First chunk is an odd size */
- memcpy((unsigned char *)ctx->in + 64 - t, buf, t);
- byteSwap(ctx->in, 16);
- transform_md5 (ctx->buf, ctx->in);
- buf += t;
- len -= t;
-
- /* Process data in 64-byte chunks */
- while (len >= 64) {
- memcpy(ctx->in, buf, 64);
- byteSwap(ctx->in, 16);
- transform_md5(ctx->buf, ctx->in);
- buf += 64;
- len -= 64;
- }
-
- /* Handle any remaining bytes of data. */
- memcpy(ctx->in, buf, len);
-}
-
-/*!
- * Final wrapup - pad to 64-byte boundary with the bit pattern
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-static void
-md5_final(md5_t *ctx,
- unsigned char *digest)
-{
- int count = ctx->bytes[0] & 0x3f; /* Number of bytes in ctx->in */
- unsigned char *p = (unsigned char *)ctx->in + count;
-
- /* Set the first char of padding to 0x80. There is always room. */
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 56 bytes (-8..55) */
- count = 56 - 1 - count;
-
- if (count < 0) { /* Padding forces an extra block */
- memset(p, 0, count + 8);
- byteSwap(ctx->in, 16);
- transform_md5(ctx->buf, ctx->in);
- p = (unsigned char *)ctx->in;
- count = 56;
- }
- memset(p, 0, count);
- byteSwap(ctx->in, 14);
-
- /* Append length in bits and transform */
- ctx->in[14] = ctx->bytes[0] << 3;
- ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29;
- transform_md5(ctx->buf, ctx->in);
-
- byteSwap(ctx->buf, 4);
- memcpy(digest, ctx->buf, 16);
- memset(ctx, 0, sizeof(md5_t)); /* In case it's sensitive */
-}
-
-void
-p11_digest_md5 (unsigned char *hash,
- const void *input,
- size_t length,
- ...)
-{
- va_list va;
- md5_t md5;
-
-#ifdef WITH_FREEBL
- bool ret;
-
- va_start (va, length);
- ret = nss_slow_hash (HASH_AlgMD5, hash, P11_DIGEST_MD5_LEN, input, length, va);
- va_end (va);
-
- if (ret)
- return;
-#endif
-
- md5_init (&md5);
-
- va_start (va, length);
- while (input) {
- md5_update (&md5, input, length);
- input = va_arg (va, const void *);
- if (input)
- length = va_arg (va, size_t);
- }
- va_end (va);
-
- md5_final (&md5, hash);
- md5_invalidate (&md5);
-}
diff --git a/trust/digest.h b/trust/digest.h
deleted file mode 100644
index 82d48fe..0000000
--- a/trust/digest.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_DIGEST_H_
-#define P11_DIGEST_H_
-
-#include "compat.h"
-
-/*
- * The SHA-1 and MD5 digests here are used for checksums in legacy
- * protocols. We don't use them in cryptographic contexts at all.
- * These particular algorithms would be poor choices for that.
- */
-
-#define P11_DIGEST_MD5_LEN 16
-
-void p11_digest_md5 (unsigned char *hash,
- const void *input,
- size_t length,
- ...) GNUC_NULL_TERMINATED;
-
-#define P11_DIGEST_SHA1_LEN 20
-
-void p11_digest_sha1 (unsigned char *hash,
- const void *input,
- size_t length,
- ...) GNUC_NULL_TERMINATED;
-
-#endif /* P11_DIGEST_H_ */
diff --git a/trust/enumerate.c b/trust/enumerate.c
deleted file mode 100644
index dd3da3a..0000000
--- a/trust/enumerate.c
+++ /dev/null
@@ -1,743 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_TOOL
-
-#include "attrs.h"
-#include "debug.h"
-#include "oid.h"
-#include "dict.h"
-#include "extract.h"
-#include "message.h"
-#include "path.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "x509.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-static bool
-load_attached_extension (p11_dict *attached,
- p11_dict *asn1_defs,
- const unsigned char *der,
- size_t len)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
- node_asn *ext;
- char *oid;
- int length;
- int start;
- int end;
- int ret;
-
- ext = p11_asn1_decode (asn1_defs, "PKIX1.Extension", der, len, message);
- if (ext == NULL) {
- p11_message ("couldn't parse attached certificate extension: %s", message);
- return false;
- }
-
- ret = asn1_der_decoding_startEnd (ext, der, len, "extnID", &start, &end);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
-
- /* Make sure it's a straightforward oid with certain assumptions */
- length = (end - start) + 1;
- if (!p11_oid_simple (der + start, length)) {
- p11_debug ("strange complex certificate extension object id");
- return false;
- }
-
- oid = memdup (der + start, length);
- return_val_if_fail (oid != NULL, false);
-
- if (!p11_dict_set (attached, oid, ext))
- return_val_if_reached (false);
-
- return true;
-}
-
-static p11_dict *
-load_attached_extensions (p11_enumerate *ex,
- CK_ATTRIBUTE *spki)
-{
- CK_OBJECT_CLASS extension = CKO_X_CERTIFICATE_EXTENSION;
- CK_ATTRIBUTE *attrs;
- P11KitIter *iter;
- CK_RV rv = CKR_OK;
- p11_dict *attached;
-
- CK_ATTRIBUTE match[] = {
- { CKA_CLASS, &extension, sizeof (extension) },
- { CKA_PUBLIC_KEY_INFO, spki->pValue, spki->ulValueLen },
- };
-
- CK_ATTRIBUTE template[] = {
- { CKA_VALUE, },
- };
-
- attached = p11_dict_new (p11_oid_hash, p11_oid_equal,
- free, p11_asn1_free);
-
- /* No ID to use, just short circuit */
- if (!spki->pValue || !spki->ulValueLen)
- return attached;
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_add_filter (iter, match, 2);
- p11_kit_iter_begin_with (iter, p11_kit_iter_get_module (ex->iter),
- 0, p11_kit_iter_get_session (ex->iter));
-
- while (rv == CKR_OK) {
- rv = p11_kit_iter_next (iter);
- if (rv == CKR_OK) {
- attrs = p11_attrs_buildn (NULL, template, 1);
- rv = p11_kit_iter_load_attributes (iter, attrs, 1);
- if (rv == CKR_OK) {
- if (!load_attached_extension (attached, ex->asn1_defs,
- attrs[0].pValue,
- attrs[0].ulValueLen)) {
- rv = CKR_GENERAL_ERROR;
- }
- }
- p11_attrs_free (attrs);
- }
- }
-
- if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("couldn't load attached extensions for certificate: %s", p11_kit_strerror (rv));
- p11_dict_free (attached);
- attached = NULL;
- }
-
- p11_kit_iter_free (iter);
- return attached;
-}
-
-static bool
-extract_purposes (p11_enumerate *ex)
-{
- node_asn *ext = NULL;
- unsigned char *value = NULL;
- size_t length;
-
- if (ex->attached) {
- ext = p11_dict_get (ex->attached, P11_OID_EXTENDED_KEY_USAGE);
- if (ext != NULL) {
- value = p11_asn1_read (ext, "extnValue", &length);
- return_val_if_fail (value != NULL, false);
- }
- }
-
- if (value == NULL && ex->cert_asn) {
- value = p11_x509_find_extension (ex->cert_asn, P11_OID_EXTENDED_KEY_USAGE,
- ex->cert_der, ex->cert_len, &length);
- }
-
- /* No such extension, match anything */
- if (value == NULL)
- return true;
-
- ex->purposes = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length);
-
- free (value);
- return ex->purposes != NULL;
-}
-
-static bool
-check_trust_flags (p11_enumerate *ex)
-{
- CK_BBOOL trusted;
- CK_BBOOL distrusted;
- int flags = 0;
-
- /* If no extract trust flags, then just continue */
- if (!(ex->flags & (P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST)))
- return true;
-
- /* Is this a blacklisted directly? */
- if (p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &distrusted) && distrusted)
- flags = P11_ENUMERATE_BLACKLIST;
-
- /* Is it blacklisted elsewhere? then prevent it from being an anchor */
- else if (p11_dict_get (ex->blacklist_public_key, ex->attrs) ||
- p11_dict_get (ex->blacklist_issuer_serial, ex->attrs))
- flags = 0;
-
- /* Otherwise it might be an anchor? */
- else if (p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &trusted) && trusted)
- flags = P11_ENUMERATE_ANCHORS;
-
- /* Any of the flags can match */
- if (flags & ex->flags)
- return true;
-
- return false;
-}
-
-static bool
-extract_certificate (p11_enumerate *ex)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
- CK_ATTRIBUTE *attr;
-
- CK_ULONG type;
-
- /* Don't even bother with not X.509 certificates */
- if (!p11_attrs_find_ulong (ex->attrs, CKA_CERTIFICATE_TYPE, &type))
- type = (CK_ULONG)-1;
- if (type != CKC_X_509) {
- p11_debug ("skipping non X.509 certificate");
- return false;
- }
-
- attr = p11_attrs_find_valid (ex->attrs, CKA_VALUE);
- if (!attr || !attr->pValue) {
- p11_debug ("skipping certificate without a value");
- return false;
- }
-
- /*
- * If collapsing and have already seen this certificate, and shouldn't
- * process it even again during this extract procedure.
- */
- if (ex->flags & P11_ENUMERATE_COLLAPSE) {
- if (!ex->already_seen) {
- ex->already_seen = p11_dict_new (p11_attr_hash, p11_attr_equal,
- p11_attrs_free, NULL);
- return_val_if_fail (ex->already_seen != NULL, true);
- }
-
- if (p11_dict_get (ex->already_seen, attr))
- return false;
- }
-
- if (!check_trust_flags (ex)) {
- p11_debug ("skipping certificate that doesn't match trust flags");
- return false;
- }
-
- if (ex->already_seen) {
- if (!p11_dict_set (ex->already_seen,
- p11_attrs_build (NULL, attr, NULL), "x"))
- return_val_if_reached (true);
- }
-
- ex->cert_der = attr->pValue;
- ex->cert_len = attr->ulValueLen;
- ex->cert_asn = p11_asn1_decode (ex->asn1_defs, "PKIX1.Certificate",
- ex->cert_der, ex->cert_len, message);
-
- if (!ex->cert_asn) {
- p11_message ("couldn't parse certificate: %s", message);
- return false;
- }
-
- return true;
-}
-
-static bool
-extract_info (p11_enumerate *ex)
-{
- CK_ATTRIBUTE *attr;
- CK_RV rv;
-
- static const CK_ATTRIBUTE attr_types[] = {
- { CKA_ID, },
- { CKA_CLASS, },
- { CKA_CERTIFICATE_TYPE, },
- { CKA_LABEL, },
- { CKA_VALUE, },
- { CKA_SUBJECT, },
- { CKA_ISSUER, },
- { CKA_SERIAL_NUMBER, },
- { CKA_TRUSTED, },
- { CKA_CERTIFICATE_CATEGORY },
- { CKA_X_DISTRUSTED },
- { CKA_PUBLIC_KEY_INFO },
- { CKA_INVALID, },
- };
-
- ex->attrs = p11_attrs_dup (attr_types);
- rv = p11_kit_iter_load_attributes (ex->iter, ex->attrs, p11_attrs_count (ex->attrs));
-
- /* The attributes couldn't be loaded */
- if (rv != CKR_OK && rv != CKR_ATTRIBUTE_TYPE_INVALID && rv != CKR_ATTRIBUTE_SENSITIVE) {
- p11_message ("couldn't load attributes: %s", p11_kit_strerror (rv));
- return false;
- }
-
- /* No class attribute, very strange, just skip */
- if (!p11_attrs_find_ulong (ex->attrs, CKA_CLASS, &ex->klass))
- return false;
-
- /* If a certificate then */
- if (ex->klass != CKO_CERTIFICATE) {
- p11_message ("skipping non-certificate object");
- return false;
- }
-
- if (!extract_certificate (ex))
- return false;
-
- attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
- if (attr) {
- ex->attached = load_attached_extensions (ex, attr);
- if (!ex->attached)
- return false;
- }
-
- if (!extract_purposes (ex))
- return false;
-
- return true;
-}
-
-static void
-extract_clear (p11_enumerate *ex)
-{
- ex->klass = (CK_ULONG)-1;
-
- p11_attrs_free (ex->attrs);
- ex->attrs = NULL;
-
- asn1_delete_structure (&ex->cert_asn);
- ex->cert_der = NULL;
- ex->cert_len = 0;
-
- p11_dict_free (ex->attached);
- ex->attached = NULL;
-
- p11_array_free (ex->purposes);
- ex->purposes = NULL;
-}
-
-static CK_RV
-on_iterate_load_filter (p11_kit_iter *iter,
- CK_BBOOL *matches,
- void *data)
-{
- p11_enumerate *ex = data;
- int i;
-
- extract_clear (ex);
-
- /* Try to load the certificate and extensions */
- if (!extract_info (ex)) {
- *matches = CK_FALSE;
- return CKR_OK;
- }
-
- /*
- * Limit to certain purposes. Note that the lack of purposes noted
- * on the certificate means they match any purpose. This is the
- * behavior of the ExtendedKeyUsage extension.
- */
- if (ex->limit_to_purposes && ex->purposes) {
- *matches = CK_FALSE;
- for (i = 0; i < ex->purposes->num; i++) {
- if (p11_dict_get (ex->limit_to_purposes, ex->purposes->elem[i])) {
- *matches = CK_TRUE;
- break;
- }
- }
- }
-
- return CKR_OK;
-}
-
-/*
- * Various skip lookup tables, used for blacklists and collapsing
- * duplicate entries.
- *
- * The dict hash/lookup callbacks are special cased
- * so we can just pass in full attribute lists for lookup and only match
- * the attributes we're interested in.
- *
- * Note that both p11_attr_hash and p11_attr_equal are NULL safe.
- */
-
-static bool
-public_key_equal (const void *one,
- const void *two)
-{
- return p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_PUBLIC_KEY_INFO),
- p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_PUBLIC_KEY_INFO));
-}
-
-static unsigned int
-public_key_hash (const void *data)
-{
- return p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_PUBLIC_KEY_INFO));
-}
-
-static bool
-issuer_serial_equal (const void *one,
- const void *two)
-{
- return p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_ISSUER),
- p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_ISSUER)) &&
- p11_attr_equal (p11_attrs_find_valid ((CK_ATTRIBUTE *)one, CKA_SERIAL_NUMBER),
- p11_attrs_find_valid ((CK_ATTRIBUTE *)two, CKA_SERIAL_NUMBER));
-}
-
-static unsigned int
-issuer_serial_hash (const void *data)
-{
- return p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_ISSUER)) ^
- p11_attr_hash (p11_attrs_find_valid ((CK_ATTRIBUTE *)data, CKA_SERIAL_NUMBER));
-}
-
-static bool
-blacklist_load (p11_enumerate *ex)
-{
- p11_kit_iter *iter;
- CK_BBOOL distrusted = CK_TRUE;
- CK_RV rv = CKR_OK;
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *key;
- CK_ATTRIBUTE *serial;
- CK_ATTRIBUTE *issuer;
- CK_ATTRIBUTE *public_key;
-
- CK_ATTRIBUTE match[] = {
- { CKA_X_DISTRUSTED, &distrusted, sizeof (distrusted) },
- };
-
- CK_ATTRIBUTE template[] = {
- { CKA_SERIAL_NUMBER, },
- { CKA_PUBLIC_KEY_INFO, },
- { CKA_ISSUER, },
- };
-
- iter = p11_kit_iter_new (ex->uri, 0);
- p11_kit_iter_add_filter (iter, match, 1);
- p11_kit_iter_begin (iter, ex->modules);
-
- attrs = p11_attrs_buildn (NULL, template, 3);
-
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-
- /*
- * Fail "safe" in that first failure doesn't cause ignoring
- * the remainder of the blacklist.
- */
- rv = p11_kit_iter_load_attributes (iter, attrs, 3);
- if (rv != CKR_OK) {
- p11_message ("couldn't load blacklist: %s", p11_kit_strerror (rv));
- continue;
- }
-
- /* A blacklisted item with an issuer and serial number */
- issuer = p11_attrs_find_valid (attrs, CKA_ISSUER);
- serial = p11_attrs_find_valid (attrs, CKA_SERIAL_NUMBER);
- if (issuer != NULL && serial != NULL) {
- key = p11_attrs_build (NULL, issuer, serial, NULL);
- if (!key || !p11_dict_set (ex->blacklist_issuer_serial, key, "x"))
- return_val_if_reached (false);
- }
-
- /* A blacklisted item with a public key */
- public_key = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO);
- if (public_key != NULL) {
- key = p11_attrs_build (NULL, public_key, NULL);
- if (!public_key || !p11_dict_set (ex->blacklist_public_key, key, "x"))
- return_val_if_reached (false);
- }
- }
-
- p11_attrs_free (attrs);
- p11_kit_iter_free (iter);
-
- if (rv == CKR_CANCEL)
- return true;
-
- p11_message ("couldn't load blacklist: %s", p11_kit_strerror (rv));
- return false;
-}
-
-void
-p11_enumerate_init (p11_enumerate *ex)
-{
- memset (ex, 0, sizeof (p11_enumerate));
- ex->asn1_defs = p11_asn1_defs_load ();
- return_if_fail (ex->asn1_defs != NULL);
-
- ex->iter = p11_kit_iter_new (NULL, 0);
- return_if_fail (ex->iter != NULL);
-
- ex->blacklist_public_key = p11_dict_new (public_key_hash, public_key_equal,
- p11_attrs_free, NULL);
- return_if_fail (ex->blacklist_public_key);
-
- ex->blacklist_issuer_serial = p11_dict_new (issuer_serial_hash, issuer_serial_equal,
- p11_attrs_free, NULL);
- return_if_fail (ex->blacklist_issuer_serial);
-
- p11_kit_iter_add_callback (ex->iter, on_iterate_load_filter, ex, NULL);
-}
-
-void
-p11_enumerate_cleanup (p11_enumerate *ex)
-{
- extract_clear (ex);
-
- p11_dict_free (ex->limit_to_purposes);
- ex->limit_to_purposes = NULL;
-
- p11_dict_free (ex->already_seen);
- ex->already_seen = NULL;
- p11_dict_free (ex->blacklist_public_key);
- ex->blacklist_public_key = NULL;
- p11_dict_free (ex->blacklist_issuer_serial);
- ex->blacklist_issuer_serial = NULL;
-
- p11_dict_free (ex->asn1_defs);
- ex->asn1_defs = NULL;
-
- p11_kit_iter_free (ex->iter);
- ex->iter = NULL;
-
- if (ex->modules) {
- p11_kit_modules_finalize_and_release (ex->modules);
- ex->modules = NULL;
- }
-
- if (ex->uri) {
- p11_kit_uri_free (ex->uri);
- ex->uri = NULL;
- }
-}
-
-bool
-p11_enumerate_opt_filter (p11_enumerate *ex,
- const char *option)
-{
- CK_ATTRIBUTE *attrs;
- int ret;
-
- CK_OBJECT_CLASS vcertificate = CKO_CERTIFICATE;
- CK_ULONG vauthority = 2;
- CK_CERTIFICATE_TYPE vx509 = CKC_X_509;
-
- CK_ATTRIBUTE certificate = { CKA_CLASS, &vcertificate, sizeof (vcertificate) };
- CK_ATTRIBUTE authority = { CKA_CERTIFICATE_CATEGORY, &vauthority, sizeof (vauthority) };
- CK_ATTRIBUTE x509= { CKA_CERTIFICATE_TYPE, &vx509, sizeof (vx509) };
-
- if (strncmp (option, "pkcs11:", 7) == 0) {
- if (ex->uri != NULL) {
- p11_message ("a PKCS#11 URI has already been specified");
- return false;
- }
-
- ex->uri = p11_kit_uri_new ();
- ret = p11_kit_uri_parse (option, P11_KIT_URI_FOR_OBJECT_ON_TOKEN_AND_MODULE, ex->uri);
- if (ret != P11_KIT_URI_OK) {
- p11_message ("couldn't parse pkcs11 uri filter: %s", option);
- return false;
- }
-
- if (p11_kit_uri_any_unrecognized (ex->uri))
- p11_message ("uri contained unrecognized components, nothing will be extracted");
-
- p11_kit_iter_set_uri (ex->iter, ex->uri);
- ex->num_filters++;
- return true;
- }
-
- if (strcmp (option, "ca-anchors") == 0) {
- attrs = p11_attrs_build (NULL, &certificate, &authority, &x509, NULL);
- ex->flags |= P11_ENUMERATE_ANCHORS | P11_ENUMERATE_COLLAPSE;
-
- } else if (strcmp (option, "trust-policy") == 0) {
- attrs = p11_attrs_build (NULL, &certificate, &x509, NULL);
- ex->flags |= P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_COLLAPSE;
-
- } else if (strcmp (option, "blacklist") == 0) {
- attrs = p11_attrs_build (NULL, &certificate, &x509, NULL);
- ex->flags |= P11_ENUMERATE_BLACKLIST | P11_ENUMERATE_COLLAPSE;
-
- } else if (strcmp (option, "certificates") == 0) {
- attrs = p11_attrs_build (NULL, &certificate, &x509, NULL);
- ex->flags |= P11_ENUMERATE_COLLAPSE;
-
- } else {
- p11_message ("unsupported or unrecognized filter: %s", option);
- return false;
- }
-
- p11_kit_iter_add_filter (ex->iter, attrs, p11_attrs_count (attrs));
- ex->num_filters++;
- return true;
-}
-
-static int
-is_valid_oid_rough (const char *string)
-{
- size_t len;
-
- len = strlen (string);
-
- /* Rough check if a valid OID */
- return (strspn (string, "0123456789.") == len &&
- !strstr (string, "..") && string[0] != '\0' && string[0] != '.' &&
- string[len - 1] != '.');
-}
-
-bool
-p11_enumerate_opt_purpose (p11_enumerate *ex,
- const char *option)
-{
- const char *oid;
- char *value;
-
- if (strcmp (option, "server-auth") == 0) {
- oid = P11_OID_SERVER_AUTH_STR;
- } else if (strcmp (option, "client-auth") == 0) {
- oid = P11_OID_CLIENT_AUTH_STR;
- } else if (strcmp (option, "email-protection") == 0 || strcmp (option, "email") == 0) {
- oid = P11_OID_EMAIL_PROTECTION_STR;
- } else if (strcmp (option, "code-signing") == 0) {
- oid = P11_OID_CODE_SIGNING_STR;
- } else if (strcmp (option, "ipsec-end-system") == 0) {
- oid = P11_OID_IPSEC_END_SYSTEM_STR;
- } else if (strcmp (option, "ipsec-tunnel") == 0) {
- oid = P11_OID_IPSEC_TUNNEL_STR;
- } else if (strcmp (option, "ipsec-user") == 0) {
- oid = P11_OID_IPSEC_USER_STR;
- } else if (strcmp (option, "time-stamping") == 0) {
- oid = P11_OID_TIME_STAMPING_STR;
- } else if (is_valid_oid_rough (option)) {
- oid = option;
- } else {
- p11_message ("unsupported or unregonized purpose: %s", option);
- return false;
- }
-
- if (!ex->limit_to_purposes) {
- ex->limit_to_purposes = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
- return_val_if_fail (ex->limit_to_purposes != NULL, false);
- }
-
- value = strdup (oid);
- return_val_if_fail (value != NULL, false);
- if (!p11_dict_set (ex->limit_to_purposes, value, value))
- return_val_if_reached (false);
-
- return true;
-}
-
-bool
-p11_enumerate_ready (p11_enumerate *ex,
- const char *def_filter)
-{
- if (def_filter && ex->num_filters == 0) {
- if (!p11_enumerate_opt_filter (ex, def_filter))
- return_val_if_reached (false);
- }
-
- /*
- * We only "believe" the CKA_TRUSTED and CKA_X_DISTRUSTED attributes
- * we get from modules explicitly marked as containing trust-policy.
- */
- if (!ex->modules)
- ex->modules = p11_kit_modules_load_and_initialize (P11_KIT_MODULE_TRUSTED);
- if (!ex->modules)
- return false;
- if (ex->modules[0] == NULL)
- p11_message ("no modules containing trust policy are registered");
-
- /*
- * If loading anchors, then the caller expects that the blacklist is
- * "applied" and any anchors on the blacklist are taken out. This is
- * for compatibility with software that does not support blacklists.
- */
- if (ex->flags & P11_ENUMERATE_ANCHORS) {
- if (!blacklist_load (ex))
- return false;
- }
-
- p11_kit_iter_begin (ex->iter, ex->modules);
- return true;
-}
-
-static char *
-extract_label (p11_enumerate *ex)
-{
- CK_ATTRIBUTE *attr;
-
- /* Look for a label and just use that */
- attr = p11_attrs_find_valid (ex->attrs, CKA_LABEL);
- if (attr && attr->pValue && attr->ulValueLen)
- return strndup (attr->pValue, attr->ulValueLen);
-
- /* For extracting certificates */
- if (ex->klass == CKO_CERTIFICATE)
- return strdup ("certificate");
-
- return strdup ("unknown");
-}
-
-char *
-p11_enumerate_filename (p11_enumerate *ex)
-{
- char *label;
-
- label = extract_label (ex);
- return_val_if_fail (label != NULL, NULL);
-
- p11_path_canon (label);
- return label;
-}
-
-char *
-p11_enumerate_comment (p11_enumerate *ex,
- bool first)
-{
- char *comment;
- char *label;
-
- if (!(ex->flags & P11_EXTRACT_COMMENT))
- return NULL;
-
- label = extract_label (ex);
- if (!asprintf (&comment, "%s# %s\n",
- first ? "" : "\n",
- label ? label : ""))
- return_val_if_reached (NULL);
-
- free (label);
- return comment;
-}
diff --git a/trust/enumerate.h b/trust/enumerate.h
deleted file mode 100644
index 411820a..0000000
--- a/trust/enumerate.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#ifndef P11_ENUMERATE_H_
-#define P11_ENUMERATE_H_
-
-#include "array.h"
-#include "asn1.h"
-#include "dict.h"
-
-#include "p11-kit/iter.h"
-#include "p11-kit/pkcs11.h"
-
-enum {
- /* These overlap with the flags in save.h, so start higher */
- P11_ENUMERATE_ANCHORS = 1 << 21,
- P11_ENUMERATE_BLACKLIST = 1 << 22,
- P11_ENUMERATE_COLLAPSE = 1 << 23,
-};
-
-typedef struct {
- CK_FUNCTION_LIST **modules;
- p11_kit_iter *iter;
- p11_kit_uri *uri;
-
- p11_dict *asn1_defs;
- p11_dict *limit_to_purposes;
- p11_dict *already_seen;
- int num_filters;
- int flags;
-
- p11_dict *blacklist_issuer_serial;
- p11_dict *blacklist_public_key;
-
- /*
- * Stuff below is parsed info for the current iteration.
- * Currently this information is generally all relevant
- * just for certificates.
- */
-
- CK_OBJECT_CLASS klass;
- CK_ATTRIBUTE *attrs;
-
- /* Pre-parsed data for certificates */
- node_asn *cert_asn;
- const unsigned char *cert_der;
- size_t cert_len;
-
- /* DER OID -> CK_ATTRIBUTE list */
- p11_dict *attached;
-
- /* Set of OID purposes as strings */
- p11_array *purposes;
-} p11_enumerate;
-
-char * p11_enumerate_filename (p11_enumerate *ex);
-
-char * p11_enumerate_comment (p11_enumerate *ex,
- bool first);
-
-void p11_enumerate_init (p11_enumerate *ex);
-
-bool p11_enumerate_opt_filter (p11_enumerate *ex,
- const char *option);
-
-bool p11_enumerate_opt_purpose (p11_enumerate *ex,
- const char *option);
-
-bool p11_enumerate_ready (p11_enumerate *ex,
- const char *def_filter);
-
-void p11_enumerate_cleanup (p11_enumerate *ex);
-
-#endif /* P11_ENUMERATE_H_ */
diff --git a/trust/extract-cer.c b/trust/extract-cer.c
deleted file mode 100644
index b59be80..0000000
--- a/trust/extract-cer.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#include "debug.h"
-#include "extract.h"
-#include "message.h"
-#include "save.h"
-
-#include <stdlib.h>
-
-bool
-p11_extract_x509_file (p11_enumerate *ex,
- const char *destination)
-{
- bool found = false;
- p11_save_file *file;
- CK_RV rv;
-
- while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
- if (found) {
- p11_message ("multiple certificates found but could only write one to file");
- break;
- }
-
- file = p11_save_open_file (destination, NULL, ex->flags);
- if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len))
- return false;
-
- /* Wrote something */
- found = true;
- }
-
- if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
- return false;
-
- /* Remember that an empty DER file is not a valid file, so complain if nothing */
- } else if (!found) {
- p11_message ("no certificate found");
- return false;
- }
-
- return true;
-}
-
-bool
-p11_extract_x509_directory (p11_enumerate *ex,
- const char *destination)
-{
- p11_save_file *file;
- p11_save_dir *dir;
- char *filename;
- CK_RV rv;
- bool ret;
-
- dir = p11_save_open_directory (destination, ex->flags);
- if (dir == NULL)
- return false;
-
- while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
- filename = p11_enumerate_filename (ex);
- return_val_if_fail (filename != NULL, -1);
-
- file = p11_save_open_file_in (dir, filename, ".cer");
- free (filename);
-
- if (!p11_save_write_and_finish (file, ex->cert_der, ex->cert_len)) {
- p11_save_finish_directory (dir, false);
- return false;
- }
- }
-
- if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
- ret = false;
- } else {
- ret = true;
- }
-
- p11_save_finish_directory (dir, ret);
- return ret;
-}
diff --git a/trust/extract-jks.c b/trust/extract-jks.c
deleted file mode 100644
index b409046..0000000
--- a/trust/extract-jks.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "attrs.h"
-#include "buffer.h"
-#include "compat.h"
-#include "debug.h"
-#include "extract.h"
-#include "digest.h"
-#include "message.h"
-#include "save.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-
-static void
-encode_msb_short (unsigned char *data,
- int16_t value)
-{
- uint16_t v;
-
- /* At this point we only support positive numbers */
- assert (value >= 0);
- assert (value < INT16_MAX);
-
- v = (uint16_t)value;
- data[0] = (v >> 8) & 0xff;
- data[1] = (v >> 0) & 0xff;
-}
-
-static void
-encode_msb_int (unsigned char *data,
- int32_t value)
-{
- uint32_t v;
-
- /* At this point we only support positive numbers */
- assert (value >= 0);
- assert (value < INT32_MAX);
-
- v = (uint32_t)value;
- data[0] = (v >> 24) & 0xff;
- data[1] = (v >> 16) & 0xff;
- data[2] = (v >> 8) & 0xff;
- data[3] = (v >> 0) & 0xff;
-}
-
-static void
-encode_msb_long (unsigned char *data,
- int64_t value)
-{
- uint64_t v;
-
- /* At this point we only support positive numbers */
- assert (value >= 0);
- assert (value < INT64_MAX);
-
- v = (uint64_t)value;
- data[0] = (v >> 56) & 0xff;
- data[1] = (v >> 48) & 0xff;
- data[2] = (v >> 40) & 0xff;
- data[3] = (v >> 32) & 0xff;
- data[4] = (v >> 24) & 0xff;
- data[5] = (v >> 16) & 0xff;
- data[6] = (v >> 8) & 0xff;
- data[7] = (v >> 0) & 0xff;
-}
-
-static void
-add_msb_int (p11_buffer *buffer,
- int32_t value)
-{
- unsigned char *data = p11_buffer_append (buffer, 4);
- return_if_fail (data != NULL);
- encode_msb_int (data, value);
-}
-
-static void
-add_msb_long (p11_buffer *buffer,
- int64_t value)
-{
- unsigned char *data = p11_buffer_append (buffer, 8);
- return_if_fail (data != NULL);
- encode_msb_long (data, value);
-}
-
-static void
-add_string (p11_buffer *buffer,
- const char *string,
- size_t length)
-{
- unsigned char *data;
-
- if (length > INT16_MAX) {
- p11_message ("truncating long string");
- length = INT16_MAX;
- }
-
- data = p11_buffer_append (buffer, 2);
- return_if_fail (data != NULL);
- encode_msb_short (data, length);
- p11_buffer_add (buffer, string, length);
-}
-
-static void
-convert_alias (const char *input,
- size_t length,
- p11_buffer *buf)
-{
- char ch;
- size_t i;
-
- /*
- * Java requires that the aliases are 'converted'. For the basic java
- * cacerts key store this is lower case. We just do this for ASCII, since
- * we don't want to have to bring in unicode case rules. Since we're
- * screwing around, we also take out spaces, to make these look like
- * java aliases.
- */
-
- for (i = 0; i < length; i++) {
- ch = input[i];
- if (!isspace (ch) && (ch & 0x80) == 0) {
- ch = tolower (ch);
- p11_buffer_add (buf, &ch, 1);
- }
- }
-}
-
-static bool
-add_alias (p11_buffer *buffer,
- p11_dict *aliases,
- CK_ATTRIBUTE *label)
-{
- const char *input;
- size_t input_len;
- size_t length;
- p11_buffer buf;
- char num[32];
- char *alias;
- int i;
-
- p11_buffer_init_null (&buf, 64);
-
- if (label && label->pValue) {
- input = label->pValue;
- input_len = label->ulValueLen;
- } else {
- input = "unlabeled";
- input_len = strlen (input);
- }
-
- convert_alias (input, input_len, &buf);
-
- for (i = 0; i < INT32_MAX; i++) {
- if (i > 0) {
- snprintf (num, sizeof (num), "-%d", i);
- p11_buffer_add (&buf, num, -1);
- }
-
- return_val_if_fail (p11_buffer_ok (&buf), false);
- if (!p11_dict_get (aliases, buf.data)) {
- alias = p11_buffer_steal (&buf, &length);
- if (!p11_dict_set (aliases, alias, alias))
- return_val_if_reached (false);
- add_string (buffer, alias, length);
- return true;
- }
-
- p11_buffer_reset (&buf, 0);
- }
-
- return false;
-}
-
-static bool
-prepare_jks_buffer (p11_enumerate *ex,
- p11_buffer *buffer)
-{
- const unsigned char magic[] = { 0xfe, 0xed, 0xfe, 0xed };
- const int version = 2;
- size_t count_at;
- unsigned char *digest;
- CK_ATTRIBUTE *label;
- p11_dict *aliases;
- size_t length;
- int64_t now;
- int count;
- CK_RV rv;
-
- enum {
- private_key = 1,
- trusted_cert = 2,
- };
-
- /*
- * Documented in the java sources in the file:
- * src/share/classes/sun/security/provider/JavaKeyStore.java
- */
-
- p11_buffer_add (buffer, magic, sizeof (magic));
- add_msb_int (buffer, version);
- count_at = buffer->len;
- p11_buffer_append (buffer, 4);
- count = 0;
-
- /*
- * We use the current time for each entry. Java expects the time
- * when this was this certificate was added to the keystore, however
- * we don't have that information. Java uses time in milliseconds
- */
- now = time (NULL);
- return_val_if_fail (now > 0, false);
- now *= 1000; /* seconds to milliseconds */
-
- /*
- * The aliases in the output file need to be unique. We use a hash
- * table to guarantee this.
- */
- aliases = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
- return_val_if_fail (aliases != NULL, false);
-
- /* For every certificate */
- while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
- count++;
-
- /* The type of entry */
- add_msb_int (buffer, trusted_cert);
-
- /* The alias */
- label = p11_attrs_find_valid (ex->attrs, CKA_LABEL);
- if (!add_alias (buffer, aliases, label)) {
- p11_message ("could not generate a certificate alias name");
- p11_dict_free (aliases);
- return false;
- }
-
- /* The creation date: current time */
- add_msb_long (buffer, now);
-
- /* The type of the certificate */
- add_string (buffer, "X.509", 5);
-
- /* The DER encoding of the certificate */
- add_msb_int (buffer, ex->cert_len);
- p11_buffer_add (buffer, ex->cert_der, ex->cert_len);
- }
-
- p11_dict_free (aliases);
-
- if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
- return false;
- }
-
- /* Place the count in the right place */
- encode_msb_int ((unsigned char *)buffer->data + count_at, count);
-
- /*
- * Java keystore reinvents HMAC and uses it to try and "secure" the
- * cacerts. We fill this in and use the default "changeit" string
- * as the password for this keyed digest.
- */
- length = buffer->len;
- digest = p11_buffer_append (buffer, P11_DIGEST_SHA1_LEN);
- return_val_if_fail (digest != NULL, false);
- p11_digest_sha1 (digest,
- "\000c\000h\000a\000n\000g\000e\000i\000t", (size_t)16, /* default password */
- "Mighty Aphrodite", (size_t)16, /* go figure */
- buffer->data, length,
- NULL);
-
- return_val_if_fail (p11_buffer_ok (buffer), false);
- return true;
-}
-
-bool
-p11_extract_jks_cacerts (p11_enumerate *ex,
- const char *destination)
-{
- p11_buffer buffer;
- p11_save_file *file;
- bool ret;
-
- p11_buffer_init (&buffer, 1024 * 10);
- ret = prepare_jks_buffer (ex, &buffer);
- if (ret) {
- file = p11_save_open_file (destination, NULL, ex->flags);
- ret = p11_save_write_and_finish (file, buffer.data, buffer.len);
- }
-
- p11_buffer_uninit (&buffer);
- return ret;
-}
diff --git a/trust/extract-openssl.c b/trust/extract-openssl.c
deleted file mode 100644
index 3271339..0000000
--- a/trust/extract-openssl.c
+++ /dev/null
@@ -1,696 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "asn1.h"
-#include "attrs.h"
-#include "buffer.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "digest.h"
-#include "extract.h"
-#include "message.h"
-#include "oid.h"
-#include "path.h"
-#include "pem.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "save.h"
-#include "utf8.h"
-#include "x509.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-
-/* These functions are declared with a global scope for testing */
-
-void p11_openssl_canon_string (char *str,
- size_t *len);
-
-bool p11_openssl_canon_string_der (p11_buffer *der);
-
-bool p11_openssl_canon_name_der (p11_dict *asn1_defs,
- p11_buffer *der);
-
-static p11_array *
-empty_usages (void)
-{
- return p11_array_new (free);
-}
-
-static bool
-known_usages (p11_array *oids)
-{
- char *string;
- int i;
-
- static const char *const strings[] = {
- P11_OID_SERVER_AUTH_STR,
- P11_OID_CLIENT_AUTH_STR,
- P11_OID_CODE_SIGNING_STR,
- P11_OID_EMAIL_PROTECTION_STR,
- P11_OID_IPSEC_END_SYSTEM_STR,
- P11_OID_IPSEC_TUNNEL_STR,
- P11_OID_IPSEC_USER_STR,
- P11_OID_TIME_STAMPING_STR,
- NULL,
- };
-
- for (i = 0; strings[i] != NULL; i++) {
- string = strdup (strings[i]);
- return_val_if_fail (string != NULL, false);
- if (!p11_array_push (oids, string))
- return_val_if_reached (false);
- }
-
- return true;
-}
-
-static bool
-load_usage_ext (p11_enumerate *ex,
- const unsigned char *ext_oid,
- p11_array **oids)
-{
- unsigned char *value;
- node_asn *ext = NULL;
- size_t length;
-
- if (ex->attached)
- ext = p11_dict_get (ex->attached, ext_oid);
- if (ext == NULL) {
- *oids = NULL;
- return true;
- }
-
- value = p11_asn1_read (ext, "extnValue", &length);
- return_val_if_fail (value != NULL, false);
-
- *oids = p11_x509_parse_extended_key_usage (ex->asn1_defs, value, length);
- return_val_if_fail (*oids != NULL, false);
-
- free (value);
- return true;
-}
-
-static bool
-write_usages (node_asn *asn,
- const char *field,
- p11_array *oids)
-{
- char *last;
- int ret;
- int i;
-
- /*
- * No oids? Then doing this will make the entire optional
- * field go away
- */
- if (oids == NULL) {
- ret = asn1_write_value (asn, field, NULL, 0);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
-
- } else {
- if (asprintf (&last, "%s.?LAST", field) < 0)
- return_val_if_reached (false);
- for (i = 0; i < oids->num; i++) {
- ret = asn1_write_value (asn, field, "NEW", 1);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- ret = asn1_write_value (asn, last, oids->elem[i], -1);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- }
-
- free (last);
- }
-
- return true;
-}
-
-static bool
-write_trust_and_rejects (p11_enumerate *ex,
- node_asn *asn)
-{
- p11_array *trusts = NULL;
- p11_array *rejects = NULL;
- CK_BBOOL trust;
- CK_BBOOL distrust;
-
- if (!p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &trust))
- trust = CK_FALSE;
- if (!p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &distrust))
- distrust = CK_FALSE;
-
- if (!load_usage_ext (ex, P11_OID_OPENSSL_REJECT, &rejects))
- return_val_if_reached (false);
-
- if (distrust) {
-
- /*
- * If this is on the blacklist then, make sure we have
- * an empty trusts field and add as many things to rejects
- * as possible.
- */
- trusts = NULL;
-
- if (!rejects)
- rejects = empty_usages ();
- if (!known_usages (rejects))
- return_val_if_reached (false);
- return_val_if_fail (rejects != NULL, false);
-
- } else if (trust) {
-
- /*
- * If this is an anchor, then try and guarantee that there
- * are some trust anchors.
- */
-
- if (!load_usage_ext (ex, P11_OID_EXTENDED_KEY_USAGE, &trusts))
- return_val_if_reached (false);
-
- } else {
-
- /*
- * This is not an anchor, always put an empty trusts
- * section, with possible rejects, loaded above
- */
-
- trusts = empty_usages ();
- }
-
- if (!write_usages (asn, "trust", trusts) ||
- !write_usages (asn, "reject", rejects))
- return_val_if_reached (false);
-
- p11_array_free (trusts);
- p11_array_free (rejects);
- return true;
-}
-
-static bool
-write_keyid (p11_enumerate *ex,
- node_asn *asn)
-{
- unsigned char *value = NULL;
- node_asn *ext = NULL;
- size_t length = 0;
- int ret;
-
- if (ex->attached)
- ext = p11_dict_get (ex->attached, P11_OID_SUBJECT_KEY_IDENTIFIER);
- if (ext != NULL) {
- value = p11_asn1_read (ext, "extnValue", &length);
- return_val_if_fail (value != NULL, false);
- }
-
- ret = asn1_write_value (asn, "keyid", value, length);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- free (value);
-
- return true;
-}
-
-static bool
-write_alias (p11_enumerate *ex,
- node_asn *asn)
-{
- CK_ATTRIBUTE *label;
- int ret;
-
- label = p11_attrs_find_valid (ex->attrs, CKA_LABEL);
- if (label == NULL) {
- ret = asn1_write_value (asn, "alias", NULL, 0);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- } else {
- ret = asn1_write_value (asn, "alias", label->pValue, label->ulValueLen);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- }
-
- return true;
-}
-
-static bool
-write_other (p11_enumerate *ex,
- node_asn *asn)
-{
- int ret;
-
- ret = asn1_write_value (asn, "other", NULL, 0);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
-
- return true;
-}
-
-static bool
-prepare_pem_contents (p11_enumerate *ex,
- p11_buffer *buffer)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
- unsigned char *der;
- node_asn *asn;
- size_t offset;
- int ret;
- int len;
-
- p11_buffer_add (buffer, ex->cert_der, ex->cert_len);
-
- asn = p11_asn1_create (ex->asn1_defs, "OPENSSL.CertAux");
- return_val_if_fail (asn != NULL, false);
-
- if (!write_trust_and_rejects (ex, asn) ||
- !write_alias (ex, asn) ||
- !write_keyid (ex, asn) ||
- !write_other (ex, asn))
- return_val_if_reached (false);
-
- len = 0;
- offset = buffer->len;
-
- ret = asn1_der_coding (asn, "", NULL, &len, message);
- return_val_if_fail (ret == ASN1_MEM_ERROR, false);
-
- der = p11_buffer_append (buffer, len);
- return_val_if_fail (der != NULL, false);
-
- ret = asn1_der_coding (asn, "", der, &len, message);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
-
- buffer->len = offset + len;
- asn1_delete_structure (&asn);
- return true;
-}
-
-bool
-p11_extract_openssl_bundle (p11_enumerate *ex,
- const char *destination)
-{
- p11_save_file *file;
- p11_buffer output;
- p11_buffer buf;
- char *comment;
- bool ret = true;
- bool first;
- CK_RV rv;
-
- file = p11_save_open_file (destination, NULL, ex->flags);
- if (!file)
- return false;
-
- first = true;
- p11_buffer_init (&output, 0);
- while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
- p11_buffer_init (&buf, 1024);
- if (!p11_buffer_reset (&output, 2048))
- return_val_if_reached (false);
-
- if (prepare_pem_contents (ex, &buf)) {
- if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output))
- return_val_if_reached (false);
-
- comment = p11_enumerate_comment (ex, first);
- first = false;
-
- ret = p11_save_write (file, comment, -1) &&
- p11_save_write (file, output.data, output.len);
-
- free (comment);
- }
-
- p11_buffer_uninit (&buf);
-
- if (!ret)
- break;
- }
-
- p11_buffer_uninit (&output);
-
- if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
- ret = false;
- }
-
- /*
- * This will produce an empty file (which is a valid PEM bundle) if no
- * certificates were found.
- */
-
- if (!p11_save_finish_file (file, NULL, ret))
- ret = false;
- return ret;
-}
-
-void
-p11_openssl_canon_string (char *str,
- size_t *len)
-{
- bool nsp;
- bool sp;
- char *in;
- char *out;
- char *end;
-
- /*
- * Now that the string is UTF-8 here we convert the string to the
- * OpenSSL canonical form. This is a bit odd and openssl specific.
- * Basically they ignore any char over 127, do ascii tolower() stuff
- * and collapse spaces based on isspace().
- */
-
- for (in = out = str, end = out + *len, sp = false, nsp = false; in < end; in++) {
- if (*in & 0x80 || !isspace (*in)) {
- /* If there has been a space, then add one */
- if (sp)
- *out++ = ' ';
- *out++ = (*in & 0x80) ? *in : tolower (*in);
- sp = false;
- nsp = true;
- /* If there has been a non-space, then note we should get one */
- } else if (nsp) {
- nsp = false;
- sp = true;
- }
- }
-
- if (out < end)
- out[0] = 0;
- *len = out - str;
-}
-
-bool
-p11_openssl_canon_string_der (p11_buffer *der)
-{
- char *string;
- size_t length;
- int output_len;
- int len_len;
- bool unknown_string;
- unsigned char *output;
- int len;
-
- string = p11_x509_parse_directory_string (der->data, der->len, &unknown_string, &length);
-
- /* Just pass through all the non-string types */
- if (string == NULL)
- return unknown_string;
-
- p11_openssl_canon_string (string, &length);
-
- asn1_length_der (length, NULL, &len_len);
- output_len = 1 + len_len + length;
-
- if (!p11_buffer_reset (der, output_len))
- return_val_if_reached (false);
-
- output = der->data;
- der->len = output_len;
-
- output[0] = 12; /* UTF8String */
- len = output_len - 1;
- asn1_octet_der ((unsigned char *)string, length, output + 1, &len);
- assert (len == output_len - 1);
-
- free (string);
- return true;
-}
-
-bool
-p11_openssl_canon_name_der (p11_dict *asn1_defs,
- p11_buffer *der)
-{
- p11_buffer value;
- char outer[64];
- char field[64];
- node_asn *name;
- void *at;
- int value_len;
- bool failed;
- size_t offset;
- int ret;
- int num;
- int len;
- int i, j;
-
- name = p11_asn1_decode (asn1_defs, "PKIX1.Name", der->data, der->len, NULL);
- return_val_if_fail (name != NULL, false);
-
- ret = asn1_number_of_elements (name, "rdnSequence", &num);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
-
- p11_buffer_init (&value, 0);
- p11_buffer_reset (der, 0);
-
- for (i = 1, failed = false; !failed && i < num + 1; i++) {
- snprintf (outer, sizeof (outer), "rdnSequence.?%d", i);
- for (j = 1; !failed; j++) {
- snprintf (field, sizeof (field), "%s.?%d.value", outer, j);
-
- value_len = 0;
- ret = asn1_read_value (name, field, NULL, &value_len);
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- break;
-
- return_val_if_fail (ret == ASN1_MEM_ERROR, false);
-
- if (!p11_buffer_reset (&value, value_len))
- return_val_if_reached (false);
-
- ret = asn1_read_value (name, field, value.data, &value_len);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- value.len = value_len;
-
- if (p11_openssl_canon_string_der (&value)) {
- ret = asn1_write_value (name, field, value.data, value.len);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- } else {
- failed = true;
- }
- }
-
- /*
- * Yes the OpenSSL canon strangeness, is a concatenation
- * of all the RelativeDistinguishedName DER encodings, without
- * an outside wrapper.
- */
- if (!failed) {
- len = -1;
- ret = asn1_der_coding (name, outer, NULL, &len, NULL);
- return_val_if_fail (ret == ASN1_MEM_ERROR, false);
-
- offset = der->len;
- at = p11_buffer_append (der, len);
- return_val_if_fail (at != NULL, false);
-
- ret = asn1_der_coding (name, outer, at, &len, NULL);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- der->len = offset + len;
- }
- }
-
- asn1_delete_structure (&name);
- p11_buffer_uninit (&value);
- return !failed;
-}
-
-#ifdef OS_UNIX
-
-static char *
-symlink_for_subject_hash (p11_enumerate *ex)
-{
- unsigned char md[P11_DIGEST_SHA1_LEN];
- p11_buffer der;
- CK_ATTRIBUTE *subject;
- unsigned long hash;
- char *linkname = NULL;
-
- subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT);
- if (!subject || !subject->pValue || !subject->ulValueLen)
- return NULL;
-
- p11_buffer_init_full (&der, memdup (subject->pValue, subject->ulValueLen),
- subject->ulValueLen, 0, realloc, free);
- return_val_if_fail (der.data != NULL, NULL);
-
- if (p11_openssl_canon_name_der (ex->asn1_defs, &der)) {
- p11_digest_sha1 (md, der.data, der.len, NULL);
-
- hash = (
- ((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) |
- ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
- ) & 0xffffffffL;
-
- if (asprintf (&linkname, "%08lx", hash) < 0)
- return_val_if_reached (NULL);
- }
-
- p11_buffer_uninit (&der);
- return linkname;
-}
-
-static char *
-symlink_for_subject_old_hash (p11_enumerate *ex)
-{
- unsigned char md[P11_DIGEST_MD5_LEN];
- CK_ATTRIBUTE *subject;
- unsigned long hash;
- char *linkname;
-
- subject = p11_attrs_find_valid (ex->attrs, CKA_SUBJECT);
- if (!subject)
- return NULL;
-
- p11_digest_md5 (md, subject->pValue, (size_t)subject->ulValueLen, NULL);
-
- hash = (
- ((unsigned long)md[0] ) | ((unsigned long)md[1] << 8L) |
- ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
- ) & 0xffffffffL;
-
- if (asprintf (&linkname, "%08lx", hash) < 0)
- return_val_if_reached (NULL);
-
- return linkname;
-}
-
-#endif /* OS_UNIX */
-
-/*
- * The OpenSSL style c_rehash stuff
- *
- * Different versions of openssl build these hashes differently
- * so output both of them. Shouldn't cause confusion, because
- * multiple certificates can hash to the same link anyway,
- * and this is the reason for the trailing number after the dot.
- *
- * The trailing number is incremented p11_save_symlink_in() if it
- * conflicts with something we've already written out.
- *
- * On Windows no symlinks.
- */
-bool
-p11_openssl_symlink (p11_enumerate *ex,
- p11_save_dir *dir,
- const char *filename)
-{
- bool ret = true;
-#ifdef OS_UNIX
- char *linkname;
-
- linkname = symlink_for_subject_hash (ex);
- if (linkname) {
- ret = p11_save_symlink_in (dir, linkname, ".0", filename);
- free (linkname);
- }
-
- if (ret) {
- linkname = symlink_for_subject_old_hash (ex);
- if (linkname) {
- ret = p11_save_symlink_in (dir, linkname, ".0", filename);
- free (linkname);
- }
- }
-#endif /* OS_UNIX */
- return ret;
-}
-
-bool
-p11_extract_openssl_directory (p11_enumerate *ex,
- const char *destination)
-{
- char *filename;
- p11_save_file *file;
- p11_save_dir *dir;
- p11_buffer output;
- p11_buffer buf;
- bool ret = true;
- char *path;
- char *name;
- CK_RV rv;
-
- dir = p11_save_open_directory (destination, ex->flags);
- if (dir == NULL)
- return false;
-
- p11_buffer_init (&buf, 0);
- p11_buffer_init (&output, 0);
-
- while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
- if (!p11_buffer_reset (&buf, 1024))
- return_val_if_reached (false);
- if (!p11_buffer_reset (&output, 2048))
- return_val_if_reached (false);
-
- if (prepare_pem_contents (ex, &buf)) {
- if (!p11_pem_write (buf.data, buf.len, "TRUSTED CERTIFICATE", &output))
- return_val_if_reached (false);
-
- name = p11_enumerate_filename (ex);
- return_val_if_fail (name != NULL, false);
-
- filename = NULL;
- path = NULL;
- ret = false;
-
- file = p11_save_open_file_in (dir, name, ".pem");
- if (file != NULL) {
- ret = p11_save_write (file, output.data, output.len);
- if (!p11_save_finish_file (file, &path, ret))
- ret = false;
- if (ret)
- filename = p11_path_base (path);
- }
- ret = p11_openssl_symlink(ex, dir, filename);
-
- free (filename);
- free (path);
- free (name);
- }
-
- if (!ret)
- break;
- }
-
- p11_buffer_uninit (&buf);
- p11_buffer_uninit (&output);
-
- if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
- ret = false;
- }
-
- p11_save_finish_directory (dir, ret);
- return ret;
-}
diff --git a/trust/extract-pem.c b/trust/extract-pem.c
deleted file mode 100644
index a32d032..0000000
--- a/trust/extract-pem.c
+++ /dev/null
@@ -1,178 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_TOOL
-
-#include "compat.h"
-#include "debug.h"
-#include "extract.h"
-#include "message.h"
-#include "path.h"
-#include "pem.h"
-#include "save.h"
-
-#include <stdlib.h>
-
-bool
-p11_extract_pem_bundle (p11_enumerate *ex,
- const char *destination)
-{
- char *comment;
- p11_buffer buf;
- p11_save_file *file;
- bool ret = true;
- bool first = true;
- CK_RV rv;
-
- file = p11_save_open_file (destination, NULL, ex->flags);
- if (!file)
- return false;
-
- p11_buffer_init (&buf, 0);
- while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
- if (!p11_buffer_reset (&buf, 2048))
- return_val_if_reached (false);
-
- if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
- return_val_if_reached (false);
-
- comment = p11_enumerate_comment (ex, first);
- first = false;
-
- ret = p11_save_write (file, comment, -1) &&
- p11_save_write (file, buf.data, buf.len);
-
- free (comment);
-
- if (!ret)
- break;
- }
-
- p11_buffer_uninit (&buf);
-
- if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
- ret = false;
- }
-
- /*
- * This will produce an empty file (which is a valid PEM bundle) if no
- * certificates were found.
- */
-
- if (!p11_save_finish_file (file, NULL, ret))
- ret = false;
-
- return ret;
-}
-
-static bool
-extract_pem_directory (p11_enumerate *ex,
- const char *destination,
- bool hash)
-{
- p11_save_file *file;
- p11_save_dir *dir;
- p11_buffer buf;
- bool ret = true;
- char *filename;
- char *path;
- char *name;
- CK_RV rv;
-
- dir = p11_save_open_directory (destination, ex->flags);
- if (dir == NULL)
- return false;
-
- p11_buffer_init (&buf, 0);
- while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
- if (!p11_buffer_reset (&buf, 2048))
- return_val_if_reached (false);
-
- if (!p11_pem_write (ex->cert_der, ex->cert_len, "CERTIFICATE", &buf))
- return_val_if_reached (false);
-
- name = p11_enumerate_filename (ex);
- return_val_if_fail (name != NULL, false);
-
- path = NULL;
-
- file = p11_save_open_file_in (dir, name, ".pem");
- ret = p11_save_write (file, buf.data, buf.len);
-
- if (!p11_save_finish_file (file, &path, ret))
- ret = false;
-
- if (ret && hash) {
- filename = p11_path_base (path);
- ret = p11_openssl_symlink(ex, dir, filename);
- free (filename);
- }
-
- free (path);
- free (name);
- if (!ret)
- break;
- }
-
- p11_buffer_uninit (&buf);
-
- if (rv != CKR_OK && rv != CKR_CANCEL) {
- p11_message ("failed to find certificates: %s", p11_kit_strerror (rv));
- ret = false;
- }
-
- p11_save_finish_directory (dir, ret);
- return ret;
-}
-
-bool
-p11_extract_pem_directory (p11_enumerate *ex,
- const char *destination)
-{
- bool ret = true;
- ret = extract_pem_directory (ex, destination, false);
- return ret;
-}
-
-bool
-p11_extract_pem_directory_hash (p11_enumerate *ex,
- const char *destination)
-{
- bool ret = true;
- ret = extract_pem_directory (ex, destination, true);
- return ret;
-}
diff --git a/trust/extract.c b/trust/extract.c
deleted file mode 100644
index 80b5e72..0000000
--- a/trust/extract.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "extract.h"
-#include "message.h"
-#include "oid.h"
-#include "path.h"
-#include "pkcs11x.h"
-#include "save.h"
-#include "tool.h"
-#include "digest.h"
-
-#include "p11-kit/iter.h"
-#include "p11-kit/pkcs11.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <errno.h>
-#include <getopt.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-static bool
-format_argument (const char *optarg,
- p11_extract_func *func)
-{
- int i;
-
- /*
- * Certain formats do not support expressive trust information.
- * So the caller should limit the supported purposes when asking
- * for trust information.
- */
-
- static const struct {
- const char *format;
- p11_extract_func func;
- } formats[] = {
- { "x509-file", p11_extract_x509_file, },
- { "x509-directory", p11_extract_x509_directory, },
- { "pem-bundle", p11_extract_pem_bundle, },
- { "pem-directory", p11_extract_pem_directory },
- { "pem-directory-hash", p11_extract_pem_directory_hash },
- { "java-cacerts", p11_extract_jks_cacerts },
- { "openssl-bundle", p11_extract_openssl_bundle },
- { "openssl-directory", p11_extract_openssl_directory },
- { NULL },
- };
-
- if (*func != NULL) {
- p11_message ("a format was already specified");
- return false;
- }
-
- for (i = 0; formats[i].format != NULL; i++) {
- if (strcmp (optarg, formats[i].format) == 0) {
- *func = formats[i].func;
- break;
- }
- }
-
- if (*func == NULL) {
- p11_message ("unsupported or unrecognized format: %s", optarg);
- return false;
- }
-
- return true;
-}
-
-static bool
-validate_filter_and_format (p11_enumerate *ex,
- p11_extract_func func)
-{
- int i;
-
- /*
- * These are the extract functions that contain purpose information.
- * If we're being asked to export anchors, and the extract function does
- * not support, and the caller has not specified a purpose, then add a
- * default purpose to limit to.
- */
-
- static p11_extract_func supports_trust_policy[] = {
- p11_extract_openssl_bundle,
- p11_extract_openssl_directory,
- NULL
- };
-
- for (i = 0; supports_trust_policy[i] != NULL; i++) {
- if (func == supports_trust_policy[i])
- return true;
- }
-
- if ((ex->flags & P11_ENUMERATE_ANCHORS) &&
- (ex->flags & P11_ENUMERATE_BLACKLIST)) {
- /*
- * If we're extracting *both* anchors and blacklist, then we must have
- * a format that can represent the different types of information.
- */
-
- p11_message ("format does not support trust policy");
- return false;
-
- } else if (ex->flags & P11_ENUMERATE_ANCHORS) {
-
- /*
- * If we're extracting anchors, then we must have either limited the
- * purposes, or have a format that can represent multiple purposes.
- */
-
- if (!ex->limit_to_purposes) {
- p11_message ("format does not support multiple purposes, defaulting to 'server-auth'");
- p11_enumerate_opt_purpose (ex, "server-auth");
- }
- }
-
- return true;
-}
-
-int
-p11_trust_extract (int argc,
- char **argv)
-{
- p11_extract_func format = NULL;
- p11_enumerate ex;
- int opt = 0;
- int ret;
-
- enum {
- opt_overwrite = 'f',
- opt_verbose = 'v',
- opt_quiet = 'q',
- opt_help = 'h',
- opt_filter = 1000,
- opt_purpose,
- opt_format,
- opt_comment,
- };
-
- struct option options[] = {
- { "filter", required_argument, NULL, opt_filter },
- { "format", required_argument, NULL, opt_format },
- { "purpose", required_argument, NULL, opt_purpose },
- { "overwrite", no_argument, NULL, opt_overwrite },
- { "comment", no_argument, NULL, opt_comment },
- { "verbose", no_argument, NULL, opt_verbose },
- { "quiet", no_argument, NULL, opt_quiet },
- { "help", no_argument, NULL, opt_help },
- { 0 },
- };
-
- p11_tool_desc usages[] = {
- { 0, "usage: trust extract --format=<output> <destination>" },
- { opt_filter,
- "filter of what to export\n"
- " ca-anchors certificate anchors (default)\n"
- " blacklist blacklisted certificates\n"
- " trust-policy anchors and blacklist\n"
- " certificates all certificates\n"
- " pkcs11:object=xx a PKCS#11 URI",
- "what",
- },
- { opt_format,
- "format to extract to\n"
- " x509-file DER X.509 certificate file\n"
- " x509-directory directory of X.509 certificates\n"
- " pem-bundle file containing multiple PEM blocks\n"
- " pem-directory directory of PEM files\n"
- " pem-directory-hash directory of PEM files with hash links\n"
- " openssl-bundle OpenSSL specific PEM bundle\n"
- " openssl-directory directory of OpenSSL specific files\n"
- " java-cacerts java keystore cacerts file",
- "type"
- },
- { opt_purpose,
- "limit to certificates usable for the purpose\n"
- " server-auth for authenticating servers\n"
- " client-auth for authenticating clients\n"
- " email for email protection\n"
- " code-signing for authenticating signed code\n"
- " 1.2.3.4.5... an arbitrary object id",
- "usage"
- },
- { opt_overwrite, "overwrite output file or directory" },
- { opt_comment, "add comments to bundles if possible" },
- { opt_verbose, "show verbose debug output", },
- { opt_quiet, "suppress command output", },
- { 0 },
- };
-
- p11_enumerate_init (&ex);
-
- while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
- switch (opt) {
- case opt_verbose:
- case opt_quiet:
- break;
-
- case opt_overwrite:
- ex.flags |= P11_SAVE_OVERWRITE;
- break;
- case opt_comment:
- ex.flags |= P11_EXTRACT_COMMENT;
- break;
- case opt_filter:
- if (!p11_enumerate_opt_filter (&ex, optarg))
- exit (2);
- break;
- case opt_purpose:
- if (!p11_enumerate_opt_purpose (&ex, optarg))
- exit (2);
- break;
- case opt_format:
- if (!format_argument (optarg, &format))
- exit (2);
- break;
- case 'h':
- p11_tool_usage (usages, options);
- exit (0);
- case '?':
- exit (2);
- default:
- assert_not_reached ();
- break;
- }
- }
-
- argc -= optind;
- argv += optind;
-
- if (argc != 1) {
- p11_message ("specify one destination file or directory");
- exit (2);
- }
-
- if (!format) {
- p11_message ("no output format specified");
- exit (2);
- }
-
- if (!validate_filter_and_format (&ex, format))
- exit (1);
-
- if (!p11_enumerate_ready (&ex, "ca-anchors"))
- exit (1);
-
- ret = (format) (&ex, argv[0]) ? 0 : 1;
-
- p11_enumerate_cleanup (&ex);
- return ret;
-}
-
-int
-p11_trust_extract_compat (int argc,
- char *argv[])
-{
- char *path = NULL;
- int error;
-
- argv[argc] = NULL;
-
- /*
- * For compatibility with people who deployed p11-kit 0.18.x
- * before trust stuff was put into its own branch.
- */
- path = p11_path_build (PRIVATEDIR, "p11-kit-extract-trust", NULL);
- return_val_if_fail (path != NULL, 1);
- execv (path, argv);
- error = errno;
-
- if (error == ENOENT) {
- free (path);
- path = p11_path_build (PRIVATEDIR, "trust-extract-compat", NULL);
- return_val_if_fail (path != NULL, 1);
- execv (path, argv);
- error = errno;
- }
-
- /* At this point we have no command */
- p11_message_err (error, "could not run %s command", path);
-
- free (path);
- return 2;
-}
diff --git a/trust/extract.h b/trust/extract.h
deleted file mode 100644
index 2664ba0..0000000
--- a/trust/extract.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#ifndef P11_EXTRACT_H_
-#define P11_EXTRACT_H_
-
-#include "enumerate.h"
-#include "pkcs11.h"
-#include "save.h"
-
-enum {
- /* These overlap with the flags in save.h, so start higher */
- P11_EXTRACT_COMMENT = 1 << 10,
-};
-
-typedef bool (* p11_extract_func) (p11_enumerate *ex,
- const char *destination);
-
-bool p11_extract_x509_file (p11_enumerate *ex,
- const char *destination);
-
-bool p11_extract_x509_directory (p11_enumerate *ex,
- const char *destination);
-
-bool p11_extract_pem_bundle (p11_enumerate *ex,
- const char *destination);
-
-bool p11_extract_pem_directory (p11_enumerate *ex,
- const char *destination);
-
-bool p11_extract_pem_directory_hash (p11_enumerate *ex,
- const char *destination);
-
-bool p11_extract_jks_cacerts (p11_enumerate *ex,
- const char *destination);
-
-bool p11_extract_openssl_bundle (p11_enumerate *ex,
- const char *destination);
-
-bool p11_extract_openssl_directory (p11_enumerate *ex,
- const char *destination);
-
-int p11_trust_extract (int argc,
- char **argv);
-
-int p11_trust_extract_compat (int argc,
- char *argv[]);
-
-/* from extract-openssl.c but also used in extract-pem.c */
-bool p11_openssl_symlink (p11_enumerate *ex,
- p11_save_dir *dir,
- const char *filename);
-#endif /* P11_EXTRACT_H_ */
diff --git a/trust/fixtures/cacert-ca.der b/trust/fixtures/cacert-ca.der
deleted file mode 100644
index 719b0ff..0000000
--- a/trust/fixtures/cacert-ca.der
+++ /dev/null
Binary files differ
diff --git a/trust/fixtures/cacert3-distrust-all.pem b/trust/fixtures/cacert3-distrust-all.pem
deleted file mode 100644
index ce5d887..0000000
--- a/trust/fixtures/cacert3-distrust-all.pem
+++ /dev/null
@@ -1,44 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijBSoFAGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG
-CCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHBggrBgEFBQcD
-CA==
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/cacert3-distrusted-all.pem b/trust/fixtures/cacert3-distrusted-all.pem
deleted file mode 100644
index 4a04a39..0000000
--- a/trust/fixtures/cacert3-distrusted-all.pem
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijBIoEYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMG
-CCsGAQUFBwMFBggrBgEFBQcDBgYIKwYBBQUHAwcGCCsGAQUFBwMI
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/cacert3-not-trusted.pem b/trust/fixtures/cacert3-not-trusted.pem
deleted file mode 100644
index eaa2e54..0000000
--- a/trust/fixtures/cacert3-not-trusted.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijACMAA=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/cacert3-trusted-alias.pem b/trust/fixtures/cacert3-trusted-alias.pem
deleted file mode 100644
index 44601ea..0000000
--- a/trust/fixtures/cacert3-trusted-alias.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAODAxDdXN0b20gTGFiZWw=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/cacert3-trusted-keyid.pem b/trust/fixtures/cacert3-trusted-keyid.pem
deleted file mode 100644
index e652733..0000000
--- a/trust/fixtures/cacert3-trusted-keyid.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAJBAcAAQIDBAUG
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/cacert3-trusted-server-alias.pem b/trust/fixtures/cacert3-trusted-server-alias.pem
deleted file mode 100644
index 55593ec..0000000
--- a/trust/fixtures/cacert3-trusted-server-alias.pem
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g
-TGFiZWw=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/cacert3-trusted.pem b/trust/fixtures/cacert3-trusted.pem
deleted file mode 100644
index 55593ec..0000000
--- a/trust/fixtures/cacert3-trusted.pem
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g
-TGFiZWw=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/cacert3-twice.pem b/trust/fixtures/cacert3-twice.pem
deleted file mode 100644
index c73202d..0000000
--- a/trust/fixtures/cacert3-twice.pem
+++ /dev/null
@@ -1,84 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ig==
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ig==
------END CERTIFICATE-----
diff --git a/trust/fixtures/cacert3.der b/trust/fixtures/cacert3.der
deleted file mode 100644
index 56f8c88..0000000
--- a/trust/fixtures/cacert3.der
+++ /dev/null
Binary files differ
diff --git a/trust/fixtures/cacert3.pem b/trust/fixtures/cacert3.pem
deleted file mode 100644
index 087ca0e..0000000
--- a/trust/fixtures/cacert3.pem
+++ /dev/null
@@ -1,42 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ig==
------END CERTIFICATE-----
diff --git a/trust/fixtures/distrusted.pem b/trust/fixtures/distrusted.pem
deleted file mode 100644
index 8de6ff0..0000000
--- a/trust/fixtures/distrusted.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
-dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
-HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
-dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN
-QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n
-i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L
-WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0
-6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg
-MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV
-BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT
-MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p
-bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p
-mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41
-voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH
-AwIMEVJlZCBIYXQgSXMgdGhlIENB
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/empty-file b/trust/fixtures/empty-file
deleted file mode 100644
index e69de29..0000000
--- a/trust/fixtures/empty-file
+++ /dev/null
diff --git a/trust/fixtures/multiple.pem b/trust/fixtures/multiple.pem
deleted file mode 100644
index d3e1775..0000000
--- a/trust/fixtures/multiple.pem
+++ /dev/null
@@ -1,58 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIHWTCCBUGgAwIBAgIDCkGKMA0GCSqGSIb3DQEBCwUAMHkxEDAOBgNVBAoTB1Jv
-b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
-Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
-dEBjYWNlcnQub3JnMB4XDTExMDUyMzE3NDgwMloXDTIxMDUyMDE3NDgwMlowVDEU
-MBIGA1UEChMLQ0FjZXJ0IEluYy4xHjAcBgNVBAsTFWh0dHA6Ly93d3cuQ0FjZXJ0
-Lm9yZzEcMBoGA1UEAxMTQ0FjZXJ0IENsYXNzIDMgUm9vdDCCAiIwDQYJKoZIhvcN
-AQEBBQADggIPADCCAgoCggIBAKtJNRFIfNImflOUz0Op3SjXQiqL84d4GVh8D57a
-iX3h++tykA10oZZkq5+gJJlz2uJVdscXe/UErEa4w75/ZI0QbCTzYZzA8pD6Ueb1
-aQFjww9W4kpCz+JEjCUoqMV5CX1GuYrz6fM0KQhF5Byfy5QEHIGoFLOYZcRD7E6C
-jQnRvapbjZLQ7N6QxX8KwuPr5jFaXnQ+lzNZ6MMDPWAzv/fRb0fEze5ig1JuLgia
-pNkVGJGmhZJHsK5I6223IeyFGmhyNav/8BBdwPSUp2rVO5J+TJAFfpPBLIukjmJ0
-FXFuC3ED6q8VOJrU0gVyb4z5K+taciX5OUbjchs+BMNkJyIQKopPWKcDrb60LhPt
-XapI19V91Cp7XPpGBFDkzA5CW4zt2/LP/JaT4NsRNlRiNDiPDGCbO5dWOK3z0luL
-oFvqTpa4fNfVoIZwQNORKbeiPK31jLvPGpKK5DR7wNhsX+kKwsOnIJpa3yxdUly6
-R9Wb7yQocDggL9V/KcCyQQNokszgnMyXS0XvOhAKq3A6mJVwrTWx6oUrpByAITGp
-rmB6gCZIALgBwJNjVSKRPFbnr9s6JfOPMVTqJouBWfmh0VMRxXudA/Z0EeBtsSw/
-LIaRmXGapneLNGDRFLQsrJ2vjBDTn8Rq+G8T/HNZ92ZCdB6K4/jc0m+YnMtHmJVA
-BfvpAgMBAAGjggINMIICCTAdBgNVHQ4EFgQUdahxYEyIE/B42Yl3tW3Fid+8sXow
-gaMGA1UdIwSBmzCBmIAUFrUyG9TH8+DmjvO90rA67rI5GNGhfaR7MHkxEDAOBgNV
-BAoTB1Jvb3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAG
-A1UEAxMZQ0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYS
-c3VwcG9ydEBjYWNlcnQub3JnggEAMA8GA1UdEwEB/wQFMAMBAf8wXQYIKwYBBQUH
-AQEEUTBPMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5DQWNlcnQub3JnLzAoBggr
-BgEFBQcwAoYcaHR0cDovL3d3dy5DQWNlcnQub3JnL2NhLmNydDBKBgNVHSAEQzBB
-MD8GCCsGAQQBgZBKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuQ0FjZXJ0Lm9y
-Zy9pbmRleC5waHA/aWQ9MTAwNAYJYIZIAYb4QgEIBCcWJWh0dHA6Ly93d3cuQ0Fj
-ZXJ0Lm9yZy9pbmRleC5waHA/aWQ9MTAwUAYJYIZIAYb4QgENBEMWQVRvIGdldCB5
-b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSwgZ28gdG8gaHR0cDovL3d3dy5D
-QWNlcnQub3JnMA0GCSqGSIb3DQEBCwUAA4ICAQApKIWuRKm5r6R5E/CooyuXYPNc
-7uMvwfbiZqARrjY3OnYVBFPqQvX56sAV2KaC2eRhrnILKVyQQ+hBsuF32wITRHhH
-Va9Y/MyY9kW50SD42CEH/m2qc9SzxgfpCYXMO/K2viwcJdVxjDm1Luq+GIG6sJO4
-D+Pm1yaMMVpyA4RS5qb1MyJFCsgLDYq4Nm+QCaGrvdfVTi5xotSu+qdUK+s1jVq3
-VIgv7nSf7UgWyg1I0JTTrKSi9iTfkuO960NAkW4cGI5WtIIS86mTn9S8nK2cde5a
-lxuV53QtHA+wLJef+6kzOXrnAzqSjiL2jA3k2X4Ndhj3AfnvlpaiVXPAPHG0HRpW
-Q7fDCo1y/OIQCQtBzoyUoPkD/XFzS4pXM+WOdH4VAQDmzEoc53+VGS3FpQyLu7Xt
-hbNc09+4ufLKxw0BFKxwWMWMjTPUnWajGlCVI/xI4AZDEtnNp4Y5LzZyo4AQ5OHz
-0ctbGsDkgJp8E3MGT9ujayQKurMcvEp4u+XjdTilSKeiHq921F73OIZWWonO1sOn
-ebJSoMbxhbQljPI/lrMQ2Y1sVzufb4Y6GIIiNsiwkTjbKqGTqoQ/9SdlrnPVyNXT
-d+pLncdBu8fA46A/5H2kjXPmEkvfoXNzczqA6NXLji/L6hOn1kGLrPo8idck9U60
-4GGSt/M3mMS+lqO3ijAmMAoGCCsGAQUFBwMBoAoGCCsGAQUFBwMEDAxDdXN0b20g
-TGFiZWw=
------END TRUSTED CERTIFICATE-----
------BEGIN TRUSTED CERTIFICATE-----
-MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
-zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
-TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW
-NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV
-Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
-MA4MDEN1c3RvbSBMYWJlbA==
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/openssl-trust-no-trust.pem b/trust/fixtures/openssl-trust-no-trust.pem
deleted file mode 100644
index 07e3917..0000000
--- a/trust/fixtures/openssl-trust-no-trust.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIEmTCCA4GgAwIBAgIQXSBhjowOuTRAk7mx2GOVtjANBgkqhkiG9w0BAQUFADBv
-MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
-ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
-eHRlcm5hbCBDQSBSb290MB4XDTE0MDgwNTAwMDAwMFoXDTE1MTEwMTIzNTk1OVow
-fzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSowKAYDVQQDEyFV
-U0VSVHJ1c3QgTGVnYWN5IFNlY3VyZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDZTSA65ikwhvLphol2NE5oH5ZE99H51oJOpjie7stb
-4Y4uvfJXgP3JP/yQc0S8j7tXW+UtHxQwdTb1f7zPVvR/gf+ukc3Y0mrLl/n3zZBq
-RS3Eu6SFE2hXX+8puirK6vXMpASbY80A6/3tjd0jxnseVx02fx8Img1h21pscQJT
-KML6jf2ru7PxjXRL3729zAaTYwmVwhB6nSWQMp0BwjlTsOAVa8fXdOWkIpvklP+E
-kfstsxlDLZMPnBIJ5Ge5J3oyrXoqzEFYwG5ZX+44KxcinIn6buflVzX0Wu2SlZMt
-+cwkP6UcPSe9IgNzzPXK86n03P7P6dBc0A+rh/yD/cipAgMBAAGjggEfMIIBGzAf
-BgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73gJMtUGjAdBgNVHQ4EFgQUr6RAr58W
-/qsx/fvVl4v1kaMkhhYwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8C
-AQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGA1UdIAQSMBAwDgYM
-KwYBBAGyMQECAQMEMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRy
-dXN0LmNvbS9BZGRUcnVzdEV4dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQp
-MCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
-hvcNAQEFBQADggEBAISuLWg4EWyDUWLAkcKYvMY7+qXFvTsJ5m5gbzADhiIasovz
-xs4euxt54BYUTdKaBUv/j+zwKCnqKgQdPa8REtVJmFBCn2FmOrZAmQQMaxAy6ffP
-hlhPLc3TrH7oW2qDfA2gnFxQNnUNbX5Ct9+m3JBcbyNOlx3zInW/AzXmXX/H+Zss
-h/aO1iWWWZ3P6hAe727qWpt3GDTMgXevmofCCuXlnhOVU729SRqldhL23PKRt+ka
-4bxNPZVxffiNfD4DT1Pt/lL9yl+T4RoBGwK3c066Zul4i1D+EcvRZ9AiT3fqzRQV
-QK5mXegufx6Ib1V51rl+47X9kaDA8iaHSy+d9aA=
------END TRUSTED CERTIFICATE-----
diff --git a/trust/fixtures/redhat-ca.der b/trust/fixtures/redhat-ca.der
deleted file mode 100644
index affae24..0000000
--- a/trust/fixtures/redhat-ca.der
+++ /dev/null
Binary files differ
diff --git a/trust/fixtures/self-signed-with-eku.der b/trust/fixtures/self-signed-with-eku.der
deleted file mode 100644
index 33e0760..0000000
--- a/trust/fixtures/self-signed-with-eku.der
+++ /dev/null
Binary files differ
diff --git a/trust/fixtures/self-signed-with-ku.der b/trust/fixtures/self-signed-with-ku.der
deleted file mode 100644
index 51bb227..0000000
--- a/trust/fixtures/self-signed-with-ku.der
+++ /dev/null
Binary files differ
diff --git a/trust/fixtures/simple-string b/trust/fixtures/simple-string
deleted file mode 100644
index be13474..0000000
--- a/trust/fixtures/simple-string
+++ /dev/null
@@ -1 +0,0 @@
-The simple string is hairy \ No newline at end of file
diff --git a/trust/fixtures/testing-server.der b/trust/fixtures/testing-server.der
deleted file mode 100644
index cf2de65..0000000
--- a/trust/fixtures/testing-server.der
+++ /dev/null
Binary files differ
diff --git a/trust/fixtures/thawte.pem b/trust/fixtures/thawte.pem
deleted file mode 100644
index 34af29e..0000000
--- a/trust/fixtures/thawte.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB
-rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
-Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
-MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV
-BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa
-Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl
-LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u
-MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl
-ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm
-gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8
-YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf
-b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9
-9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S
-zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk
-OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV
-HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA
-2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW
-oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
-t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c
-KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM
-m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu
-MdRAGmI0Nj81Aa6sY6A=
------END CERTIFICATE-----
diff --git a/trust/fixtures/unrecognized-file.txt b/trust/fixtures/unrecognized-file.txt
deleted file mode 100644
index 4d5bac3..0000000
--- a/trust/fixtures/unrecognized-file.txt
+++ /dev/null
@@ -1 +0,0 @@
-# This file is not recognized by the parser \ No newline at end of file
diff --git a/trust/fixtures/verisign-v1.der b/trust/fixtures/verisign-v1.der
deleted file mode 100644
index bcd5ebb..0000000
--- a/trust/fixtures/verisign-v1.der
+++ /dev/null
Binary files differ
diff --git a/trust/fixtures/verisign-v1.pem b/trust/fixtures/verisign-v1.pem
deleted file mode 100644
index ace4da5..0000000
--- a/trust/fixtures/verisign-v1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
-zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
-TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW
-NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV
-Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
-MA4MDEN1c3RvbSBMYWJlbA==
------END TRUSTED CERTIFICATE-----
diff --git a/trust/frob-bc.c b/trust/frob-bc.c
deleted file mode 100644
index 41fbc58..0000000
--- a/trust/frob-bc.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
- do { if ((ret) != ASN1_SUCCESS) { \
- fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
- exit (1); \
- } } while (0)
-
-int
-main (int argc,
- char *argv[])
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- node_asn *definitions = NULL;
- node_asn *ext = NULL;
- char *buf;
- int len;
- int ret;
-
- ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "definitions: %s\n", message);
- return 1;
- }
-
- ret = asn1_create_element (definitions, "PKIX1.BasicConstraints", &ext);
- err_if_fail (ret, "BasicConstraints");
-
- if (argc > 1) {
- ret = asn1_write_value (ext, "cA", argv[1], 1);
- err_if_fail (ret, "cA");
- }
-
- ret = asn1_write_value (ext, "pathLenConstraint", NULL, 0);
- err_if_fail (ret, "pathLenConstraint");
-
- len = 0;
- ret = asn1_der_coding (ext, "", NULL, &len, message);
- assert (ret == ASN1_MEM_ERROR);
-
- buf = malloc (len);
- assert (buf != NULL);
- ret = asn1_der_coding (ext, "", buf, &len, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "asn1_der_coding: %s\n", message);
- free (buf);
- return 1;
- }
-
- fwrite (buf, 1, len, stdout);
- fflush (stdout);
-
- free (buf);
- asn1_delete_structure (&ext);
- asn1_delete_structure (&definitions);
-
- return 0;
-}
diff --git a/trust/frob-cert.c b/trust/frob-cert.c
deleted file mode 100644
index c1bc45c..0000000
--- a/trust/frob-cert.c
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include <assert.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
- do { if ((ret) != ASN1_SUCCESS) { \
- fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
- exit (1); \
- } } while (0)
-
-static ssize_t
-tlv_length (const unsigned char *data,
- size_t length)
-{
- unsigned char cls;
- int counter = 0;
- int cb, len;
- unsigned long tag;
-
- if (asn1_get_tag_der (data, length, &cls, &cb, &tag) == ASN1_SUCCESS) {
- counter += cb;
- len = asn1_get_length_der (data + cb, length - cb, &cb);
- counter += cb;
- if (len >= 0) {
- len += counter;
- if (length >= len)
- return len;
- }
- }
-
- return -1;
-}
-
-int
-main (int argc,
- char *argv[])
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- node_asn *definitions = NULL;
- node_asn *cert = NULL;
- p11_mmap *map;
- void *data;
- size_t size;
- int start, end;
- ssize_t len;
- int ret;
-
- if (argc != 4) {
- fprintf (stderr, "usage: frob-cert struct field filename\n");
- return 2;
- }
-
- ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "definitions: %s\n", message);
- return 1;
- }
-
- ret = asn1_create_element (definitions, argv[1], &cert);
- err_if_fail (ret, "Certificate");
-
- map = p11_mmap_open (argv[3], NULL, &data, &size);
- if (map == NULL) {
- fprintf (stderr, "couldn't open file: %s\n", argv[3]);
- return 1;
- }
-
- ret = asn1_der_decoding (&cert, data, size, message);
- err_if_fail (ret, message);
-
- ret = asn1_der_decoding_startEnd (cert, data, size, argv[2], &start, &end);
- err_if_fail (ret, "asn1_der_decoding_startEnd");
-
- len = tlv_length ((unsigned char *)data + start, size - start);
- assert (len >= 0);
-
- fprintf (stderr, "%lu %d %d %ld\n", (unsigned long)size, start, end, (long)len);
- fwrite ((unsigned char *)data + start, 1, len, stdout);
- fflush (stdout);
-
- p11_mmap_close (map);
-
- asn1_delete_structure (&cert);
- asn1_delete_structure (&definitions);
-
- return 0;
-}
diff --git a/trust/frob-eku.c b/trust/frob-eku.c
deleted file mode 100644
index f467b36..0000000
--- a/trust/frob-eku.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
- do { if ((ret) != ASN1_SUCCESS) { \
- fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
- exit (1); \
- } } while (0)
-
-int
-main (int argc,
- char *argv[])
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- node_asn *definitions = NULL;
- node_asn *ekus = NULL;
- char *buf;
- int len;
- int ret;
- int i;
-
- ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "definitions: %s\n", message);
- return 1;
- }
-
- ret = asn1_create_element (definitions, "PKIX1.ExtKeyUsageSyntax", &ekus);
- err_if_fail (ret, "ExtKeyUsageSyntax");
-
- for (i = 1; i < argc; i++) {
- ret = asn1_write_value (ekus, "", "NEW", 1);
- err_if_fail (ret, "NEW");
-
- ret = asn1_write_value (ekus, "?LAST", argv[i], strlen (argv[i]));
- err_if_fail (ret, "asn1_write_value");
- }
-
- len = 0;
- ret = asn1_der_coding (ekus, "", NULL, &len, message);
- assert (ret == ASN1_MEM_ERROR);
-
- buf = malloc (len);
- assert (buf != NULL);
- ret = asn1_der_coding (ekus, "", buf, &len, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "asn1_der_coding: %s\n", message);
- free (buf);
- return 1;
- }
-
- fwrite (buf, 1, len, stdout);
- fflush (stdout);
-
- free (buf);
- asn1_delete_structure (&ekus);
- asn1_delete_structure (&definitions);
-
- return 0;
-}
diff --git a/trust/frob-ext.c b/trust/frob-ext.c
deleted file mode 100644
index 2017205..0000000
--- a/trust/frob-ext.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
- do { if ((ret) != ASN1_SUCCESS) { \
- fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
- exit (1); \
- } } while (0)
-
-int
-main (int argc,
- char *argv[])
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- node_asn *definitions = NULL;
- node_asn *ext = NULL;
- unsigned char input[1024];
- char *buf;
- size_t size;
- int len;
- int ret;
-
- if (argc == 1 || argc > 3) {
- fprintf (stderr, "usage: frob-ext 1.2.3 TRUE\n");
- return 2;
- }
-
- size = fread (input, 1, sizeof (input), stdin);
- if (ferror (stdin) || !feof (stdin)) {
- fprintf (stderr, "bad input\n");
- return 1;
- }
-
- ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "definitions: %s\n", message);
- return 1;
- }
-
-
- ret = asn1_create_element (definitions, "PKIX1.Extension", &ext);
- err_if_fail (ret, "Extension");
-
- ret = asn1_write_value (ext, "extnID", argv[1], 1);
- err_if_fail (ret, "extnID");
-
- if (argc == 3) {
- ret = asn1_write_value (ext, "critical", argv[2], 1);
- err_if_fail (ret, "critical");
- }
-
- ret = asn1_write_value (ext, "extnValue", input, size);
- err_if_fail (ret, "extnValue");
-
- len = 0;
- ret = asn1_der_coding (ext, "", NULL, &len, message);
- assert (ret == ASN1_MEM_ERROR);
-
- buf = malloc (len);
- assert (buf != NULL);
- ret = asn1_der_coding (ext, "", buf, &len, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "asn1_der_coding: %s\n", message);
- free (buf);
- return 1;
- }
-
- fwrite (buf, 1, len, stdout);
- fflush (stdout);
-
- free (buf);
- asn1_delete_structure (&ext);
- asn1_delete_structure (&definitions);
-
- return 0;
-}
diff --git a/trust/frob-ku.c b/trust/frob-ku.c
deleted file mode 100644
index 99ac217..0000000
--- a/trust/frob-ku.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include "oid.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
- do { if ((ret) != ASN1_SUCCESS) { \
- fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
- exit (1); \
- } } while (0)
-
-int
-main (int argc,
- char *argv[])
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- node_asn *definitions = NULL;
- node_asn *ku = NULL;
- unsigned int usage = 0;
- char bits[2];
- char *buf;
- int len;
- int ret;
- int i;
-
- for (i = 1; i < argc; i++) {
- if (strcmp (argv[i], "digital-signature") == 0)
- usage |= P11_KU_DIGITAL_SIGNATURE;
- else if (strcmp (argv[i], "non-repudiation") == 0)
- usage |= P11_KU_NON_REPUDIATION;
- else if (strcmp (argv[i], "key-encipherment") == 0)
- usage |= P11_KU_KEY_ENCIPHERMENT;
- else if (strcmp (argv[i], "data-encipherment") == 0)
- usage |= P11_KU_DATA_ENCIPHERMENT;
- else if (strcmp (argv[i], "key-agreement") == 0)
- usage |= P11_KU_KEY_AGREEMENT;
- else if (strcmp (argv[i], "key-cert-sign") == 0)
- usage |= P11_KU_KEY_CERT_SIGN;
- else if (strcmp (argv[i], "crl-sign") == 0)
- usage |= P11_KU_CRL_SIGN;
- else {
- fprintf (stderr, "unsupported or unknown key usage: %s\n", argv[i]);
- return 2;
- }
- }
-
- ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "definitions: %s\n", message);
- return 1;
- }
-
- ret = asn1_create_element (definitions, "PKIX1.KeyUsage", &ku);
- err_if_fail (ret, "KeyUsage");
-
- bits[0] = usage & 0xff;
- bits[1] = (usage >> 8) & 0xff;
-
- ret = asn1_write_value (ku, "", bits, 9);
- err_if_fail (ret, "asn1_write_value");
-
- len = 0;
- ret = asn1_der_coding (ku, "", NULL, &len, message);
- assert (ret == ASN1_MEM_ERROR);
-
- buf = malloc (len);
- assert (buf != NULL);
- ret = asn1_der_coding (ku, "", buf, &len, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "asn1_der_coding: %s\n", message);
- free (buf);
- return 1;
- }
-
- fwrite (buf, 1, len, stdout);
- fflush (stdout);
- free (buf);
-
- asn1_delete_structure (&ku);
- asn1_delete_structure (&definitions);
-
- return 0;
-}
diff --git a/trust/frob-multi-init.c b/trust/frob-multi-init.c
deleted file mode 100644
index d966540..0000000
--- a/trust/frob-multi-init.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * gcc -Wall -o frob-multi-init $(pkg-config p11-kit-1 --cflags --libs) -ldl frob-multi-init.c
- */
-
-#include <assert.h>
-#include <dlfcn.h>
-#include <stdio.h>
-
-#include <p11-kit/p11-kit.h>
-
-#define TRUST_SO "/usr/lib64/pkcs11/p11-kit-trust.so"
-
-int
-main (void)
-{
- CK_C_INITIALIZE_ARGS args =
- { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, };
- CK_C_GetFunctionList C_GetFunctionList;
- CK_SESSION_HANDLE session;
- CK_FUNCTION_LIST *module;
- CK_SLOT_ID slots[8];
- CK_SESSION_INFO info;
- CK_ULONG count;
- CK_RV rv;
- void *dl;
-
- dl = dlopen (TRUST_SO, RTLD_LOCAL | RTLD_NOW);
- if (dl == NULL)
- fprintf (stderr, "%s\n", dlerror());
- assert (dl != NULL);
-
- C_GetFunctionList = dlsym (dl, "C_GetFunctionList");
- assert (C_GetFunctionList != NULL);
-
- rv = C_GetFunctionList (&module);
- assert (rv == CKR_OK);
- assert (module != NULL);
-
- rv = module->C_Initialize (&args);
- assert (rv == CKR_OK);
-
- count = 8;
- rv = module->C_GetSlotList (CK_TRUE, slots, &count);
- assert (rv == CKR_OK);
- assert (count > 1);
-
- rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
-
- rv = module->C_GetSessionInfo (session, &info);
- assert (rv == CKR_OK);
-
- rv = p11_kit_initialize_registered ();
- assert (rv == CKR_OK);
-
- rv = module->C_GetSessionInfo (session, &info);
- if (rv == CKR_OK) {
- printf ("no reinitialization bug\n");
- return 0;
-
- } else if (rv == CKR_SESSION_HANDLE_INVALID) {
- printf ("reinitialization bug present\n");
- return 1;
-
- } else {
- printf ("another error: %lu\n", rv);
- return 1;
- }
-}
diff --git a/trust/frob-nss-trust.c b/trust/frob-nss-trust.c
deleted file mode 100644
index fd69573..0000000
--- a/trust/frob-nss-trust.c
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#include "attrs.h"
-#include "debug.h"
-#include "pkcs11x.h"
-
-#include "p11-kit/iter.h"
-#include "p11-kit/p11-kit.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-static void
-dump_object (P11KitIter *iter,
- CK_ATTRIBUTE *attrs)
-{
- CK_ATTRIBUTE label = { CKA_LABEL, };
- CK_ATTRIBUTE *attr;
- char *string;
- char *name;
- CK_RV rv;
-
- attr = p11_attrs_find_valid (attrs, CKA_LABEL);
- if (!attr) {
- rv = p11_kit_iter_load_attributes (iter, &label, 1);
- if (rv == CKR_OK)
- attr = &label;
- }
-
- if (attr)
- name = strndup (attr->pValue, attr->ulValueLen);
- else
- name = strdup ("unknown");
-
- string = p11_attrs_to_string (attrs, -1);
- printf ("\"%s\" = %s\n", name, string);
- free (string);
-
- free (label.pValue);
- free (name);
-}
-
-static int
-dump_trust_module (const char *path)
-{
- CK_FUNCTION_LIST *module;
- CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
- CK_ATTRIBUTE match =
- { CKA_CLASS, &nss_trust, sizeof (nss_trust) };
- P11KitIter *iter;
- CK_ATTRIBUTE *attrs;
- CK_RV rv;
-
- CK_ATTRIBUTE template[] = {
- { CKA_CLASS,},
- { CKA_LABEL, },
- { CKA_CERT_MD5_HASH, },
- { CKA_CERT_SHA1_HASH },
- { CKA_ISSUER, },
- { CKA_SERIAL_NUMBER, },
- { CKA_TRUST_SERVER_AUTH, },
- { CKA_TRUST_EMAIL_PROTECTION, },
- { CKA_TRUST_CODE_SIGNING, },
- { CKA_TRUST_STEP_UP_APPROVED, },
- { CKA_INVALID, }
- };
-
- CK_ULONG count = p11_attrs_count (template);
-
- module = p11_kit_module_load (path, 0);
- return_val_if_fail (module != NULL, 1);
-
- rv = p11_kit_module_initialize (module);
- return_val_if_fail (rv == CKR_OK, 1);
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_add_filter (iter, &match, 1);
- p11_kit_iter_begin_with (iter, module, 0, 0);
-
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- attrs = p11_attrs_dup (template);
- rv = p11_kit_iter_load_attributes (iter, attrs, count);
- return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_VALUE_INVALID, 1);
- p11_attrs_purge (attrs);
- dump_object (iter, attrs);
- p11_attrs_free (attrs);
- }
-
- return_val_if_fail (rv == CKR_CANCEL, 1);
-
- p11_kit_module_finalize (module);
- p11_kit_module_release (module);
-
- return 0;
-}
-
-static int
-compare_trust_modules (const char *path1,
- const char *path2)
-{
- CK_FUNCTION_LIST *module1;
- CK_FUNCTION_LIST *module2;
- CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
- CK_ATTRIBUTE match =
- { CKA_CLASS, &nss_trust, sizeof (nss_trust) };
- P11KitIter *iter;
- P11KitIter *iter2;
- CK_ATTRIBUTE *check;
- CK_RV rv;
-
- CK_ATTRIBUTE template[] = {
- { CKA_CLASS, },
- { CKA_ISSUER, },
- { CKA_SERIAL_NUMBER, },
- { CKA_CERT_MD5_HASH, },
- { CKA_CERT_SHA1_HASH },
- { CKA_TRUST_SERVER_AUTH, },
- { CKA_TRUST_EMAIL_PROTECTION, },
- { CKA_TRUST_CODE_SIGNING, },
- { CKA_TRUST_STEP_UP_APPROVED, },
- { CKA_INVALID, }
- };
-
- module1 = p11_kit_module_load (path1, 0);
- return_val_if_fail (module1 != NULL, 1);
-
- rv = p11_kit_module_initialize (module1);
- return_val_if_fail (rv == CKR_OK, 1);
-
- module2 = p11_kit_module_load (path2, 0);
- return_val_if_fail (module2 != NULL, 1);
-
- rv = p11_kit_module_initialize (module2);
- return_val_if_fail (rv == CKR_OK, 1);
-
- iter = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_add_filter (iter, &match, 1);
- p11_kit_iter_begin_with (iter, module1, 0, 0);
-
- while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
- check = p11_attrs_dup (template);
-
- rv = p11_kit_iter_load_attributes (iter, check, p11_attrs_count (check));
- return_val_if_fail (rv == CKR_OK || rv == CKR_ATTRIBUTE_TYPE_INVALID, 1);
-
- /* Go through and remove anything not found */
- p11_attrs_purge (check);
-
- /* Check that this object exists */
- iter2 = p11_kit_iter_new (NULL, 0);
- p11_kit_iter_add_filter (iter2, check, p11_attrs_count (check));
- p11_kit_iter_begin_with (iter2, module2, 0, 0);
- rv = p11_kit_iter_next (iter2);
- p11_kit_iter_free (iter2);
-
- if (rv != CKR_OK)
- dump_object (iter, check);
-
- p11_attrs_free (check);
- }
-
- return_val_if_fail (rv == CKR_CANCEL, 1);
- p11_kit_module_finalize (module1);
- p11_kit_module_release (module1);
-
- p11_kit_module_finalize (module2);
- p11_kit_module_release (module2);
-
- return 0;
-}
-
-int
-main (int argc,
- char *argv[])
-{
- if (argc == 2) {
- return dump_trust_module (argv[1]);
- } else if (argc == 3) {
- return compare_trust_modules (argv[1], argv[2]);
- } else {
- fprintf (stderr, "usage: frob-nss-trust module\n");
- fprintf (stderr, " frob-nss-trust module1 module2\n");
- return 2;
- }
-}
diff --git a/trust/frob-oid.c b/trust/frob-oid.c
deleted file mode 100644
index 5a2499a..0000000
--- a/trust/frob-oid.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "pkix.asn.h"
-
-#define err_if_fail(ret, msg) \
- do { if ((ret) != ASN1_SUCCESS) { \
- fprintf (stderr, "%s: %s\n", msg, asn1_strerror (ret)); \
- exit (1); \
- } } while (0)
-int
-main (int argc,
- char *argv[])
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- node_asn *definitions = NULL;
- node_asn *oid = NULL;
- char *buf;
- int len;
- int ret;
-
- if (argc != 2) {
- fprintf (stderr, "usage: frob-oid 1.1.1\n");
- return 2;
- }
-
- ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "definitions: %s\n", message);
- return 1;
- }
-
- /* AttributeType is a OBJECT IDENTIFIER */
- ret = asn1_create_element (definitions, "PKIX1.AttributeType", &oid);
- err_if_fail (ret, "AttributeType");
-
- ret = asn1_write_value (oid, "", argv[1], strlen (argv[1]));
- err_if_fail (ret, "asn1_write_value");
-
- len = 0;
- ret = asn1_der_coding (oid, "", NULL, &len, message);
- assert (ret == ASN1_MEM_ERROR);
-
- buf = malloc (len);
- assert (buf != NULL);
- ret = asn1_der_coding (oid, "", buf, &len, message);
- if (ret != ASN1_SUCCESS) {
- fprintf (stderr, "asn1_der_coding: %s\n", message);
- free (buf);
- return 1;
- }
-
- fwrite (buf, 1, len, stdout);
- fflush (stdout);
- free (buf);
-
- asn1_delete_structure (&oid);
- asn1_delete_structure (&definitions);
-
- return 0;
-}
diff --git a/trust/frob-pow.c b/trust/frob-pow.c
deleted file mode 100644
index f029b2a..0000000
--- a/trust/frob-pow.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include <stdio.h>
-
-static unsigned int
-nearest_pow_2 (int num)
-{
- unsigned int n = num ? 1 : 0;
- while (n < num && n > 0)
- n <<= 1;
- return n;
-}
-
-int
-main (void)
-{
- int i;
-
- for (i = 0; i < 40; i++)
- printf ("nearest_pow_2 (%d) == %u\n", i, nearest_pow_2 (i));
-
- return 0;
-}
diff --git a/trust/frob-token.c b/trust/frob-token.c
deleted file mode 100644
index 5d57ec1..0000000
--- a/trust/frob-token.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "compat.h"
-
-#include <stdio.h>
-
-#include "token.h"
-
-int
-main (int argc,
- char *argv[])
-{
- p11_token *token;
- p11_index *index;
- int count;
-
- if (argc != 2) {
- fprintf (stderr, "usage: frob-token path\n");
- return 2;
- }
-
- token = p11_token_new (1, argv[1], "Label");
- count = p11_token_load (token);
-
- printf ("%d files loaded\n", count);
- index = p11_token_index (token);
- printf ("%d objects loaded\n", p11_index_size (index));
-
- p11_token_free (token);
- return 0;
-}
diff --git a/trust/index.c b/trust/index.c
deleted file mode 100644
index f4b6b4b..0000000
--- a/trust/index.c
+++ /dev/null
@@ -1,912 +0,0 @@
-/*
- * Copyright (C) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "compat.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_TRUST
-
-#include "attrs.h"
-#include "debug.h"
-#include "dict.h"
-#include "index.h"
-#include "module.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * The number of buckets we use for indexing, should end up as roughly
- * equal to the expected number of unique attribute values * 0.75,
- * prime if possible. Currently we don't expand the index, so this is
- * just a good guess for general usage.
- */
-#define NUM_BUCKETS 7919
-
-/*
- * The number of indexes to use when trying to find a matching object.
- */
-#define MAX_SELECT 3
-
-typedef struct {
- CK_OBJECT_HANDLE *elem;
- int num;
-} index_bucket;
-
-struct _p11_index {
- /* The list of objects by handle */
- p11_dict *objects;
-
- /* Used for indexing */
- index_bucket *buckets;
-
- /* Data passed to callbacks */
- void *data;
-
- /* Called to build an new/modified object */
- p11_index_build_cb build;
-
- /* Called after each object ready to be stored */
- p11_index_store_cb store;
-
- /* Called after an object has been removed */
- p11_index_remove_cb remove;
-
- /* Called after objects change */
- p11_index_notify_cb notify;
-
- /* Used for queueing changes, when in a batch */
- p11_dict *changes;
- bool notifying;
-};
-
-typedef struct {
- CK_OBJECT_HANDLE handle;
- CK_ATTRIBUTE *attrs;
-} index_object;
-
-static void
-free_object (void *data)
-{
- index_object *obj = data;
- p11_attrs_free (obj->attrs);
- free (obj);
-}
-
-static CK_RV
-default_build (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- CK_ATTRIBUTE **populate)
-{
- return CKR_OK;
-}
-
-static CK_RV
-default_store (void *data,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE **attrs)
-{
- return CKR_OK;
-}
-
-static void
-default_notify (void *data,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs)
-{
-
-}
-
-static CK_RV
-default_remove (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs)
-{
- return CKR_OK;
-}
-
-p11_index *
-p11_index_new (p11_index_build_cb build,
- p11_index_store_cb store,
- p11_index_remove_cb remove,
- p11_index_notify_cb notify,
- void *data)
-{
- p11_index *index;
-
- index = calloc (1, sizeof (p11_index));
- return_val_if_fail (index != NULL, NULL);
-
- if (build == NULL)
- build = default_build;
- if (store == NULL)
- store = default_store;
- if (notify == NULL)
- notify = default_notify;
- if (remove == NULL)
- remove = default_remove;
-
- index->build = build;
- index->store = store;
- index->notify = notify;
- index->remove = remove;
- index->data = data;
-
- index->objects = p11_dict_new (p11_dict_ulongptr_hash,
- p11_dict_ulongptr_equal,
- NULL, free_object);
- return_val_if_fail (index->objects != NULL, NULL);
-
- index->buckets = calloc (NUM_BUCKETS, sizeof (index_bucket));
- return_val_if_fail (index->buckets != NULL, NULL);
-
- return index;
-}
-
-void
-p11_index_free (p11_index *index)
-{
- int i;
-
- return_if_fail (index != NULL);
-
- p11_dict_free (index->objects);
- p11_dict_free (index->changes);
- for (i = 0; i < NUM_BUCKETS; i++)
- free (index->buckets[i].elem);
- free (index->buckets);
- free (index);
-}
-
-int
-p11_index_size (p11_index *index)
-{
- return_val_if_fail (index != NULL, -1);
- return p11_dict_size (index->objects);
-}
-
-static bool
-is_indexable (p11_index *index,
- CK_ATTRIBUTE_TYPE type)
-{
- switch (type) {
- case CKA_CLASS:
- case CKA_VALUE:
- case CKA_OBJECT_ID:
- case CKA_ID:
- case CKA_X_ORIGIN:
- return true;
- }
-
- return false;
-}
-
-static unsigned int
-alloc_size (int num)
-{
- unsigned int n = num ? 1 : 0;
- while (n < num && n > 0)
- n <<= 1;
- return n;
-}
-
-static int
-binary_search (CK_OBJECT_HANDLE *elem,
- int low,
- int high,
- CK_OBJECT_HANDLE handle)
-{
- int mid;
-
- if (low == high)
- return low;
-
- mid = low + ((high - low) / 2);
- if (handle > elem[mid])
- return binary_search (elem, mid + 1, high, handle);
- else if (handle < elem[mid])
- return binary_search (elem, low, mid, handle);
-
- return mid;
-}
-
-
-static void
-bucket_insert (index_bucket *bucket,
- CK_OBJECT_HANDLE handle)
-{
- unsigned int alloc;
- int at = 0;
-
- if (bucket->elem) {
- at = binary_search (bucket->elem, 0, bucket->num, handle);
- if (at < bucket->num && bucket->elem[at] == handle)
- return;
- }
-
- alloc = alloc_size (bucket->num);
- if (bucket->num + 1 > alloc) {
- alloc = alloc ? alloc * 2 : 1;
- return_if_fail (alloc != 0);
- bucket->elem = realloc (bucket->elem, alloc * sizeof (CK_OBJECT_HANDLE));
- }
-
- return_if_fail (bucket->elem != NULL);
- memmove (bucket->elem + at + 1, bucket->elem + at,
- (bucket->num - at) * sizeof (CK_OBJECT_HANDLE));
- bucket->elem[at] = handle;
- bucket->num++;
-}
-
-static bool
-bucket_push (index_bucket *bucket,
- CK_OBJECT_HANDLE handle)
-{
- unsigned int alloc;
-
- alloc = alloc_size (bucket->num);
- if (bucket->num + 1 > alloc) {
- alloc = alloc ? alloc * 2 : 1;
- return_val_if_fail (alloc != 0, false);
- bucket->elem = realloc (bucket->elem, alloc * sizeof (CK_OBJECT_HANDLE));
- }
-
- return_val_if_fail (bucket->elem != NULL, false);
- bucket->elem[bucket->num++] = handle;
- return true;
-}
-
-static void
-index_hash (p11_index *index,
- index_object *obj)
-{
- unsigned int hash;
- int i;
-
- for (i = 0; !p11_attrs_terminator (obj->attrs + i); i++) {
- if (is_indexable (index, obj->attrs[i].type)) {
- hash = p11_attr_hash (obj->attrs + i);
- bucket_insert (index->buckets + (hash % NUM_BUCKETS), obj->handle);
- }
- }
-}
-
-static void
-merge_attrs (CK_ATTRIBUTE *output,
- CK_ULONG *noutput,
- CK_ATTRIBUTE *merge,
- CK_ULONG nmerge,
- p11_array *to_free)
-{
- CK_ULONG i;
-
- for (i = 0; i < nmerge; i++) {
- /* Already have this attribute? */
- if (p11_attrs_findn (output, *noutput, merge[i].type)) {
- p11_array_push (to_free, merge[i].pValue);
-
- } else {
- memcpy (output + *noutput, merge + i, sizeof (CK_ATTRIBUTE));
- (*noutput)++;
- }
- }
-
- /* Freeing the array itself */
- p11_array_push (to_free, merge);
-}
-
-static CK_RV
-index_build (p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE **attrs,
- CK_ATTRIBUTE *merge)
-{
- CK_ATTRIBUTE *extra = NULL;
- CK_ATTRIBUTE *built;
- p11_array *stack = NULL;
- CK_ULONG count;
- CK_ULONG nattrs;
- CK_ULONG nmerge;
- CK_ULONG nextra;
- CK_RV rv;
- int i;
-
- rv = index->build (index->data, index, *attrs, merge, &extra);
- if (rv != CKR_OK)
- return rv;
-
- /* Short circuit when nothing to merge */
- if (*attrs == NULL && extra == NULL) {
- built = merge;
- stack = NULL;
-
- } else {
- stack = p11_array_new (NULL);
- nattrs = p11_attrs_count (*attrs);
- nmerge = p11_attrs_count (merge);
- nextra = p11_attrs_count (extra);
-
- /* Make a shallow copy of the combined attributes for validation */
- built = calloc (nmerge + nattrs + nextra + 1, sizeof (CK_ATTRIBUTE));
- return_val_if_fail (built != NULL, CKR_GENERAL_ERROR);
-
- count = nmerge;
- memcpy (built, merge, sizeof (CK_ATTRIBUTE) * nmerge);
- p11_array_push (stack, merge);
- merge_attrs (built, &count, *attrs, nattrs, stack);
- merge_attrs (built, &count, extra, nextra, stack);
-
- /* The terminator attribute */
- built[count].type = CKA_INVALID;
- assert (p11_attrs_terminator (built + count));
- }
-
- rv = index->store (index->data, index, handle, &built);
-
- if (rv == CKR_OK) {
- for (i = 0; stack && i < stack->num; i++)
- free (stack->elem[i]);
- *attrs = built;
- } else {
- p11_attrs_free (extra);
- free (built);
- }
-
- p11_array_free (stack);
- return rv;
-}
-
-static void
-call_notify (p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs)
-{
- assert (index->notify);
-
- /* When attrs is NULL, means this is a modify */
- if (attrs == NULL) {
- attrs = p11_index_lookup (index, handle);
- if (attrs == NULL)
- return;
-
- /* Otherwise a remove operation, handle not valid anymore */
- } else {
- handle = 0;
- }
-
- index->notifying = true;
- index->notify (index->data, index, handle, attrs);
- index->notifying = false;
-}
-
-static void
-index_notify (p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *removed)
-{
- index_object *obj;
-
- if (!index->notify || index->notifying) {
- p11_attrs_free (removed);
-
- } else if (!index->changes) {
- call_notify (index, handle, removed);
- p11_attrs_free (removed);
-
- } else {
- obj = calloc (1, sizeof (index_object));
- return_if_fail (obj != NULL);
-
- obj->handle = handle;
- obj->attrs = removed;
- if (!p11_dict_set (index->changes, &obj->handle, obj))
- return_if_reached ();
- }
-}
-
-void
-p11_index_load (p11_index *index)
-{
- return_if_fail (index != NULL);
-
- if (index->changes)
- return;
-
- index->changes = p11_dict_new (p11_dict_ulongptr_hash,
- p11_dict_ulongptr_equal,
- NULL, free_object);
- return_if_fail (index->changes != NULL);
-}
-
-void
-p11_index_finish (p11_index *index)
-{
- p11_dict *changes;
- index_object *obj;
- p11_dictiter iter;
-
- return_if_fail (index != NULL);
-
- if (!index->changes)
- return;
-
- changes = index->changes;
- index->changes = NULL;
-
- p11_dict_iterate (changes, &iter);
- while (p11_dict_next (&iter, NULL, (void **)&obj)) {
- index_notify (index, obj->handle, obj->attrs);
- obj->attrs = NULL;
- }
-
- p11_dict_free (changes);
-}
-
-bool
-p11_index_loading (p11_index *index)
-{
- return_val_if_fail (index != NULL, false);
- return index->changes ? true : false;
-}
-
-CK_RV
-p11_index_take (p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_OBJECT_HANDLE *handle)
-{
- index_object *obj;
- CK_RV rv;
-
- return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (attrs != NULL, CKR_GENERAL_ERROR);
-
- obj = calloc (1, sizeof (index_object));
- return_val_if_fail (obj != NULL, CKR_HOST_MEMORY);
-
- obj->handle = p11_module_next_id ();
-
- rv = index_build (index, obj->handle, &obj->attrs, attrs);
- if (rv != CKR_OK) {
- p11_attrs_free (attrs);
- free (obj);
- return rv;
- }
-
- return_val_if_fail (obj->attrs != NULL, CKR_GENERAL_ERROR);
-
- if (!p11_dict_set (index->objects, &obj->handle, obj))
- return_val_if_reached (CKR_HOST_MEMORY);
-
- index_hash (index, obj);
-
- if (handle)
- *handle = obj->handle;
-
- index_notify (index, obj->handle, NULL);
- return CKR_OK;
-}
-
-CK_RV
-p11_index_add (p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ULONG count,
- CK_OBJECT_HANDLE *handle)
-{
- CK_ATTRIBUTE *copy;
-
- return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (attrs == NULL || count > 0, CKR_ARGUMENTS_BAD);
-
- copy = p11_attrs_buildn (NULL, attrs, count);
- return_val_if_fail (copy != NULL, CKR_HOST_MEMORY);
-
- return p11_index_take (index, copy, handle);
-}
-
-CK_RV
-p11_index_update (p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *update)
-{
- index_object *obj;
- CK_RV rv;
-
- return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
- return_val_if_fail (update != NULL, CKR_GENERAL_ERROR);
-
- obj = p11_dict_get (index->objects, &handle);
- if (obj == NULL) {
- p11_attrs_free (update);
- return CKR_OBJECT_HANDLE_INVALID;
- }
-
- rv = index_build (index, obj->handle, &obj->attrs, update);
- if (rv != CKR_OK) {
- p11_attrs_free (update);
- return rv;
- }
-
- index_hash (index, obj);
- index_notify (index, obj->handle, NULL);
-
- return CKR_OK;
-}
-
-CK_RV
-p11_index_set (p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs,
- CK_ULONG count)
-{
- CK_ATTRIBUTE *update;
- index_object *obj;
-
- return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
-
- obj = p11_dict_get (index->objects, &handle);
- if (obj == NULL)
- return CKR_OBJECT_HANDLE_INVALID;
-
- update = p11_attrs_buildn (NULL, attrs, count);
- return_val_if_fail (update != NULL, CKR_HOST_MEMORY);
-
- return p11_index_update (index, handle, update);
-}
-
-CK_RV
-p11_index_remove (p11_index *index,
- CK_OBJECT_HANDLE handle)
-{
- index_object *obj;
- CK_RV rv;
-
- return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
-
- if (!p11_dict_steal (index->objects, &handle, NULL, (void **)&obj))
- return CKR_OBJECT_HANDLE_INVALID;
-
- rv = (index->remove) (index->data, index, obj->attrs);
-
- /* If the writer failed the remove, then add it back */
- if (rv != CKR_OK) {
- if (!p11_dict_set (index->objects, &obj->handle, obj))
- return_val_if_reached (CKR_HOST_MEMORY);
- return rv;
- }
-
- /* This takes ownership of the attributes */
- index_notify (index, handle, obj->attrs);
- obj->attrs = NULL;
- free_object (obj);
-
- return CKR_OK;
-}
-
-static CK_RV
-index_replacev (p11_index *index,
- CK_OBJECT_HANDLE *handles,
- CK_ATTRIBUTE_TYPE key,
- CK_ATTRIBUTE **replace,
- CK_ULONG replacen)
-{
- index_object *obj;
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *attr;
- bool handled = false;
- CK_RV rv;
- int i, j;
-
- for (i = 0; handles && handles[i] != 0; i++) {
- obj = p11_dict_get (index->objects, handles + i);
- if (obj == NULL)
- continue;
-
- handled = false;
- attr = p11_attrs_find (obj->attrs, key);
-
- /* The match doesn't have the key, so remove it */
- if (attr != NULL) {
- for (j = 0; j < replacen; j++) {
- if (!replace[j])
- continue;
- if (p11_attrs_matchn (replace[j], attr, 1)) {
- attrs = NULL;
- rv = index_build (index, obj->handle, &attrs, replace[j]);
- if (rv != CKR_OK)
- return rv;
- p11_attrs_free (obj->attrs);
- obj->attrs = attrs;
- replace[j] = NULL;
- handled = true;
- index_hash (index, obj);
- index_notify (index, obj->handle, NULL);
- break;
- }
- }
- }
-
- if (!handled) {
- rv = p11_index_remove (index, handles[i]);
- if (rv != CKR_OK)
- return rv;
- }
- }
-
- for (j = 0; j < replacen; j++) {
- if (!replace[j])
- continue;
- attrs = replace[j];
- replace[j] = NULL;
- rv = p11_index_take (index, attrs, NULL);
- if (rv != CKR_OK)
- return rv;
- }
-
- return CKR_OK;
-}
-
-CK_RV
-p11_index_replace (p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *replace)
-{
- CK_OBJECT_HANDLE handles[] = { handle, 0 };
- return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
- return index_replacev (index, handles, CKA_INVALID,
- &replace, replace ? 1 : 0);
-}
-
-CK_RV
-p11_index_replace_all (p11_index *index,
- CK_ATTRIBUTE *match,
- CK_ATTRIBUTE_TYPE key,
- p11_array *replace)
-{
- CK_OBJECT_HANDLE *handles;
- CK_RV rv;
- int i;
-
- return_val_if_fail (index != NULL, CKR_GENERAL_ERROR);
-
- handles = p11_index_find_all (index, match, -1);
-
- rv = index_replacev (index, handles, key,
- replace ? (CK_ATTRIBUTE **)replace->elem : NULL,
- replace ? replace->num : 0);
-
- if (rv == CKR_OK) {
- if (replace)
- p11_array_clear (replace);
- } else {
- for (i = 0; replace && i < replace->num; i++) {
- if (!replace->elem[i]) {
- p11_array_remove (replace, i);
- i--;
- }
- }
- }
-
- free (handles);
- return rv;
-}
-
-CK_ATTRIBUTE *
-p11_index_lookup (p11_index *index,
- CK_OBJECT_HANDLE handle)
-{
- index_object *obj;
-
- return_val_if_fail (index != NULL, NULL);
-
- if (handle == CK_INVALID_HANDLE)
- return NULL;
-
- obj = p11_dict_get (index->objects, &handle);
- return obj ? obj->attrs : NULL;
-}
-
-typedef bool (* index_sink) (p11_index *index,
- index_object *obj,
- CK_ATTRIBUTE *match,
- CK_ULONG count,
- void *data);
-
-static void
-index_select (p11_index *index,
- CK_ATTRIBUTE *match,
- CK_ULONG count,
- index_sink sink,
- void *data)
-{
- index_bucket *selected[MAX_SELECT];
- CK_OBJECT_HANDLE handle;
- index_object *obj;
- unsigned int hash;
- p11_dictiter iter;
- CK_ULONG n;
- int num, at;
- int i, j;
-
- /* First look for any matching buckets */
- for (n = 0, num = 0; n < count && num < MAX_SELECT; n++) {
- if (is_indexable (index, match[n].type)) {
- hash = p11_attr_hash (match + n);
- selected[num] = index->buckets + (hash % NUM_BUCKETS);
-
- /* If any index is empty, then obviously no match */
- if (!selected[num]->num)
- return;
-
- num++;
- }
- }
-
- /* Fall back on selecting all the items, if no index */
- if (num == 0) {
- p11_dict_iterate (index->objects, &iter);
- while (p11_dict_next (&iter, NULL, (void *)&obj)) {
- if (!sink (index, obj, match, count, data))
- return;
- }
- return;
- }
-
- for (i = 0; i < selected[0]->num; i++) {
- /* A candidate match from first bucket */
- handle = selected[0]->elem[i];
-
- /* Check if the candidate is in other buckets */
- for (j = 1; j < num; j++) {
- assert (selected[j]->elem); /* checked above */
- at = binary_search (selected[j]->elem, 0, selected[j]->num, handle);
- if (at >= selected[j]->num || selected[j]->elem[at] != handle) {
- handle = 0;
- break;
- }
- }
-
- /* Matched all the buckets, now actually match attrs */
- if (handle != 0) {
- obj = p11_dict_get (index->objects, &handle);
- if (obj != NULL) {
- if (!sink (index, obj, match, count, data))
- return;
- }
- }
- }
-}
-
-static bool
-sink_one_match (p11_index *index,
- index_object *obj,
- CK_ATTRIBUTE *match,
- CK_ULONG count,
- void *data)
-{
- CK_OBJECT_HANDLE *result = data;
-
- if (p11_attrs_matchn (obj->attrs, match, count)) {
- *result = obj->handle;
- return false;
- }
-
- return true;
-}
-
-CK_OBJECT_HANDLE
-p11_index_find (p11_index *index,
- CK_ATTRIBUTE *match,
- int count)
-{
- CK_OBJECT_HANDLE handle = 0UL;
-
- return_val_if_fail (index != NULL, 0UL);
-
- if (count < 0)
- count = p11_attrs_count (match);
-
- index_select (index, match, count, sink_one_match, &handle);
- return handle;
-}
-
-static bool
-sink_if_match (p11_index *index,
- index_object *obj,
- CK_ATTRIBUTE *match,
- CK_ULONG count,
- void *data)
-{
- index_bucket *handles = data;
-
- if (p11_attrs_matchn (obj->attrs, match, count))
- bucket_push (handles, obj->handle);
- return true;
-}
-
-CK_OBJECT_HANDLE *
-p11_index_find_all (p11_index *index,
- CK_ATTRIBUTE *match,
- int count)
-{
- index_bucket handles = { NULL, 0 };
-
- return_val_if_fail (index != NULL, NULL);
-
- if (count < 0)
- count = p11_attrs_count (match);
-
- index_select (index, match, count, sink_if_match, &handles);
-
- /* Null terminate */
- bucket_push (&handles, 0UL);
- return handles.elem;
-}
-
-static bool
-sink_any (p11_index *index,
- index_object *obj,
- CK_ATTRIBUTE *match,
- CK_ULONG count,
- void *data)
-{
- index_bucket *handles = data;
- bucket_push (handles, obj->handle);
- return true;
-}
-
-CK_OBJECT_HANDLE *
-p11_index_snapshot (p11_index *index,
- p11_index *base,
- CK_ATTRIBUTE *attrs,
- CK_ULONG count)
-{
- index_bucket handles = { NULL, 0 };
-
- return_val_if_fail (index != NULL, NULL);
-
- if (count < (CK_ULONG)0UL)
- count = p11_attrs_count (attrs);
-
- index_select (index, attrs, count, sink_any, &handles);
- if (base)
- index_select (base, attrs, count, sink_any, &handles);
-
- /* Null terminate */
- bucket_push (&handles, 0UL);
- return handles.elem;
-}
diff --git a/trust/index.h b/trust/index.h
deleted file mode 100644
index 3ae24a1..0000000
--- a/trust/index.h
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (C) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_INDEX_H_
-#define P11_INDEX_H_
-
-#include "array.h"
-#include "compat.h"
-#include "pkcs11.h"
-#include "types.h"
-
-typedef struct _p11_index p11_index;
-
-typedef CK_RV (* p11_index_build_cb) (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- CK_ATTRIBUTE **populate);
-
-typedef CK_RV (* p11_index_store_cb) (void *data,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE **attrs);
-
-typedef CK_RV (* p11_index_remove_cb) (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs);
-
-typedef void (* p11_index_notify_cb) (void *data,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs);
-
-p11_index * p11_index_new (p11_index_build_cb build,
- p11_index_store_cb store,
- p11_index_remove_cb remove,
- p11_index_notify_cb notify,
- void *data);
-
-void p11_index_free (p11_index *index);
-
-int p11_index_size (p11_index *index);
-
-void p11_index_load (p11_index *index);
-
-void p11_index_finish (p11_index *index);
-
-bool p11_index_loading (p11_index *index);
-
-CK_RV p11_index_take (p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_OBJECT_HANDLE *handle);
-
-CK_RV p11_index_add (p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ULONG count,
- CK_OBJECT_HANDLE *handle);
-
-CK_RV p11_index_set (p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs,
- CK_ULONG count);
-
-CK_RV p11_index_update (p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs);
-
-CK_RV p11_index_replace (p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *replace);
-
-CK_RV p11_index_replace_all (p11_index *index,
- CK_ATTRIBUTE *match,
- CK_ATTRIBUTE_TYPE key,
- p11_array *replace);
-
-CK_RV p11_index_remove (p11_index *index,
- CK_OBJECT_HANDLE handle);
-
-CK_ATTRIBUTE * p11_index_lookup (p11_index *index,
- CK_OBJECT_HANDLE handle);
-
-CK_OBJECT_HANDLE p11_index_find (p11_index *index,
- CK_ATTRIBUTE *match,
- int count);
-
-CK_OBJECT_HANDLE * p11_index_find_all (p11_index *index,
- CK_ATTRIBUTE *match,
- int count);
-
-CK_OBJECT_HANDLE * p11_index_snapshot (p11_index *index,
- p11_index *base,
- CK_ATTRIBUTE *attrs,
- CK_ULONG count);
-
-#endif /* P11_INDEX_H_ */
diff --git a/trust/input/anchors/cacert3.der b/trust/input/anchors/cacert3.der
deleted file mode 100644
index 56f8c88..0000000
--- a/trust/input/anchors/cacert3.der
+++ /dev/null
Binary files differ
diff --git a/trust/input/anchors/testing-ca.der b/trust/input/anchors/testing-ca.der
deleted file mode 100644
index d3f70ea..0000000
--- a/trust/input/anchors/testing-ca.der
+++ /dev/null
Binary files differ
diff --git a/trust/input/blacklist/self-server.der b/trust/input/blacklist/self-server.der
deleted file mode 100644
index 68fe9af..0000000
--- a/trust/input/blacklist/self-server.der
+++ /dev/null
Binary files differ
diff --git a/trust/input/cacert-ca.der b/trust/input/cacert-ca.der
deleted file mode 100644
index 719b0ff..0000000
--- a/trust/input/cacert-ca.der
+++ /dev/null
Binary files differ
diff --git a/trust/input/distrusted.pem b/trust/input/distrusted.pem
deleted file mode 100644
index 8de6ff0..0000000
--- a/trust/input/distrusted.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN TRUSTED CERTIFICATE-----
-MIIDsDCCAxmgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBnTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
-dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
-HhcNMDkwOTE2MTg0NTI1WhcNMTkwOTE0MTg0NTI1WjCBnTELMAkGA1UEBhMCVVMx
-FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMRAwDgYDVQQHEwdSYWxlaWdoMRYwFAYD
-VQQKEw1SZWQgSGF0LCBJbmMuMQswCQYDVQQLEwJJUzEWMBQGA1UEAxMNUmVkIEhh
-dCBJUyBDQTEmMCQGCSqGSIb3DQEJARYXc3lzYWRtaW4tcmR1QHJlZGhhdC5jb20w
-gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN/HDWGiL8BarUWDIjNC6uxCXqYN
-QkwcmhILX+cl+YuDDArFL1pYVrith228gF3dSUU5X7kIOmPkkjNheRkbnas61X+n
-i3+KWvbX3q+h5VMxKX2cA1U+R3jLuXqYjF+N2gkPyPvxeoDuEncKAItw+mK/r+4L
-WBb5nFzek7hP3017AgMBAAGjgf0wgfowHQYDVR0OBBYEFA2sGXDtBKdeeKv+i6g0
-6yEmwVY1MIHKBgNVHSMEgcIwgb+AFA2sGXDtBKdeeKv+i6g06yEmwVY1oYGjpIGg
-MIGdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNV
-BAcTB1JhbGVpZ2gxFjAUBgNVBAoTDVJlZCBIYXQsIEluYy4xCzAJBgNVBAsTAklT
-MRYwFAYDVQQDEw1SZWQgSGF0IElTIENBMSYwJAYJKoZIhvcNAQkBFhdzeXNhZG1p
-bi1yZHVAcmVkaGF0LmNvbYIBATAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
-A4GBAFBgO5y3JcPXH/goumNBW7rr8m9EFZmQyK5gT1Ljv5qaCSZwxkAomhriv04p
-mb1y8yjrK5OY3WwgaRaAWRHp4/hn2HWaRvx3S+gwLM7p8V1pWnbSFJOXF3kbuC41
-voMIMqAFfHKidKN/yrjJg/1ahIjSt11lMUvRJ4TNT+pk5VnBMB+gCgYIKwYBBQUH
-AwIMEVJlZCBIYXQgSXMgdGhlIENB
------END TRUSTED CERTIFICATE-----
diff --git a/trust/input/verisign-v1.p11-kit b/trust/input/verisign-v1.p11-kit
deleted file mode 100644
index eaa080d..0000000
--- a/trust/input/verisign-v1.p11-kit
+++ /dev/null
@@ -1,17 +0,0 @@
-[p11-kit-object-v1]
-trusted: true
-
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
-zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
-TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
-CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW
-NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV
-Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb
------END CERTIFICATE-----
diff --git a/trust/list.c b/trust/list.c
deleted file mode 100644
index 12120e5..0000000
--- a/trust/list.c
+++ /dev/null
@@ -1,260 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#define P11_DEBUG_FLAG P11_DEBUG_TOOL
-
-#include "attrs.h"
-#include "constants.h"
-#include "debug.h"
-#include "enumerate.h"
-#include "list.h"
-#include "message.h"
-#include "pkcs11x.h"
-#include "tool.h"
-#include "url.h"
-
-#include "p11-kit/iter.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
-static char *
-format_uri (p11_enumerate *ex,
- int flags)
-{
- CK_ATTRIBUTE *attr;
- p11_kit_uri *uri;
- char *string;
-
- uri = p11_kit_uri_new ();
-
- memcpy (p11_kit_uri_get_token_info (uri),
- p11_kit_iter_get_token (ex->iter),
- sizeof (CK_TOKEN_INFO));
-
- attr = p11_attrs_find (ex->attrs, CKA_CLASS);
- if (attr != NULL)
- p11_kit_uri_set_attribute (uri, attr);
- attr = p11_attrs_find (ex->attrs, CKA_ID);
- if (attr != NULL)
- p11_kit_uri_set_attribute (uri, attr);
-
- if (p11_kit_uri_format (uri, flags, &string) != P11_KIT_URI_OK)
- string = NULL;
-
- p11_kit_uri_free (uri);
- return string;
-}
-
-static bool
-list_iterate (p11_enumerate *ex,
- bool details)
-{
- unsigned char *bytes;
- CK_OBJECT_HANDLE object;
- CK_ATTRIBUTE *attr;
- CK_ULONG klass;
- CK_ULONG category;
- CK_BBOOL val;
- p11_buffer buf;
- CK_RV rv;
- const char *nick;
- char *string;
- int flags;
-
- flags = P11_KIT_URI_FOR_OBJECT;
- if (details)
- flags |= P11_KIT_URI_FOR_OBJECT_ON_TOKEN;
-
- while ((rv = p11_kit_iter_next (ex->iter)) == CKR_OK) {
- if (p11_debugging) {
- object = p11_kit_iter_get_object (ex->iter);
- p11_debug ("handle: %lu", object);
-
- string = p11_attrs_to_string (ex->attrs, -1);
- p11_debug ("attrs: %s", string);
- free (string);
- }
-
- string = format_uri (ex, flags);
- if (string == NULL) {
- p11_message ("skipping object, couldn't build uri");
- continue;
- }
-
- printf ("%s\n", string);
- free (string);
-
- if (p11_attrs_find_ulong (ex->attrs, CKA_CLASS, &klass)) {
- nick = p11_constant_nick (p11_constant_classes, klass);
- if (nick != NULL)
- printf (" type: %s\n", nick);
- }
-
- attr = p11_attrs_find_valid (ex->attrs, CKA_LABEL);
- if (attr && attr->pValue && attr->ulValueLen) {
- string = strndup (attr->pValue, attr->ulValueLen);
- printf (" label: %s\n", string);
- free (string);
- }
-
- if (p11_attrs_find_bool (ex->attrs, CKA_X_DISTRUSTED, &val) && val)
- printf (" trust: blacklisted\n");
- else if (p11_attrs_find_bool (ex->attrs, CKA_TRUSTED, &val) && val)
- printf (" trust: anchor\n");
- else
- printf (" trust: unspecified\n");
-
- if (p11_attrs_find_ulong (ex->attrs, CKA_CERTIFICATE_CATEGORY, &category)) {
- nick = p11_constant_nick (p11_constant_categories, category);
- if (nick != NULL)
- printf (" category: %s\n", nick);
- }
-
- if (details) {
- attr = p11_attrs_find_valid (ex->attrs, CKA_PUBLIC_KEY_INFO);
- if (attr) {
- p11_buffer_init (&buf, 1024);
- bytes = attr->pValue;
- p11_url_encode (bytes, bytes + attr->ulValueLen, "", &buf);
- printf (" public-key-info: %.*s\n", (int)buf.len, (char *)buf.data);
- p11_buffer_uninit (&buf);
- }
- }
-
- printf ("\n");
- }
-
- return (rv == CKR_CANCEL);
-}
-
-int
-p11_trust_list (int argc,
- char **argv)
-{
- p11_enumerate ex;
- bool details = false;
- int opt = 0;
- int ret;
-
- enum {
- opt_verbose = 'v',
- opt_quiet = 'q',
- opt_help = 'h',
- opt_filter = 1000,
- opt_purpose,
- opt_details,
- };
-
- struct option options[] = {
- { "filter", required_argument, NULL, opt_filter },
- { "purpose", required_argument, NULL, opt_purpose },
- { "details", no_argument, NULL, opt_details },
- { "verbose", no_argument, NULL, opt_verbose },
- { "quiet", no_argument, NULL, opt_quiet },
- { "help", no_argument, NULL, opt_help },
- { 0 },
- };
-
- p11_tool_desc usages[] = {
- { 0, "usage: trust list --filter=<what>" },
- { opt_filter,
- "filter of what to export\n"
- " ca-anchors certificate anchors\n"
- " blacklist blacklisted certificates\n"
- " trust-policy anchors and blacklist (default)\n"
- " certificates all certificates\n"
- " pkcs11:object=xx a PKCS#11 URI",
- "what",
- },
- { opt_purpose,
- "limit to certificates usable for the purpose\n"
- " server-auth for authenticating servers\n"
- " client-auth for authenticating clients\n"
- " email for email protection\n"
- " code-signing for authenticating signed code\n"
- " 1.2.3.4.5... an arbitrary object id",
- "usage"
- },
- { opt_verbose, "show verbose debug output", },
- { opt_quiet, "suppress command output", },
- { 0 },
- };
-
- p11_enumerate_init (&ex);
-
- while ((opt = p11_tool_getopt (argc, argv, options)) != -1) {
- switch (opt) {
- case opt_verbose:
- case opt_quiet:
- break;
-
- case opt_filter:
- if (!p11_enumerate_opt_filter (&ex, optarg))
- exit (2);
- break;
- case opt_purpose:
- if (!p11_enumerate_opt_purpose (&ex, optarg))
- exit (2);
- break;
- case opt_details:
- details = true;
- break;
- case 'h':
- p11_tool_usage (usages, options);
- exit (0);
- case '?':
- exit (2);
- default:
- assert_not_reached ();
- break;
- }
- }
-
- if (argc - optind != 0) {
- p11_message ("extra arguments passed to command");
- exit (2);
- }
-
- if (!p11_enumerate_ready (&ex, "trust-policy"))
- exit (1);
-
- ret = list_iterate (&ex, details) ? 0 : 1;
-
- p11_enumerate_cleanup (&ex);
- return ret;
-}
diff --git a/trust/list.h b/trust/list.h
deleted file mode 100644
index ea3cd08..0000000
--- a/trust/list.h
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#ifndef P11_LIST_H_
-#define P11_LIST_H_
-
-int p11_trust_list (int argc,
- char **argv);
-
-#endif /* P11_LIST_H_ */
diff --git a/trust/module.c b/trust/module.c
deleted file mode 100644
index 7fce465..0000000
--- a/trust/module.c
+++ /dev/null
@@ -1,1837 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#define CRYPTOKI_EXPORTS
-
-#include "argv.h"
-#include "array.h"
-#include "attrs.h"
-#define P11_DEBUG_FLAG P11_DEBUG_TRUST
-#include "debug.h"
-#include "dict.h"
-#include "library.h"
-#include "message.h"
-#include "module.h"
-#include "parser.h"
-#include "path.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "session.h"
-#include "token.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define MANUFACTURER_ID "PKCS#11 Kit "
-#define LIBRARY_DESCRIPTION "PKCS#11 Kit Trust Module "
-#define TOKEN_MODEL "p11-kit-trust "
-#define TOKEN_SERIAL_NUMBER "1 "
-
-/* Initial slot id: non-zero and non-one */
-#define BASE_SLOT_ID 18UL
-
-static struct _Shared {
- int initialized;
- p11_dict *sessions;
- p11_array *tokens;
- char *paths;
-} gl = { 0, NULL, NULL, NULL };
-
-/* Used during FindObjects */
-typedef struct _FindObjects {
- CK_ATTRIBUTE *match;
- CK_OBJECT_HANDLE *snapshot;
- CK_ULONG iterator;
-} FindObjects;
-
-static CK_FUNCTION_LIST sys_function_list;
-
-static void
-find_objects_free (void *data)
-{
- FindObjects *find = data;
- p11_attrs_free (find->match);
- free (find->snapshot);
- free (find);
-}
-
-static CK_RV
-lookup_session (CK_SESSION_HANDLE handle,
- p11_session **session)
-{
- p11_session *sess;
-
- if (!gl.sessions)
- return CKR_CRYPTOKI_NOT_INITIALIZED;
-
- sess = p11_dict_get (gl.sessions, &handle);
- if (!sess)
- return CKR_SESSION_HANDLE_INVALID;
-
- if (sess && session)
- *session = sess;
- return CKR_OK;
-}
-
-static CK_ATTRIBUTE *
-lookup_object_inlock (p11_session *session,
- CK_OBJECT_HANDLE handle,
- p11_index **index)
-{
- CK_ATTRIBUTE *attrs;
-
- assert (session != NULL);
-
- attrs = p11_index_lookup (session->index, handle);
- if (attrs) {
- if (index)
- *index = session->index;
- return attrs;
- }
-
- attrs = p11_index_lookup (p11_token_index (session->token), handle);
- if (attrs) {
- if (index)
- *index = p11_token_index (session->token);
- return attrs;
- }
-
- return NULL;
-}
-
-static CK_RV
-check_index_writable (p11_session *session,
- p11_index *index)
-{
- if (index == p11_token_index (session->token)) {
- if (!p11_token_is_writable (session->token))
- return CKR_TOKEN_WRITE_PROTECTED;
- else if (!session->read_write)
- return CKR_SESSION_READ_ONLY;
- }
-
- return CKR_OK;
-}
-
-static CK_RV
-lookup_slot_inlock (CK_SLOT_ID id,
- p11_token **token)
-{
- /*
- * These are invalid inputs, that well behaved callers should
- * not produce, so have them fail precondations
- */
-
- return_val_if_fail (gl.tokens != NULL,
- CKR_CRYPTOKI_NOT_INITIALIZED);
-
- return_val_if_fail (id >= BASE_SLOT_ID && id - BASE_SLOT_ID < gl.tokens->num,
- CKR_SLOT_ID_INVALID);
-
- if (token)
- *token = gl.tokens->elem[id - BASE_SLOT_ID];
- return CKR_OK;
-}
-
-static bool
-check_slot (CK_SLOT_ID id)
-{
- bool ret;
-
- p11_lock ();
- ret = lookup_slot_inlock (id, NULL) == CKR_OK;
- p11_unlock ();
-
- return ret;
-}
-
-static bool
-create_tokens_inlock (p11_array *tokens,
- const char *paths)
-{
- /*
- * TRANSLATORS: These label strings are used in PKCS#11 URIs and
- * unfortunately cannot be marked translatable. If localization is
- * desired they should be translated in GUI applications. These
- * strings will not change arbitrarily.
- */
-
- struct {
- const char *prefix;
- const char *label;
- } labels[] = {
- { "~/", "User Trust" },
- { DATA_DIR, "Default Trust" },
- { SYSCONFDIR, "System Trust" },
- { NULL },
- };
-
- p11_token *token;
- p11_token *check;
- CK_SLOT_ID slot;
- const char *path;
- const char *label;
- char *alloc;
- char *remaining;
- char *base;
- char *pos;
- int i;
-
- p11_debug ("using paths: %s", paths);
-
- alloc = remaining = strdup (paths);
- return_val_if_fail (remaining != NULL, false);
-
- while (remaining) {
- path = remaining;
- pos = strchr (remaining, P11_PATH_SEP_C);
- if (pos == NULL) {
- remaining = NULL;
- } else {
- pos[0] = '\0';
- remaining = pos + 1;
- }
-
- if (path[0] != '\0') {
- /* The slot for the new token */
- slot = BASE_SLOT_ID + tokens->num;
-
- label = NULL;
- base = NULL;
-
- /* Claim the various labels based on prefix */
- for (i = 0; label == NULL && labels[i].prefix != NULL; i++) {
- if (strncmp (path, labels[i].prefix, strlen (labels[i].prefix)) == 0) {
- label = labels[i].label;
- labels[i].label = NULL;
- }
- }
-
- /* Didn't find a label above, then make one based on the path */
- if (!label) {
- label = base = p11_path_base (path);
- return_val_if_fail (base != NULL, false);
- }
-
- token = p11_token_new (slot, path, label);
- return_val_if_fail (token != NULL, false);
-
- if (!p11_array_push (tokens, token))
- return_val_if_reached (false);
-
- free (base);
- assert (lookup_slot_inlock (slot, &check) == CKR_OK && check == token);
- }
- }
-
- free (alloc);
- return true;
-}
-
-static void
-parse_argument (char *arg,
- void *unused)
-{
- char *value;
-
- value = arg + strcspn (arg, ":=");
- if (!*value)
- value = NULL;
- else
- *(value++) = 0;
-
- if (strcmp (arg, "paths") == 0) {
- free (gl.paths);
- gl.paths = value ? strdup (value) : NULL;
-
- } else {
- p11_message ("unrecognized module argument: %s", arg);
- }
-}
-
-static CK_RV
-sys_C_Finalize (CK_VOID_PTR reserved)
-{
- CK_RV rv = CKR_OK;
-
- p11_debug ("in");
-
- /* WARNING: This function must be reentrant */
-
- if (reserved) {
- rv = CKR_ARGUMENTS_BAD;
-
- } else {
- p11_lock ();
-
- if (gl.initialized == 0) {
- p11_debug ("trust module is not initialized");
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- } else if (gl.initialized == 1) {
- p11_debug ("doing finalization");
-
- free (gl.paths);
- gl.paths = NULL;
-
- p11_dict_free (gl.sessions);
- gl.sessions = NULL;
-
- p11_array_free (gl.tokens);
- gl.tokens = NULL;
-
- rv = CKR_OK;
- gl.initialized = 0;
-
- } else {
- gl.initialized--;
- p11_debug ("trust module still initialized %d times", gl.initialized);
- }
-
- p11_unlock ();
- }
-
- p11_debug ("out: 0x%lx", rv);
- return rv;
-}
-
-static CK_RV
-sys_C_Initialize (CK_VOID_PTR init_args)
-{
- static const CK_C_INITIALIZE_ARGS def_args =
- { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, };
- const CK_C_INITIALIZE_ARGS *args = NULL;
- int supplied_ok;
- CK_RV rv;
-
- p11_library_init_once ();
-
- /* WARNING: This function must be reentrant */
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = CKR_OK;
-
- args = init_args;
- if (args == NULL)
- args = &def_args;
-
- /* ALL supplied function pointers need to have the value either NULL or non-NULL. */
- supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL &&
- args->LockMutex == NULL && args->UnlockMutex == NULL) ||
- (args->CreateMutex != NULL && args->DestroyMutex != NULL &&
- args->LockMutex != NULL && args->UnlockMutex != NULL);
- if (!supplied_ok) {
- p11_message ("invalid set of mutex calls supplied");
- rv = CKR_ARGUMENTS_BAD;
- }
-
- /*
- * When the CKF_OS_LOCKING_OK flag isn't set return an error.
- * We must be able to use our pthread functionality.
- */
- if (!(args->flags & CKF_OS_LOCKING_OK)) {
- p11_message ("can't do without os locking");
- rv = CKR_CANT_LOCK;
- }
-
- if (rv == CKR_OK && gl.initialized != 0) {
- p11_debug ("trust module already initialized %d times",
- gl.initialized);
-
- /*
- * We support setting the socket path and other arguments from from the
- * pReserved pointer, similar to how NSS PKCS#11 components are initialized.
- */
- } else if (rv == CKR_OK) {
- p11_debug ("doing initialization");
-
- if (args->pReserved)
- p11_argv_parse ((const char*)args->pReserved, parse_argument, NULL);
-
- gl.sessions = p11_dict_new (p11_dict_ulongptr_hash,
- p11_dict_ulongptr_equal,
- NULL, p11_session_free);
-
- gl.tokens = p11_array_new ((p11_destroyer)p11_token_free);
- if (gl.tokens && !create_tokens_inlock (gl.tokens, gl.paths ? gl.paths : TRUST_PATHS))
- gl.tokens = NULL;
-
- if (gl.sessions == NULL || gl.tokens == NULL) {
- warn_if_reached ();
- rv = CKR_GENERAL_ERROR;
- }
- }
-
- gl.initialized++;
-
- p11_unlock ();
-
- if (rv != CKR_OK)
- sys_C_Finalize (NULL);
-
- p11_debug ("out: 0x%lx", rv);
- return rv;
-}
-
-static CK_RV
-sys_C_GetInfo (CK_INFO_PTR info)
-{
- CK_RV rv = CKR_OK;
-
- p11_library_init_once ();
-
- p11_debug ("in");
-
- return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
-
- p11_lock ();
-
- if (!gl.sessions)
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- p11_unlock ();
-
- if (rv == CKR_OK) {
- memset (info, 0, sizeof (*info));
- info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR;
- info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR;
- info->libraryVersion.major = PACKAGE_MAJOR;
- info->libraryVersion.minor = PACKAGE_MINOR;
- info->flags = 0;
- strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
- strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32);
- }
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
- /* Can be called before C_Initialize */
- return_val_if_fail (list != NULL, CKR_ARGUMENTS_BAD);
-
- *list = &sys_function_list;
- return CKR_OK;
-}
-
-static CK_RV
-sys_C_GetSlotList (CK_BBOOL token_present,
- CK_SLOT_ID_PTR slot_list,
- CK_ULONG_PTR count)
-{
- CK_RV rv = CKR_OK;
- int i;
-
- return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in");
-
- p11_lock ();
-
- if (!gl.sessions)
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- p11_unlock ();
-
- if (rv != CKR_OK) {
- /* already failed */
-
- } else if (!slot_list) {
- *count = gl.tokens->num;
- rv = CKR_OK;
-
- } else if (*count < gl.tokens->num) {
- *count = gl.tokens->num;
- rv = CKR_BUFFER_TOO_SMALL;
-
- } else {
- for (i = 0; i < gl.tokens->num; i++)
- slot_list[i] = BASE_SLOT_ID + i;
- *count = gl.tokens->num;
- rv = CKR_OK;
- }
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_GetSlotInfo (CK_SLOT_ID id,
- CK_SLOT_INFO_PTR info)
-{
- CK_RV rv = CKR_OK;
- p11_token *token;
- const char *path;
- size_t length;
-
- return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in");
- p11_lock ();
-
- rv = lookup_slot_inlock (id, &token);
- if (rv == CKR_OK) {
- memset (info, 0, sizeof (*info));
- info->firmwareVersion.major = 0;
- info->firmwareVersion.minor = 0;
- info->hardwareVersion.major = PACKAGE_MAJOR;
- info->hardwareVersion.minor = PACKAGE_MINOR;
- info->flags = CKF_TOKEN_PRESENT;
- strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
-
- /* If too long, copy the first 64 characters into buffer */
- path = p11_token_get_path (token);
- length = strlen (path);
- if (length > sizeof (info->slotDescription))
- length = sizeof (info->slotDescription);
- memset (info->slotDescription, ' ', sizeof (info->slotDescription));
- memcpy (info->slotDescription, path, length);
- }
-
- p11_unlock ();
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_GetTokenInfo (CK_SLOT_ID id,
- CK_TOKEN_INFO_PTR info)
-{
- CK_RV rv = CKR_OK;
- p11_token *token;
- const char *label;
- size_t length;
-
- return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_slot_inlock (id, &token);
- if (rv == CKR_OK) {
- memset (info, 0, sizeof (*info));
- info->firmwareVersion.major = 0;
- info->firmwareVersion.minor = 0;
- info->hardwareVersion.major = PACKAGE_MAJOR;
- info->hardwareVersion.minor = PACKAGE_MINOR;
- info->flags = CKF_TOKEN_INITIALIZED;
- strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
- strncpy ((char*)info->model, TOKEN_MODEL, 16);
- strncpy ((char*)info->serialNumber, TOKEN_SERIAL_NUMBER, 16);
- info->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
- info->ulSessionCount = CK_UNAVAILABLE_INFORMATION;
- info->ulMaxRwSessionCount = 0;
- info->ulRwSessionCount = CK_UNAVAILABLE_INFORMATION;
- info->ulMaxPinLen = 0;
- info->ulMinPinLen = 0;
- info->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION;
- info->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
- info->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
- info->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
-
- /* If too long, copy the first 32 characters into buffer */
- label = p11_token_get_label (token);
- length = strlen (label);
- if (length > sizeof (info->label))
- length = sizeof (info->label);
- memset (info->label, ' ', sizeof (info->label));
- memcpy (info->label, label, length);
-
- if (!p11_token_is_writable (token))
- info->flags |= CKF_WRITE_PROTECTED;
- }
-
- p11_unlock ();
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_GetMechanismList (CK_SLOT_ID id,
- CK_MECHANISM_TYPE_PTR mechanism_list,
- CK_ULONG_PTR count)
-{
- CK_RV rv = CKR_OK;
-
- return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in");
-
- *count = 0;
-
- p11_debug ("out: 0x%lx", rv);
- return rv;
-}
-
-static CK_RV
-sys_C_GetMechanismInfo (CK_SLOT_ID id,
- CK_MECHANISM_TYPE type,
- CK_MECHANISM_INFO_PTR info)
-{
- return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
- return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID);
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_InitToken (CK_SLOT_ID id,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len,
- CK_UTF8CHAR_PTR label)
-{
- p11_debug ("not supported");
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-static CK_RV
-sys_C_WaitForSlotEvent (CK_FLAGS flags,
- CK_SLOT_ID_PTR slot,
- CK_VOID_PTR reserved)
-{
- p11_debug ("not supported");
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-static CK_RV
-sys_C_OpenSession (CK_SLOT_ID id,
- CK_FLAGS flags,
- CK_VOID_PTR user_data,
- CK_NOTIFY callback,
- CK_SESSION_HANDLE_PTR handle)
-{
- p11_session *session;
- p11_token *token;
- CK_RV rv = CKR_OK;
-
- return_val_if_fail (check_slot (id), CKR_SLOT_ID_INVALID);
- return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_slot_inlock (id, &token);
- if (rv != CKR_OK) {
- /* fail below */;
-
- } else if (!(flags & CKF_SERIAL_SESSION)) {
- rv = CKR_SESSION_PARALLEL_NOT_SUPPORTED;
-
- } else if ((flags & CKF_RW_SESSION) &&
- !p11_token_is_writable (token)) {
- rv = CKR_TOKEN_WRITE_PROTECTED;
-
- } else {
- session = p11_session_new (token);
- if (p11_dict_set (gl.sessions, &session->handle, session)) {
- rv = CKR_OK;
- if (flags & CKF_RW_SESSION)
- session->read_write = true;
- *handle = session->handle;
- p11_debug ("session: %lu", *handle);
- } else {
- warn_if_reached ();
- rv = CKR_GENERAL_ERROR;
- }
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_CloseSession (CK_SESSION_HANDLE handle)
-{
- CK_RV rv = CKR_OK;
-
- p11_debug ("in");
-
- p11_lock ();
-
- if (!gl.sessions) {
- rv = CKR_CRYPTOKI_NOT_INITIALIZED;
-
- } else if (p11_dict_remove (gl.sessions, &handle)) {
- rv = CKR_OK;
-
- } else {
- rv = CKR_SESSION_HANDLE_INVALID;
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_CloseAllSessions (CK_SLOT_ID id)
-{
- CK_SESSION_HANDLE *handle;
- p11_session *session;
- p11_token *token;
- p11_dictiter iter;
- CK_RV rv;
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_slot_inlock (id, &token);
- if (rv == CKR_OK) {
- p11_dict_iterate (gl.sessions, &iter);
- while (p11_dict_next (&iter, (void **)&handle, (void **)&session)) {
- if (session->token == token)
- p11_dict_remove (gl.sessions, handle);
- }
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_GetFunctionStatus (CK_SESSION_HANDLE handle)
-{
- return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
-}
-
-static CK_RV
-sys_C_CancelFunction (CK_SESSION_HANDLE handle)
-{
- return CKR_SESSION_PARALLEL_NOT_SUPPORTED;
-}
-
-static CK_RV
-sys_C_GetSessionInfo (CK_SESSION_HANDLE handle,
- CK_SESSION_INFO_PTR info)
-{
- p11_session *session;
- CK_RV rv;
-
- return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_session (handle, &session);
- if (rv == CKR_OK) {
- info->flags = CKF_SERIAL_SESSION;
- info->state = CKS_RO_PUBLIC_SESSION;
- info->slotID = p11_token_get_slot (session->token);
- info->ulDeviceError = 0;
- }
-
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_InitPIN (CK_SESSION_HANDLE handle,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- p11_debug ("not supported");
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-static CK_RV
-sys_C_SetPIN (CK_SESSION_HANDLE handle,
- CK_UTF8CHAR_PTR old_pin,
- CK_ULONG old_pin_len,
- CK_UTF8CHAR_PTR new_pin,
- CK_ULONG new_pin_len)
-{
- p11_debug ("not supported");
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-static CK_RV
-sys_C_GetOperationState (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR operation_state,
- CK_ULONG_PTR operation_state_len)
-{
- p11_debug ("not supported");
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-static CK_RV
-sys_C_SetOperationState (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR operation_state,
- CK_ULONG operation_state_len,
- CK_OBJECT_HANDLE encryption_key,
- CK_OBJECT_HANDLE authentication_key)
-{
- p11_debug ("not supported");
- return CKR_FUNCTION_NOT_SUPPORTED;
-}
-
-static CK_RV
-sys_C_Login (CK_SESSION_HANDLE handle,
- CK_USER_TYPE user_type,
- CK_UTF8CHAR_PTR pin,
- CK_ULONG pin_len)
-{
- CK_RV rv;
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_session (handle, NULL);
- if (rv == CKR_OK)
- rv = CKR_USER_TYPE_INVALID;
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_Logout (CK_SESSION_HANDLE handle)
-{
- CK_RV rv;
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_session (handle, NULL);
- if (rv == CKR_OK)
- rv = CKR_USER_NOT_LOGGED_IN;
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_CreateObject (CK_SESSION_HANDLE handle,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- p11_session *session;
- p11_index *index;
- CK_BBOOL val;
- CK_RV rv;
-
- return_val_if_fail (new_object != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_session (handle, &session);
- if (rv == CKR_OK) {
- if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val) && val)
- index = p11_token_index (session->token);
- else
- index = session->index;
- rv = check_index_writable (session, index);
- }
-
- if (rv == CKR_OK)
- rv = p11_index_add (index, template, count, new_object);
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_CopyObject (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR new_object)
-{
- CK_BBOOL vfalse = CK_FALSE;
- CK_ATTRIBUTE token = { CKA_TOKEN, &vfalse, sizeof (vfalse) };
- p11_session *session;
- CK_ATTRIBUTE *original;
- CK_ATTRIBUTE *attrs;
- p11_index *index;
- CK_BBOOL val;
- CK_RV rv;
-
- return_val_if_fail (new_object != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_session (handle, &session);
- if (rv == CKR_OK) {
- original = lookup_object_inlock (session, object, &index);
- if (original == NULL)
- rv = CKR_OBJECT_HANDLE_INVALID;
- }
-
- if (rv == CKR_OK) {
- if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &val))
- index = val ? p11_token_index (session->token) : session->index;
- rv = check_index_writable (session, index);
- }
-
- if (rv == CKR_OK) {
- attrs = p11_attrs_dup (original);
- attrs = p11_attrs_buildn (attrs, template, count);
- attrs = p11_attrs_build (attrs, &token, NULL);
- rv = p11_index_take (index, attrs, new_object);
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_DestroyObject (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object)
-{
- p11_session *session;
- CK_ATTRIBUTE *attrs;
- p11_index *index;
- CK_BBOOL val;
- CK_RV rv;
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_session (handle, &session);
- if (rv == CKR_OK) {
- attrs = lookup_object_inlock (session, object, &index);
- if (attrs == NULL)
- rv = CKR_OBJECT_HANDLE_INVALID;
- else
- rv = check_index_writable (session, index);
-
- if (rv == CKR_OK && p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) {
- /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */
- rv = CKR_ATTRIBUTE_READ_ONLY;
- }
-
- if (rv == CKR_OK)
- rv = p11_index_remove (index, object);
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_GetObjectSize (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ULONG_PTR size)
-{
- p11_session *session;
- CK_RV rv;
-
- return_val_if_fail (size != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_session (handle, &session);
- if (rv == CKR_OK) {
- if (lookup_object_inlock (session, object, NULL)) {
- *size = CK_UNAVAILABLE_INFORMATION;
- rv = CKR_OK;
- } else {
- rv = CKR_OBJECT_HANDLE_INVALID;
- }
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_GetAttributeValue (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *result;
- CK_ATTRIBUTE *attr;
- p11_session *session;
- char *string;
- CK_ULONG i;
- CK_RV rv;
-
- p11_debug ("in: %lu, %lu", handle, object);
-
- p11_lock ();
-
- rv = lookup_session (handle, &session);
- if (rv == CKR_OK) {
- attrs = lookup_object_inlock (session, object, NULL);
- if (attrs == NULL)
- rv = CKR_OBJECT_HANDLE_INVALID;
- }
-
- if (rv == CKR_OK) {
- for (i = 0; i < count; i++) {
- result = template + i;
- attr = p11_attrs_find (attrs, result->type);
- if (!attr) {
- result->ulValueLen = (CK_ULONG)-1;
- rv = CKR_ATTRIBUTE_TYPE_INVALID;
- continue;
- }
-
- if (!result->pValue) {
- result->ulValueLen = attr->ulValueLen;
- continue;
- }
-
- if (result->ulValueLen >= attr->ulValueLen) {
- memcpy (result->pValue, attr->pValue, attr->ulValueLen);
- result->ulValueLen = attr->ulValueLen;
- continue;
- }
-
- result->ulValueLen = (CK_ULONG)-1;
- rv = CKR_BUFFER_TOO_SMALL;
- }
- }
-
- p11_unlock ();
-
- if (p11_debugging) {
- string = p11_attrs_to_string (template, count);
- p11_debug ("out: 0x%lx %s", rv, string);
- free (string);
- }
-
- return rv;
-}
-
-static CK_RV
-sys_C_SetAttributeValue (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE object,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- p11_session *session;
- CK_ATTRIBUTE *attrs;
- p11_index *index;
- CK_BBOOL val;
- CK_RV rv;
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_session (handle, &session);
- if (rv == CKR_OK) {
- attrs = lookup_object_inlock (session, object, &index);
- if (attrs == NULL) {
- rv = CKR_OBJECT_HANDLE_INVALID;
- } else if (p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) {
- /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */
- rv = CKR_ATTRIBUTE_READ_ONLY;
- }
-
- if (rv == CKR_OK)
- rv = check_index_writable (session, index);
-
- /* Reload the item if applicable */
- if (rv == CKR_OK && index == p11_token_index (session->token)) {
- if (p11_token_reload (session->token, attrs)) {
- attrs = p11_index_lookup (index, object);
- if (p11_attrs_find_bool (attrs, CKA_MODIFIABLE, &val) && !val) {
- /* TODO: This should be replaced with CKR_ACTION_PROHIBITED */
- rv = CKR_ATTRIBUTE_READ_ONLY;
- }
- }
- }
-
- if (rv == CKR_OK)
- rv = p11_index_set (index, object, template, count);
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_FindObjectsInit (CK_SESSION_HANDLE handle,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count)
-{
- p11_index *indices[2] = { NULL, NULL };
- CK_BBOOL want_token_objects;
- CK_BBOOL want_session_objects;
- CK_BBOOL token;
- FindObjects *find;
- p11_session *session;
- char *string;
- CK_RV rv;
- int n = 0;
-
- if (p11_debugging) {
- string = p11_attrs_to_string (template, count);
- p11_debug ("in: %lu, %s", handle, string);
- free (string);
- }
-
- p11_lock ();
-
- /* Are we searching for token objects? */
- if (p11_attrs_findn_bool (template, count, CKA_TOKEN, &token)) {
- want_token_objects = token;
- want_session_objects = !token;
- } else {
- want_token_objects = CK_TRUE;
- want_session_objects = CK_TRUE;
- }
-
- rv = lookup_session (handle, &session);
-
- /* Refresh from disk if this session hasn't yet */
- if (rv == CKR_OK) {
- if (want_session_objects)
- indices[n++] = session->index;
- if (want_token_objects) {
- if (!session->loaded)
- p11_token_load (session->token);
- session->loaded = CK_TRUE;
- indices[n++] = p11_token_index (session->token);
- }
-
- find = calloc (1, sizeof (FindObjects));
- warn_if_fail (find != NULL);
-
- /* Make a snapshot of what we're matching */
- if (find) {
- find->match = p11_attrs_buildn (NULL, template, count);
- warn_if_fail (find->match != NULL);
-
- /* Build a session snapshot of all objects */
- find->iterator = 0;
- find->snapshot = p11_index_snapshot (indices[0], indices[1], template, count);
- warn_if_fail (find->snapshot != NULL);
- }
-
- if (!find || !find->snapshot || !find->match)
- rv = CKR_HOST_MEMORY;
- else
- p11_session_set_operation (session, find_objects_free, find);
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static bool
-match_for_broken_nss_serial_number_lookups (CK_ATTRIBUTE *attr,
- CK_ATTRIBUTE *match)
-{
- unsigned char der[32];
- unsigned char *val_val;
- size_t der_len;
- size_t val_len;
- int len_len;
-
- if (!match->pValue || !match->ulValueLen ||
- match->ulValueLen == CKA_INVALID ||
- attr->ulValueLen == CKA_INVALID)
- return false;
-
- der_len = sizeof (der);
- der[0] = ASN1_TAG_INTEGER | ASN1_CLASS_UNIVERSAL;
- len_len = der_len - 1;
- asn1_length_der (match->ulValueLen, der + 1, &len_len);
- assert (len_len < (der_len - 1));
- der_len = 1 + len_len;
-
- val_val = attr->pValue;
- val_len = attr->ulValueLen;
-
- if (der_len + match->ulValueLen != val_len)
- return false;
-
- if (memcmp (der, val_val, der_len) != 0 ||
- memcmp (match->pValue, val_val + der_len, match->ulValueLen) != 0)
- return false;
-
- p11_debug ("worked around serial number lookup that's not DER encoded");
- return true;
-}
-
-static bool
-find_objects_match (CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *match)
-{
- CK_OBJECT_CLASS klass;
- CK_ATTRIBUTE *attr;
-
- for (; !p11_attrs_terminator (match); match++) {
- attr = p11_attrs_find ((CK_ATTRIBUTE *)attrs, match->type);
- if (!attr)
- return false;
- if (p11_attr_equal (attr, match))
- continue;
-
- /*
- * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are
- * not DER encoded. It shouldn't be doing this. We never return any certificate
- * serial numbers that are not DER encoded.
- *
- * So work around the issue here while the NSS guys fix this issue.
- * This code should be removed in future versions.
- */
-
- if (attr->type == CKA_SERIAL_NUMBER &&
- p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) &&
- klass == CKO_NSS_TRUST) {
- if (match_for_broken_nss_serial_number_lookups (attr, match))
- continue;
- }
-
- return false;
- }
-
- return true;
-}
-
-static CK_RV
-sys_C_FindObjects (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE_PTR objects,
- CK_ULONG max_count,
- CK_ULONG_PTR count)
-{
- CK_OBJECT_HANDLE object;
- CK_ATTRIBUTE *attrs;
- FindObjects *find = NULL;
- p11_session *session;
- CK_ULONG matched;
- p11_index *index;
- CK_RV rv;
-
- return_val_if_fail (count != NULL, CKR_ARGUMENTS_BAD);
-
- p11_debug ("in: %lu, %lu", handle, max_count);
-
- p11_lock ();
-
- rv = lookup_session (handle, &session);
- if (rv == CKR_OK) {
- if (session->cleanup != find_objects_free)
- rv = CKR_OPERATION_NOT_INITIALIZED;
- find = session->operation;
- }
-
- if (rv == CKR_OK) {
- matched = 0;
- while (matched < max_count) {
- object = find->snapshot[find->iterator];
- if (!object)
- break;
-
- find->iterator++;
-
- attrs = lookup_object_inlock (session, object, &index);
- if (attrs == NULL)
- continue;
-
- if (find_objects_match (attrs, find->match)) {
- objects[matched] = object;
- matched++;
- }
- }
-
- *count = matched;
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx, %lu", handle, *count);
-
- return rv;
-}
-
-static CK_RV
-sys_C_FindObjectsFinal (CK_SESSION_HANDLE handle)
-{
- p11_session *session;
- CK_RV rv;
-
- p11_debug ("in");
-
- p11_lock ();
-
- rv = lookup_session (handle, &session);
- if (rv == CKR_OK) {
- if (session->cleanup != find_objects_free)
- rv = CKR_OPERATION_NOT_INITIALIZED;
- else
- p11_session_set_operation (session, NULL, NULL);
- }
-
- p11_unlock ();
-
- p11_debug ("out: 0x%lx", rv);
-
- return rv;
-}
-
-static CK_RV
-sys_C_EncryptInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_Encrypt (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR encrypted_data,
- CK_ULONG_PTR encrypted_data_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_EncryptUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR encrypted_part,
- CK_ULONG_PTR encrypted_part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_EncryptFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DecryptInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_Decrypt (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_data,
- CK_ULONG enc_data_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DecryptUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DecryptFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR last_part,
- CK_ULONG_PTR last_part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DigestInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_Digest (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DigestUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DigestKey (CK_SESSION_HANDLE handle,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DigestFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR digest,
- CK_ULONG_PTR digest_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_SignInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_Sign (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_SignUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_SignFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_SignRecoverInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_SignRecover (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG_PTR signature_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_VerifyInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_Verify (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR data,
- CK_ULONG data_len,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_VerifyUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_VerifyFinal (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_VerifyRecoverInit (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_VerifyRecover (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR signature,
- CK_ULONG signature_len,
- CK_BYTE_PTR data,
- CK_ULONG_PTR data_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_SignEncryptUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR part,
- CK_ULONG part_len,
- CK_BYTE_PTR enc_part,
- CK_ULONG_PTR enc_part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR enc_part,
- CK_ULONG enc_part_len,
- CK_BYTE_PTR part,
- CK_ULONG_PTR part_len)
-{
- return_val_if_reached (CKR_OPERATION_NOT_INITIALIZED);
-}
-
-static CK_RV
-sys_C_GenerateKey (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_GenerateKeyPair (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_ATTRIBUTE_PTR pub_template,
- CK_ULONG pub_count,
- CK_ATTRIBUTE_PTR priv_template,
- CK_ULONG priv_count,
- CK_OBJECT_HANDLE_PTR pub_key,
- CK_OBJECT_HANDLE_PTR priv_key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_WrapKey (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE wrapping_key,
- CK_OBJECT_HANDLE key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG_PTR wrapped_key_len)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_UnwrapKey (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE unwrapping_key,
- CK_BYTE_PTR wrapped_key,
- CK_ULONG wrapped_key_len,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_DeriveKey (CK_SESSION_HANDLE handle,
- CK_MECHANISM_PTR mechanism,
- CK_OBJECT_HANDLE base_key,
- CK_ATTRIBUTE_PTR template,
- CK_ULONG count,
- CK_OBJECT_HANDLE_PTR key)
-{
- return_val_if_reached (CKR_MECHANISM_INVALID);
-}
-
-static CK_RV
-sys_C_SeedRandom (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR seed,
- CK_ULONG seed_len)
-{
- return_val_if_reached (CKR_RANDOM_NO_RNG);
-}
-
-static CK_RV
-sys_C_GenerateRandom (CK_SESSION_HANDLE handle,
- CK_BYTE_PTR random_data,
- CK_ULONG random_len)
-{
- return_val_if_reached (CKR_RANDOM_NO_RNG);
-}
-
-/* --------------------------------------------------------------------
- * MODULE ENTRY POINT
- */
-
-static CK_FUNCTION_LIST sys_function_list = {
- { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */
- sys_C_Initialize,
- sys_C_Finalize,
- sys_C_GetInfo,
- sys_C_GetFunctionList,
- sys_C_GetSlotList,
- sys_C_GetSlotInfo,
- sys_C_GetTokenInfo,
- sys_C_GetMechanismList,
- sys_C_GetMechanismInfo,
- sys_C_InitToken,
- sys_C_InitPIN,
- sys_C_SetPIN,
- sys_C_OpenSession,
- sys_C_CloseSession,
- sys_C_CloseAllSessions,
- sys_C_GetSessionInfo,
- sys_C_GetOperationState,
- sys_C_SetOperationState,
- sys_C_Login,
- sys_C_Logout,
- sys_C_CreateObject,
- sys_C_CopyObject,
- sys_C_DestroyObject,
- sys_C_GetObjectSize,
- sys_C_GetAttributeValue,
- sys_C_SetAttributeValue,
- sys_C_FindObjectsInit,
- sys_C_FindObjects,
- sys_C_FindObjectsFinal,
- sys_C_EncryptInit,
- sys_C_Encrypt,
- sys_C_EncryptUpdate,
- sys_C_EncryptFinal,
- sys_C_DecryptInit,
- sys_C_Decrypt,
- sys_C_DecryptUpdate,
- sys_C_DecryptFinal,
- sys_C_DigestInit,
- sys_C_Digest,
- sys_C_DigestUpdate,
- sys_C_DigestKey,
- sys_C_DigestFinal,
- sys_C_SignInit,
- sys_C_Sign,
- sys_C_SignUpdate,
- sys_C_SignFinal,
- sys_C_SignRecoverInit,
- sys_C_SignRecover,
- sys_C_VerifyInit,
- sys_C_Verify,
- sys_C_VerifyUpdate,
- sys_C_VerifyFinal,
- sys_C_VerifyRecoverInit,
- sys_C_VerifyRecover,
- sys_C_DigestEncryptUpdate,
- sys_C_DecryptDigestUpdate,
- sys_C_SignEncryptUpdate,
- sys_C_DecryptVerifyUpdate,
- sys_C_GenerateKey,
- sys_C_GenerateKeyPair,
- sys_C_WrapKey,
- sys_C_UnwrapKey,
- sys_C_DeriveKey,
- sys_C_SeedRandom,
- sys_C_GenerateRandom,
- sys_C_GetFunctionStatus,
- sys_C_CancelFunction,
- sys_C_WaitForSlotEvent
-};
-
-#ifdef OS_WIN32
-__declspec(dllexport)
-#endif
-
-CK_RV
-C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
- p11_library_init_once ();
- return sys_C_GetFunctionList (list);
-}
-
-CK_ULONG
-p11_module_next_id (void)
-{
- static CK_ULONG unique = 0x10;
- return (unique)++;
-}
-
-#ifdef OS_UNIX
-
-void p11_trust_module_init (void);
-
-void p11_trust_module_fini (void);
-
-#ifdef __GNUC__
-__attribute__((constructor))
-#endif
-void
-p11_trust_module_init (void)
-{
- p11_library_init_once ();
-}
-
-#ifdef __GNUC__
-__attribute__((destructor))
-#endif
-void
-p11_trust_module_fini (void)
-{
- p11_library_uninit ();
-}
-
-#endif /* OS_UNIX */
-
-#ifdef OS_WIN32
-
-BOOL WINAPI DllMain (HINSTANCE, DWORD, LPVOID);
-
-BOOL WINAPI
-DllMain (HINSTANCE instance,
- DWORD reason,
- LPVOID reserved)
-{
- switch (reason) {
- case DLL_PROCESS_ATTACH:
- p11_library_init ();
- break;
- case DLL_THREAD_DETACH:
- p11_library_thread_cleanup ();
- break;
- case DLL_PROCESS_DETACH:
- p11_library_uninit ();
- break;
- default:
- break;
- }
-
- return TRUE;
-}
-
-#endif /* OS_WIN32 */
diff --git a/trust/module.h b/trust/module.h
deleted file mode 100644
index 13b928a..0000000
--- a/trust/module.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "pkcs11.h"
-
-#ifndef P11_MODULE_H_
-#define P11_MODULE_H_
-
-CK_ULONG p11_module_next_id (void);
-
-#endif /* P11_MODULE_H_ */
diff --git a/trust/oid.c b/trust/oid.c
deleted file mode 100644
index dff4148..0000000
--- a/trust/oid.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "hash.h"
-#include "oid.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <string.h>
-
-/*
- * We deal with OIDs a lot in their DER form. These have the
- * advantage of having the length encoded in their second byte,
- * at least for all the OIDs we're interested in.
- *
- * The goal here is to avoid carrying around extra length
- * information about DER encoded OIDs.
- */
-
-bool
-p11_oid_simple (const unsigned char *oid,
- int len)
-{
- return (oid != NULL &&
- len > 3 && /* minimum length */
- oid[0] == 0x06 && /* simple encoding */
- (oid[1] & 128) == 0 && /* short form length */
- (size_t)oid[1] == len - 2); /* matches length */
-}
-
-unsigned int
-p11_oid_hash (const void *oid)
-{
- uint32_t hash;
- int len;
-
- len = p11_oid_length (oid);
- p11_hash_murmur3 (&hash, oid, len, NULL);
- return hash;
-}
-
-bool
-p11_oid_equal (const void *oid_one,
- const void *oid_two)
-{
- int len_one;
- int len_two;
-
- len_one = p11_oid_length (oid_one);
- len_two = p11_oid_length (oid_two);
-
- return (len_one == len_two &&
- memcmp (oid_one, oid_two, len_one) == 0);
-}
-
-int
-p11_oid_length (const unsigned char *oid)
-{
- assert (oid[0] == 0x06);
- assert ((oid[1] & 128) == 0);
- return (int)oid[1] + 2;
-}
diff --git a/trust/oid.h b/trust/oid.h
deleted file mode 100644
index cf510fe..0000000
--- a/trust/oid.h
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_OIDS_H_
-#define P11_OIDS_H_
-
-#include "compat.h"
-
-bool p11_oid_simple (const unsigned char *oid,
- int len);
-
-unsigned int p11_oid_hash (const void *oid);
-
-bool p11_oid_equal (const void *oid_one,
- const void *oid_two);
-
-int p11_oid_length (const unsigned char *oid);
-
-/*
- * 2.5.4.3: CN or commonName
- */
-static const unsigned char P11_OID_CN[] =
- { 0x06, 0x03, 0x55, 0x04, 0x03, };
-
-/*
- * 2.5.4.10: O or organization
- */
-static const unsigned char P11_OID_O[] =
- { 0x06, 0x03, 0x55, 0x04, 0x0a, };
-
-/*
- * 2.5.4.11: OU or organizationalUnit
- */
-static const unsigned char P11_OID_OU[] =
- { 0x06, 0x03, 0x55, 0x04, 0x0b, };
-
-/*
- * Our support of certificate extensions and so on is not limited to what is
- * listed here. This is simply the OIDs used by the parsing code that generates
- * backwards compatible PKCS#11 objects for NSS and the like.
- */
-
-/*
- * 2.5.29.14: SubjectKeyIdentifier
- */
-static const unsigned char P11_OID_SUBJECT_KEY_IDENTIFIER[] =
- { 0x06, 0x03, 0x55, 0x1d, 0x0e };
-static const char P11_OID_SUBJECT_KEY_IDENTIFIER_STR[] = "2.5.29.14";
-
-/*
- * 2.5.29.15: KeyUsage
- *
- * Defined in RFC 5280
- */
-static const unsigned char P11_OID_KEY_USAGE[] =
- { 0x06, 0x03, 0x55, 0x1d, 0x0f };
-static const char P11_OID_KEY_USAGE_STR[] = { "2.5.29.15" };
-
-enum {
- P11_KU_DIGITAL_SIGNATURE = 128,
- P11_KU_NON_REPUDIATION = 64,
- P11_KU_KEY_ENCIPHERMENT = 32,
- P11_KU_DATA_ENCIPHERMENT = 16,
- P11_KU_KEY_AGREEMENT = 8,
- P11_KU_KEY_CERT_SIGN = 4,
- P11_KU_CRL_SIGN = 2,
- P11_KU_ENCIPHER_ONLY = 1,
- P11_KU_DECIPHER_ONLY = 32768,
-};
-
-/*
- * 2.5.29.19: BasicConstraints
- *
- * Defined in RFC 5280
- */
-static const unsigned char P11_OID_BASIC_CONSTRAINTS[] =
- { 0x06, 0x03, 0x55, 0x1d, 0x13 };
-static const char P11_OID_BASIC_CONSTRAINTS_STR[] = "2.5.29.19";
-
-/*
- * 2.5.29.37: ExtendedKeyUsage
- *
- * Defined in RFC 5280
- */
-static const unsigned char P11_OID_EXTENDED_KEY_USAGE[] =
- { 0x06, 0x03, 0x55, 0x1d, 0x25 };
-static const char P11_OID_EXTENDED_KEY_USAGE_STR[] = "2.5.29.37";
-
-/*
- * 1.3.6.1.4.1.3319.6.10.1: OpenSSL reject extension
- *
- * An internally defined certificate extension.
- *
- * OpenSSL contains a list of OID extended key usages to reject.
- * The normal X.509 model is to only *include* the extended key
- * usages that are to be allowed (ie: a whitelist). It's not clear
- * exactly how valid and useful the reject per extended key usage
- * model is.
- *
- * However in order to parse openssl trust policy information and
- * be able to write it back out in the same way, we define a custom
- * certificate extension to store it.
- *
- * It is not expected (or supported) for others outside of p11-kit
- * to read this information at this point.
- *
- * This extension is never marked critical. It is not necessary to
- * respect information in this certificate extension given that the
- * ExtendedKeyUsage extension carries the same information as a
- * whitelist.
- */
-static const unsigned char P11_OID_OPENSSL_REJECT[] =
- { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01 };
-static const char P11_OID_OPENSSL_REJECT_STR[] = "1.3.6.1.4.1.3319.6.10.1";
-
-/*
- * 1.3.6.1.5.5.7.3.1: Server Auth
- *
- * Defined in RFC 5280
- */
-static const unsigned char P11_OID_SERVER_AUTH[] =
- { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01 };
-static const char P11_OID_SERVER_AUTH_STR[] = "1.3.6.1.5.5.7.3.1";
-
-/*
- * 1.3.6.1.5.5.7.3.2: Client Auth
- *
- * Defined in RFC 5280
- */
-static const unsigned char P11_OID_CLIENT_AUTH[] =
- { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02 };
-static const char P11_OID_CLIENT_AUTH_STR[] = "1.3.6.1.5.5.7.3.2";
-
-/*
- * 1.3.6.1.5.5.7.3.3: Code Signing
- *
- * Defined in RFC 5280
- */
-static const unsigned char P11_OID_CODE_SIGNING[] =
- { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x03 };
-static const char P11_OID_CODE_SIGNING_STR[] = "1.3.6.1.5.5.7.3.3";
-
-/*
- * 1.3.6.1.5.5.7.3.4: Email Protection
- *
- * Defined in RFC 5280
- */
-static const unsigned char P11_OID_EMAIL_PROTECTION[] =
- { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04 };
-static const char P11_OID_EMAIL_PROTECTION_STR[] = "1.3.6.1.5.5.7.3.4";
-
-/*
- * 1.3.6.1.5.5.7.3.5: IPSec End System
- *
- * Defined in RFC 2459
- */
-static const unsigned char P11_OID_IPSEC_END_SYSTEM[] =
- { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x05 };
-static const char P11_OID_IPSEC_END_SYSTEM_STR[] = "1.3.6.1.5.5.7.3.5";
-
-/*
- * 1.3.6.1.5.5.7.3.6: IPSec Tunnel
- *
- * Defined in RFC 2459
- */
-static const unsigned char P11_OID_IPSEC_TUNNEL[] =
- { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x06 };
-static const char P11_OID_IPSEC_TUNNEL_STR[] = "1.3.6.1.5.5.7.3.6";
-
-/*
- * 1.3.6.1.5.5.7.3.7: IPSec User
- *
- * Defined in RFC 2459
- */
-static const unsigned char P11_OID_IPSEC_USER[] =
- { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x07 };
-static const char P11_OID_IPSEC_USER_STR[] = "1.3.6.1.5.5.7.3.7";
-
-/*
- * 1.3.6.1.5.5.7.3.8: Time Stamping
- *
- * Defined in RFC 2459
- */
-static const unsigned char P11_OID_TIME_STAMPING[] =
- { 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08 };
-static const char P11_OID_TIME_STAMPING_STR[] = "1.3.6.1.5.5.7.3.8";
-/*
- * 1.3.6.1.4.1.3319.6.10.16: Reserved key purpose
- *
- * An internally defined reserved/dummy key purpose
- *
- * This is used with ExtendedKeyUsage certificate extensions to
- * be a place holder when no other purposes are defined.
- *
- * In theory such a certificate should be blacklisted. But in reality
- * many implementations use such empty sets of purposes. RFC 5280 requires
- * at least one purpose in an ExtendedKeyUsage.
- *
- * Obviously this purpose should never be checked against.
- */
-static const unsigned char P11_OID_RESERVED_PURPOSE[] =
- { 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x10 };
-static const char P11_OID_RESERVED_PURPOSE_STR[] = "1.3.6.1.4.1.3319.6.10.16";
-
-#endif
diff --git a/trust/openssl.asn b/trust/openssl.asn
deleted file mode 100644
index c1f452b..0000000
--- a/trust/openssl.asn
+++ /dev/null
@@ -1,28 +0,0 @@
-
-OPENSSL { }
-
-DEFINITIONS IMPLICIT TAGS ::=
-
-BEGIN
-
--- This module contains structures specific to OpenSSL
-
-CertAux ::= SEQUENCE {
- trust SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- reject [0] SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- alias UTF8String OPTIONAL,
- keyid OCTET STRING OPTIONAL,
- other [1] SEQUENCE OF AlgorithmIdentifier OPTIONAL
-}
-
--- Dependencies brought in from other modules
-
-AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL
-}
-
-UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
- -- The content of this type conforms to RFC 2279.
-
-END
diff --git a/trust/openssl.asn.h b/trust/openssl.asn.h
deleted file mode 100644
index 4e6b240..0000000
--- a/trust/openssl.asn.h
+++ /dev/null
@@ -1,28 +0,0 @@
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <libtasn1.h>
-
-const ASN1_ARRAY_TYPE openssl_asn1_tab[] = {
- { "OPENSSL", 536875024, NULL },
- { NULL, 1073741836, NULL },
- { "CertAux", 1610612741, NULL },
- { "trust", 1610629131, NULL },
- { NULL, 12, NULL },
- { "reject", 1610637323, NULL },
- { NULL, 1073745928, "0"},
- { NULL, 12, NULL },
- { "alias", 1073758210, "UTF8String"},
- { "keyid", 1073758215, NULL },
- { "other", 536895499, NULL },
- { NULL, 1073745928, "1"},
- { NULL, 2, "AlgorithmIdentifier"},
- { "AlgorithmIdentifier", 1610612741, NULL },
- { "algorithm", 1073741836, NULL },
- { "parameters", 541081613, NULL },
- { "algorithm", 1, NULL },
- { "UTF8String", 536879111, NULL },
- { NULL, 4360, "12"},
- { NULL, 0, NULL }
-};
diff --git a/trust/p11-kit-trust.module b/trust/p11-kit-trust.module
deleted file mode 100644
index 2f53ef6..0000000
--- a/trust/p11-kit-trust.module
+++ /dev/null
@@ -1,17 +0,0 @@
-# See pkcs11.conf(5) to understand this file
-
-# This is a module config for the 'included' p11-kit trust module
-module: p11-kit-trust.so
-
-# This setting affects the order that trust policy and other information
-# is looked up when going across various modules. Other trust policy modules
-# need to specify the priority where they slot into things.
-priority: 1
-
-# Mark this module as a viable source of trust policy information
-trust-policy: yes
-
-# This is for drop-in compatibility with glib-networking and gcr. Those
-# projects used this non-standard attribute to denote slots to use to
-# retrieve trust information.
-x-trust-lookup: pkcs11:library-description=PKCS%2311%20Kit%20Trust%20Module
diff --git a/trust/parser.c b/trust/parser.c
deleted file mode 100644
index 41513d4..0000000
--- a/trust/parser.c
+++ /dev/null
@@ -1,762 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "array.h"
-#include "asn1.h"
-#include "attrs.h"
-#define P11_DEBUG_FLAG P11_DEBUG_TRUST
-#include "debug.h"
-#include "dict.h"
-#include "digest.h"
-#include "message.h"
-#include "module.h"
-#include "oid.h"
-#include "parser.h"
-#include "path.h"
-#include "pem.h"
-#include "pkcs11x.h"
-#include "persist.h"
-#include "x509.h"
-
-#include <libtasn1.h>
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <assert.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-struct _p11_parser {
- p11_asn1_cache *asn1_cache;
- p11_dict *asn1_defs;
- bool asn1_owned;
- p11_persist *persist;
- char *basename;
- p11_array *parsed;
- p11_array *formats;
- int flags;
-};
-
-#define ID_LENGTH P11_DIGEST_SHA1_LEN
-
-typedef int (* parser_func) (p11_parser *parser,
- const unsigned char *data,
- size_t length);
-
-static CK_ATTRIBUTE *
-populate_trust (p11_parser *parser,
- CK_ATTRIBUTE *attrs)
-{
- CK_BBOOL trustedv;
- CK_BBOOL distrustv;
-
- CK_ATTRIBUTE trusted = { CKA_TRUSTED, &trustedv, sizeof (trustedv) };
- CK_ATTRIBUTE distrust = { CKA_X_DISTRUSTED, &distrustv, sizeof (distrustv) };
-
- /*
- * If we're are parsing an anchor location, then warn about any ditsrusted
- * certificates there, but don't go ahead and automatically make them
- * trusted anchors.
- */
- if (parser->flags & P11_PARSE_FLAG_ANCHOR) {
- if (p11_attrs_find_bool (attrs, CKA_X_DISTRUSTED, &distrustv) && distrustv) {
- p11_message ("certificate with distrust in location for anchors: %s", parser->basename);
- return attrs;
-
- }
-
- trustedv = CK_TRUE;
- distrustv = CK_FALSE;
-
- /*
- * If we're parsing a blacklist location, then force all certificates to
- * be blacklisted, regardless of whether they contain anchor information.
- */
- } else if (parser->flags & P11_PARSE_FLAG_BLACKLIST) {
- if (p11_attrs_find_bool (attrs, CKA_TRUSTED, &trustedv) && trustedv)
- p11_message ("overriding trust for anchor in blacklist: %s", parser->basename);
-
- trustedv = CK_FALSE;
- distrustv = CK_TRUE;
-
- /*
- * If the location doesn't have a flag, then fill in trust attributes
- * if they are missing: neither an anchor or blacklist.
- */
- } else {
- trustedv = CK_FALSE;
- distrustv = CK_FALSE;
-
- if (p11_attrs_find_valid (attrs, CKA_TRUSTED))
- trusted.type = CKA_INVALID;
- if (p11_attrs_find_valid (attrs, CKA_X_DISTRUSTED))
- distrust.type = CKA_INVALID;
- }
-
- return p11_attrs_build (attrs, &trusted, &distrust, NULL);
-}
-
-static void
-sink_object (p11_parser *parser,
- CK_ATTRIBUTE *attrs)
-{
- CK_OBJECT_CLASS klass;
-
- if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) &&
- klass == CKO_CERTIFICATE) {
- attrs = populate_trust (parser, attrs);
- return_if_fail (attrs != NULL);
- }
-
- if (!p11_array_push (parser->parsed, attrs))
- return_if_reached ();
-}
-
-static CK_ATTRIBUTE *
-certificate_attrs (p11_parser *parser,
- const unsigned char *der,
- size_t der_len)
-{
- CK_OBJECT_CLASS klassv = CKO_CERTIFICATE;
- CK_CERTIFICATE_TYPE x509 = CKC_X_509;
- CK_BBOOL modifiablev = CK_FALSE;
-
- CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) };
- CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) };
- CK_ATTRIBUTE certificate_type = { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) };
- CK_ATTRIBUTE value = { CKA_VALUE, (void *)der, der_len };
-
- return p11_attrs_build (NULL, &klass, &modifiable, &certificate_type, &value, NULL);
-}
-
-int
-p11_parser_format_x509 (p11_parser *parser,
- const unsigned char *data,
- size_t length)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *value;
- node_asn *cert;
-
- cert = p11_asn1_decode (parser->asn1_defs, "PKIX1.Certificate", data, length, message);
- if (cert == NULL)
- return P11_PARSE_UNRECOGNIZED;
-
- attrs = certificate_attrs (parser, data, length);
- return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE);
-
- value = p11_attrs_find_valid (attrs, CKA_VALUE);
- return_val_if_fail (value != NULL, P11_PARSE_FAILURE);
- p11_asn1_cache_take (parser->asn1_cache, cert, "PKIX1.Certificate",
- value->pValue, value->ulValueLen);
-
- sink_object (parser, attrs);
- return P11_PARSE_SUCCESS;
-}
-
-static CK_ATTRIBUTE *
-extension_attrs (p11_parser *parser,
- CK_ATTRIBUTE *public_key_info,
- const char *oid_str,
- const unsigned char *oid_der,
- bool critical,
- const unsigned char *value,
- int length)
-{
- CK_OBJECT_CLASS klassv = CKO_X_CERTIFICATE_EXTENSION;
- CK_BBOOL modifiablev = CK_FALSE;
-
- CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) };
- CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) };
- CK_ATTRIBUTE oid = { CKA_OBJECT_ID, (void *)oid_der, p11_oid_length (oid_der) };
-
- CK_ATTRIBUTE *attrs;
- node_asn *dest;
- unsigned char *der;
- size_t len;
- int ret;
-
- attrs = p11_attrs_build (NULL, public_key_info, &klass, &modifiable, &oid, NULL);
- return_val_if_fail (attrs != NULL, NULL);
-
- dest = p11_asn1_create (parser->asn1_defs, "PKIX1.Extension");
- return_val_if_fail (dest != NULL, NULL);
-
- ret = asn1_write_value (dest, "extnID", oid_str, 1);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- if (critical)
- ret = asn1_write_value (dest, "critical", "TRUE", 1);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- ret = asn1_write_value (dest, "extnValue", value, length);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- der = p11_asn1_encode (dest, &len);
- return_val_if_fail (der != NULL, NULL);
-
- attrs = p11_attrs_take (attrs, CKA_VALUE, der, len);
- return_val_if_fail (attrs != NULL, NULL);
-
- /* An opmitization so that the builder can get at this without parsing */
- p11_asn1_cache_take (parser->asn1_cache, dest, "PKIX1.Extension", der, len);
- return attrs;
-}
-
-static CK_ATTRIBUTE *
-attached_attrs (p11_parser *parser,
- CK_ATTRIBUTE *public_key_info,
- const char *oid_str,
- const unsigned char *oid_der,
- bool critical,
- node_asn *ext)
-{
- CK_ATTRIBUTE *attrs;
- unsigned char *der;
- size_t len;
-
- der = p11_asn1_encode (ext, &len);
- return_val_if_fail (der != NULL, NULL);
-
- attrs = extension_attrs (parser, public_key_info, oid_str, oid_der,
- critical, der, len);
- return_val_if_fail (attrs != NULL, NULL);
-
- free (der);
- return attrs;
-}
-
-static p11_dict *
-load_seq_of_oid_str (node_asn *node,
- const char *seqof)
-{
- p11_dict *oids;
- char field[128];
- char *oid;
- size_t len;
- int i;
-
- oids = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
-
- for (i = 1; ; i++) {
- if (snprintf (field, sizeof (field), "%s.?%u", seqof, i) < 0)
- return_val_if_reached (NULL);
-
- oid = p11_asn1_read (node, field, &len);
- if (oid == NULL)
- break;
-
- if (!p11_dict_set (oids, oid, oid))
- return_val_if_reached (NULL);
- }
-
- return oids;
-}
-
-static CK_ATTRIBUTE *
-attached_eku_attrs (p11_parser *parser,
- CK_ATTRIBUTE *public_key_info,
- const char *oid_str,
- const unsigned char *oid_der,
- bool critical,
- p11_dict *oid_strs)
-{
- CK_ATTRIBUTE *attrs;
- p11_dictiter iter;
- node_asn *dest;
- int count = 0;
- void *value;
- int ret;
-
- dest = p11_asn1_create (parser->asn1_defs, "PKIX1.ExtKeyUsageSyntax");
- return_val_if_fail (dest != NULL, NULL);
-
- p11_dict_iterate (oid_strs, &iter);
- while (p11_dict_next (&iter, NULL, &value)) {
- ret = asn1_write_value (dest, "", "NEW", 1);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- ret = asn1_write_value (dest, "?LAST", value, -1);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- count++;
- }
-
- /*
- * If no oids have been written, then we have to put in a reserved
- * value, due to the way that ExtendedKeyUsage is defined in RFC 5280.
- * There must be at least one purpose. This is important since *not*
- * having an ExtendedKeyUsage is very different than having one without
- * certain usages.
- *
- * We account for this in p11_parse_extended_key_usage(). However for
- * most callers this should not matter, as they only check whether a
- * given purpose is present, and don't make assumptions about ones
- * that they don't know about.
- */
-
- if (count == 0) {
- ret = asn1_write_value (dest, "", "NEW", 1);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- ret = asn1_write_value (dest, "?LAST", P11_OID_RESERVED_PURPOSE_STR, -1);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
- }
-
-
- attrs = attached_attrs (parser, public_key_info, oid_str, oid_der, critical, dest);
- asn1_delete_structure (&dest);
-
- return attrs;
-}
-
-static CK_ATTRIBUTE *
-build_openssl_extensions (p11_parser *parser,
- CK_ATTRIBUTE *cert,
- CK_ATTRIBUTE *public_key_info,
- node_asn *aux,
- const unsigned char *aux_der,
- size_t aux_len)
-{
- CK_BBOOL trusted = CK_FALSE;
- CK_BBOOL distrust = CK_FALSE;
-
- CK_ATTRIBUTE trust_attrs[] = {
- { CKA_TRUSTED, &trusted, sizeof (trusted) },
- { CKA_X_DISTRUSTED, &distrust, sizeof (distrust) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- p11_dict *trust = NULL;
- p11_dict *reject = NULL;
- p11_dictiter iter;
- void *key;
- int start;
- int end;
- int ret;
- int num;
-
- /*
- * This will load an empty list if there is no OPTIONAL trust field.
- * OpenSSL assumes that for a TRUSTED CERTIFICATE a missing trust field
- * is identical to untrusted for all purposes.
- *
- * This is different from ExtendedKeyUsage, where a missing certificate
- * extension means that it is trusted for all purposes.
- */
- trust = load_seq_of_oid_str (aux, "trust");
-
- ret = asn1_number_of_elements (aux, "reject", &num);
- return_val_if_fail (ret == ASN1_SUCCESS || ret == ASN1_ELEMENT_NOT_FOUND, NULL);
- if (ret == ASN1_SUCCESS)
- reject = load_seq_of_oid_str (aux, "reject");
-
- /* Remove all rejected oids from the trust set */
- if (trust && reject) {
- p11_dict_iterate (reject, &iter);
- while (p11_dict_next (&iter, &key, NULL))
- p11_dict_remove (trust, key);
- }
-
- /*
- * The trust field (or lack of it) becomes a standard ExtKeyUsageSyntax.
- *
- * critical: require that this is enforced
- */
-
- if (trust) {
- attrs = attached_eku_attrs (parser, public_key_info,
- P11_OID_EXTENDED_KEY_USAGE_STR,
- P11_OID_EXTENDED_KEY_USAGE,
- true, trust);
- return_val_if_fail (attrs != NULL, NULL);
- sink_object (parser, attrs);
- }
-
- /*
- * For the reject field we use a custom defined extension. We track this
- * for completeness, although the above ExtendedKeyUsage extension handles
- * this data fine. See oid.h for more details. It uses ExtKeyUsageSyntax structure.
- *
- * non-critical: non-standard, and also covered by trusts
- */
-
- if (reject && p11_dict_size (reject) > 0) {
- attrs = attached_eku_attrs (parser, public_key_info,
- P11_OID_OPENSSL_REJECT_STR,
- P11_OID_OPENSSL_REJECT,
- false, reject);
- return_val_if_fail (attrs != NULL, NULL);
- sink_object (parser, attrs);
- }
-
- /*
- * OpenSSL model blacklists as anchors with all purposes being removed/rejected,
- * we account for that here. If there is an ExtendedKeyUsage without any
- * useful purposes, then treat like a blacklist.
- */
- if (trust && p11_dict_size (trust) == 0) {
- trusted = CK_FALSE;
- distrust = CK_TRUE;
-
- /*
- * Otherwise a 'TRUSTED CERTIFICATE' in an input directory is enough to
- * mark this as a trusted certificate.
- */
- } else if (trust && p11_dict_size (trust) > 0) {
- trusted = CK_TRUE;
- distrust = CK_FALSE;
- }
-
- /*
- * OpenSSL model blacklists as anchors with all purposes being removed/rejected,
- * we account for that here. If there is an ExtendedKeyUsage without any
- * useful purposes, then treat like a blacklist.
- */
-
- cert = p11_attrs_merge (cert, p11_attrs_dup (trust_attrs), true);
- return_val_if_fail (cert != NULL, NULL);
-
- p11_dict_free (trust);
- p11_dict_free (reject);
-
- /*
- * For the keyid field we use the SubjectKeyIdentifier extension. It
- * is already in the correct form, an OCTET STRING.
- *
- * non-critical: as recommended in RFC 5280
- */
-
- ret = asn1_der_decoding_startEnd (aux, aux_der, aux_len, "keyid", &start, &end);
- return_val_if_fail (ret == ASN1_SUCCESS || ret == ASN1_ELEMENT_NOT_FOUND, NULL);
-
- if (ret == ASN1_SUCCESS) {
- attrs = extension_attrs (parser, public_key_info,
- P11_OID_SUBJECT_KEY_IDENTIFIER_STR,
- P11_OID_SUBJECT_KEY_IDENTIFIER,
- false, aux_der + start, (end - start) + 1);
- return_val_if_fail (attrs != NULL, NULL);
- sink_object (parser, attrs);
- }
-
-
- return cert;
-}
-
-static int
-parse_openssl_trusted_certificate (p11_parser *parser,
- const unsigned char *data,
- size_t length)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE public_key_info = { CKA_PUBLIC_KEY_INFO };
- CK_ATTRIBUTE *value;
- char *label = NULL;
- node_asn *cert;
- node_asn *aux = NULL;
- ssize_t cert_len;
- size_t len;
- int start;
- int end;
- int ret;
-
- /*
- * This OpenSSL format is weird. It's just two DER structures
- * placed end to end without any wrapping SEQ. So calculate the
- * length of the first DER TLV we see and try to parse that as
- * the X.509 certificate.
- */
-
- cert_len = p11_asn1_tlv_length (data, length);
- if (cert_len <= 0)
- return P11_PARSE_UNRECOGNIZED;
-
- cert = p11_asn1_decode (parser->asn1_defs, "PKIX1.Certificate", data, cert_len, message);
- if (cert == NULL)
- return P11_PARSE_UNRECOGNIZED;
-
- /* OpenSSL sometimes outputs TRUSTED CERTIFICATE format without the CertAux supplement */
- if (cert_len < length) {
- aux = p11_asn1_decode (parser->asn1_defs, "OPENSSL.CertAux", data + cert_len,
- length - cert_len, message);
- if (aux == NULL) {
- asn1_delete_structure (&cert);
- return P11_PARSE_UNRECOGNIZED;
- }
- }
-
- attrs = certificate_attrs (parser, data, cert_len);
- return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE);
-
- /* Cache the parsed certificate ASN.1 for later use by the builder */
- value = p11_attrs_find_valid (attrs, CKA_VALUE);
- return_val_if_fail (value != NULL, P11_PARSE_FAILURE);
-
- /* Pull out the subject public key info */
- ret = asn1_der_decoding_startEnd (cert, data, cert_len,
- "tbsCertificate.subjectPublicKeyInfo", &start, &end);
- return_val_if_fail (ret == ASN1_SUCCESS, P11_PARSE_FAILURE);
-
- public_key_info.pValue = (char *)data + start;
- public_key_info.ulValueLen = (end - start) + 1;
-
- p11_asn1_cache_take (parser->asn1_cache, cert, "PKIX1.Certificate",
- value->pValue, value->ulValueLen);
-
- /* Pull the label out of the CertAux */
- if (aux) {
- len = 0;
- label = p11_asn1_read (aux, "alias", &len);
- if (label != NULL) {
- attrs = p11_attrs_take (attrs, CKA_LABEL, label, strlen (label));
- return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE);
- }
-
- attrs = build_openssl_extensions (parser, attrs, &public_key_info, aux,
- data + cert_len, length - cert_len);
- return_val_if_fail (attrs != NULL, P11_PARSE_FAILURE);
- }
-
- sink_object (parser, attrs);
- asn1_delete_structure (&aux);
-
- return P11_PARSE_SUCCESS;
-}
-
-static void
-on_pem_block (const char *type,
- const unsigned char *contents,
- size_t length,
- void *user_data)
-{
- p11_parser *parser = user_data;
- int ret;
-
- if (strcmp (type, "CERTIFICATE") == 0) {
- ret = p11_parser_format_x509 (parser, contents, length);
-
- } else if (strcmp (type, "TRUSTED CERTIFICATE") == 0) {
- ret = parse_openssl_trusted_certificate (parser, contents, length);
-
- } else {
- p11_debug ("Saw unsupported or unrecognized PEM block of type %s", type);
- ret = P11_PARSE_SUCCESS;
- }
-
- if (ret != P11_PARSE_SUCCESS)
- p11_message ("Couldn't parse PEM block of type %s", type);
-}
-
-int
-p11_parser_format_pem (p11_parser *parser,
- const unsigned char *data,
- size_t length)
-{
- int num;
-
- num = p11_pem_parse ((const char *)data, length, on_pem_block, parser);
-
- if (num == 0)
- return P11_PARSE_UNRECOGNIZED;
-
- return P11_PARSE_SUCCESS;
-}
-
-int
-p11_parser_format_persist (p11_parser *parser,
- const unsigned char *data,
- size_t length)
-{
- CK_BBOOL modifiablev = CK_TRUE;
- CK_ATTRIBUTE *attrs;
- p11_array *objects;
- bool ret;
- int i;
-
- CK_ATTRIBUTE modifiable = { CKA_MODIFIABLE, &modifiablev, sizeof (modifiablev) };
-
- if (!p11_persist_magic (data, length))
- return P11_PARSE_UNRECOGNIZED;
-
- if (!parser->persist) {
- parser->persist = p11_persist_new ();
- return_val_if_fail (parser->persist != NULL, P11_PARSE_UNRECOGNIZED);
- }
-
- objects = p11_array_new (NULL);
- return_val_if_fail (objects != NULL, P11_PARSE_FAILURE);
-
- ret = p11_persist_read (parser->persist, parser->basename, data, length, objects);
- if (ret) {
- for (i = 0; i < objects->num; i++) {
- attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL);
- sink_object (parser, attrs);
- }
- }
-
- p11_array_free (objects);
- return ret ? P11_PARSE_SUCCESS : P11_PARSE_FAILURE;
-}
-
-p11_parser *
-p11_parser_new (p11_asn1_cache *asn1_cache)
-{
- p11_parser parser = { 0, };
-
- if (asn1_cache == NULL) {
- parser.asn1_owned = true;
- parser.asn1_defs = p11_asn1_defs_load ();
- } else {
- parser.asn1_defs = p11_asn1_cache_defs (asn1_cache);
- parser.asn1_cache = asn1_cache;
- parser.asn1_owned = false;
- }
-
- parser.parsed = p11_array_new (p11_attrs_free);
- return_val_if_fail (parser.parsed != NULL, NULL);
-
- return memdup (&parser, sizeof (parser));
-}
-
-void
-p11_parser_free (p11_parser *parser)
-{
- return_if_fail (parser != NULL);
- p11_persist_free (parser->persist);
- p11_array_free (parser->parsed);
- p11_array_free (parser->formats);
- if (parser->asn1_owned)
- p11_dict_free (parser->asn1_defs);
- free (parser);
-}
-
-p11_array *
-p11_parser_parsed (p11_parser *parser)
-{
- return_val_if_fail (parser != NULL, NULL);
- return parser->parsed;
-}
-
-void
-p11_parser_formats (p11_parser *parser,
- ...)
-{
- p11_array *formats;
- parser_func func;
- va_list va;
-
- formats = p11_array_new (NULL);
- return_if_fail (formats != NULL);
-
- va_start (va, parser);
- for (;;) {
- func = va_arg (va, parser_func);
- if (func == NULL)
- break;
- if (!p11_array_push (formats, func))
- return_if_reached ();
- }
- va_end (va);
-
- p11_array_free (parser->formats);
- parser->formats = formats;
-}
-
-int
-p11_parse_memory (p11_parser *parser,
- const char *filename,
- int flags,
- const unsigned char *data,
- size_t length)
-{
- int ret = P11_PARSE_UNRECOGNIZED;
- char *base;
- int i;
-
- return_val_if_fail (parser != NULL, P11_PARSE_FAILURE);
- return_val_if_fail (filename != NULL, P11_PARSE_FAILURE);
- return_val_if_fail (parser->formats != NULL, P11_PARSE_FAILURE);
-
- p11_array_clear (parser->parsed);
- base = p11_path_base (filename);
- parser->basename = base;
- parser->flags = flags;
-
- for (i = 0; ret == P11_PARSE_UNRECOGNIZED && i < parser->formats->num; i++)
- ret = ((parser_func)parser->formats->elem[i]) (parser, data, length);
-
- p11_asn1_cache_flush (parser->asn1_cache);
-
- free (base);
- parser->basename = NULL;
- parser->flags = 0;
-
- return ret;
-}
-
-int
-p11_parse_file (p11_parser *parser,
- const char *filename,
- struct stat *sb,
- int flags)
-{
- p11_mmap *map;
- void *data;
- size_t size;
- int ret;
-
- return_val_if_fail (parser != NULL, P11_PARSE_FAILURE);
- return_val_if_fail (filename != NULL, P11_PARSE_FAILURE);
-
- map = p11_mmap_open (filename, sb, &data, &size);
- if (map == NULL) {
- p11_message_err (errno, "couldn't open and map file: %s", filename);
- return P11_PARSE_FAILURE;
- }
-
- ret = p11_parse_memory (parser, filename, flags, data, size);
-
- p11_mmap_close (map);
- return ret;
-}
diff --git a/trust/parser.h b/trust/parser.h
deleted file mode 100644
index b177844..0000000
--- a/trust/parser.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "asn1.h"
-#include "array.h"
-#include "compat.h"
-#include "dict.h"
-
-#ifndef P11_PARSER_H_
-#define P11_PARSER_H_
-
-enum {
- P11_PARSE_FLAG_NONE = 0,
- P11_PARSE_FLAG_ANCHOR = 1 << 0,
- P11_PARSE_FLAG_BLACKLIST = 1 << 1,
-};
-
-enum {
- P11_PARSE_FAILURE = -1,
- P11_PARSE_UNRECOGNIZED = 0,
- P11_PARSE_SUCCESS = 1,
-};
-
-typedef struct _p11_parser p11_parser;
-
-p11_parser * p11_parser_new (p11_asn1_cache *asn1_cache);
-
-void p11_parser_free (p11_parser *parser);
-
-int p11_parse_memory (p11_parser *parser,
- const char *filename,
- int flags,
- const unsigned char *data,
- size_t length);
-
-int p11_parse_file (p11_parser *parser,
- const char *filename,
- struct stat *sb,
- int flags);
-
-p11_array * p11_parser_parsed (p11_parser *parser);
-
-void p11_parser_formats (p11_parser *parser,
- ...) GNUC_NULL_TERMINATED;
-
-int p11_parser_format_persist (p11_parser *parser,
- const unsigned char *data,
- size_t length);
-
-int p11_parser_format_pem (p11_parser *parser,
- const unsigned char *data,
- size_t length);
-
-int p11_parser_format_x509 (p11_parser *parser,
- const unsigned char *data,
- size_t length);
-
-#endif /* P11_PARSER_H_ */
diff --git a/trust/pem.c b/trust/pem.c
deleted file mode 100644
index ce4f554..0000000
--- a/trust/pem.c
+++ /dev/null
@@ -1,288 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "compat.h"
-#include "base64.h"
-#include "buffer.h"
-#include "debug.h"
-#include "pem.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define ARMOR_SUFF "-----"
-#define ARMOR_SUFF_L 5
-#define ARMOR_PREF_BEGIN "-----BEGIN "
-#define ARMOR_PREF_BEGIN_L 11
-#define ARMOR_PREF_END "-----END "
-#define ARMOR_PREF_END_L 9
-
-enum {
- NONE = 0,
- TRUSTED_CERTIFICATE,
- CERTIFICATE
-};
-
-static const char *
-pem_find_begin (const char *data,
- size_t n_data,
- char **type)
-{
- const char *pref, *suff;
-
- /* Look for a prefix */
- pref = strnstr ((char *)data, ARMOR_PREF_BEGIN, n_data);
- if (!pref)
- return NULL;
-
- n_data -= (pref - data) + ARMOR_PREF_BEGIN_L;
- data = pref + ARMOR_PREF_BEGIN_L;
-
- /* Look for the end of that begin */
- suff = strnstr ((char *)data, ARMOR_SUFF, n_data);
- if (!suff)
- return NULL;
-
- /* Make sure on the same line */
- if (memchr (pref, '\n', suff - pref))
- return NULL;
-
- if (type) {
- pref += ARMOR_PREF_BEGIN_L;
- assert (suff > pref);
- *type = strndup (pref, suff - pref);
- return_val_if_fail (*type != NULL, NULL);
- }
-
- /* The byte after this ---BEGIN--- */
- return suff + ARMOR_SUFF_L;
-}
-
-static const char *
-pem_find_end (const char *data,
- size_t n_data,
- const char *type)
-{
- const char *pref;
- size_t n_type;
-
- /* Look for a prefix */
- pref = strnstr (data, ARMOR_PREF_END, n_data);
- if (!pref)
- return NULL;
-
- n_data -= (pref - data) + ARMOR_PREF_END_L;
- data = pref + ARMOR_PREF_END_L;
-
- /* Next comes the type string */
- n_type = strlen (type);
- if (n_type > n_data || strncmp ((char *)data, type, n_type) != 0)
- return NULL;
-
- n_data -= n_type;
- data += n_type;
-
- /* Next comes the suffix */
- if (ARMOR_SUFF_L > n_data || strncmp ((char *)data, ARMOR_SUFF, ARMOR_SUFF_L) != 0)
- return NULL;
-
- /* The end of the data */
- return pref;
-}
-
-static unsigned char *
-pem_parse_block (const char *data,
- size_t n_data,
- size_t *n_decoded)
-{
- const char *x, *hbeg, *hend;
- const char *p, *end;
- unsigned char *decoded;
- size_t length;
- int ret;
-
- assert (data != NULL);
- assert (n_data != 0);
- assert (n_decoded != NULL);
-
- p = data;
- end = p + n_data;
-
- hbeg = hend = NULL;
-
- /* Try and find a pair of blank lines with only white space between */
- while (hend == NULL) {
- x = memchr (p, '\n', end - p);
- if (!x)
- break;
- ++x;
- while (isspace (*x)) {
- /* Found a second line, with only spaces between */
- if (*x == '\n') {
- hbeg = data;
- hend = x;
- break;
- /* Found a space between two lines */
- } else {
- ++x;
- }
- }
-
- /* Try next line */
- p = x;
- }
-
- /* Headers found? */
- if (hbeg && hend) {
- data = hend;
- n_data = end - data;
- }
-
- length = (n_data * 3) / 4 + 1;
- decoded = malloc (length);
- return_val_if_fail (decoded != NULL, 0);
-
- ret = p11_b64_pton (data, n_data, decoded, length);
- if (ret < 0) {
- free (decoded);
- return NULL;
- }
-
- /* No need to parse headers for our use cases */
-
- *n_decoded = ret;
- return decoded;
-}
-
-unsigned int
-p11_pem_parse (const char *data,
- size_t n_data,
- p11_pem_sink sink,
- void *user_data)
-{
- const char *beg, *end;
- unsigned int nfound = 0;
- unsigned char *decoded = NULL;
- size_t n_decoded = 0;
- char *type;
-
- assert (data != NULL);
-
- while (n_data > 0) {
-
- /* This returns the first character after the PEM BEGIN header */
- beg = pem_find_begin (data, n_data, &type);
- if (beg == NULL)
- break;
-
- assert (type != NULL);
-
- /* This returns the character position before the PEM END header */
- end = pem_find_end (beg, n_data - (beg - data), type);
- if (end == NULL) {
- free (type);
- break;
- }
-
- if (beg != end) {
- decoded = pem_parse_block (beg, end - beg, &n_decoded);
- if (decoded) {
- if (sink != NULL)
- (sink) (type, decoded, n_decoded, user_data);
- ++nfound;
- free (decoded);
- }
- }
-
- free (type);
-
- /* Try for another block */
- end += ARMOR_SUFF_L;
- n_data -= (const char *)end - (const char *)data;
- data = end;
- }
-
- return nfound;
-}
-
-bool
-p11_pem_write (const unsigned char *contents,
- size_t length,
- const char *type,
- p11_buffer *buf)
-{
- size_t estimate;
- size_t prefix;
- char *target;
- int len;
-
- return_val_if_fail (contents || !length, false);
- return_val_if_fail (type, false);
- return_val_if_fail (buf, false);
-
- /* Estimate from base64 data. Algorithm from Glib reference */
- estimate = length * 4 / 3 + 7;
- estimate += estimate / 64 + 1;
-
- p11_buffer_add (buf, ARMOR_PREF_BEGIN, ARMOR_PREF_BEGIN_L);
- p11_buffer_add (buf, type, -1);
- p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L);
-
- prefix = buf->len;
- target = p11_buffer_append (buf, estimate);
- return_val_if_fail (target != NULL, NULL);
-
- /*
- * OpenSSL is absolutely certain that it wants its PEM base64
- * lines to be 64 characters in len.
- */
-
- len = p11_b64_ntop (contents, length, target, estimate, 64);
-
- assert (len > 0);
- assert (len <= estimate);
- buf->len = prefix + len;
-
- p11_buffer_add (buf, "\n", 1);
- p11_buffer_add (buf, ARMOR_PREF_END, ARMOR_PREF_END_L);
- p11_buffer_add (buf, type, -1);
- p11_buffer_add (buf, ARMOR_SUFF, ARMOR_SUFF_L);
- p11_buffer_add (buf, "\n", 1);
-
- return p11_buffer_ok (buf);
-}
diff --git a/trust/pem.h b/trust/pem.h
deleted file mode 100644
index 7e4ce63..0000000
--- a/trust/pem.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_PEM_H_
-#define P11_PEM_H_
-
-#include "buffer.h"
-#include "compat.h"
-
-#include <sys/types.h>
-
-typedef void (*p11_pem_sink) (const char *type,
- const unsigned char *contents,
- size_t length,
- void *user_data);
-
-unsigned int p11_pem_parse (const char *input,
- size_t length,
- p11_pem_sink sink,
- void *user_data);
-
-bool p11_pem_write (const unsigned char *contents,
- size_t length,
- const char *type,
- p11_buffer *buf);
-
-#endif /* P11_PEM_H_ */
diff --git a/trust/persist.c b/trust/persist.c
deleted file mode 100644
index ae76342..0000000
--- a/trust/persist.c
+++ /dev/null
@@ -1,768 +0,0 @@
-/*
- * Copyright (C) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "asn1.h"
-#include "attrs.h"
-#include "constants.h"
-#include "debug.h"
-#include "lexer.h"
-#include "message.h"
-#include "pem.h"
-#include "persist.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-#include "pkcs11x.h"
-#include "types.h"
-#include "url.h"
-
-#include "basic.asn.h"
-
-#include <libtasn1.h>
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define PERSIST_HEADER "p11-kit-object-v1"
-
-struct _p11_persist {
- p11_dict *constants;
- node_asn *asn1_defs;
-};
-
-bool
-p11_persist_magic (const unsigned char *data,
- size_t length)
-{
- return (strnstr ((char *)data, "[" PERSIST_HEADER "]", length) != NULL);
-}
-
-p11_persist *
-p11_persist_new (void)
-{
- p11_persist *persist;
-
- persist = calloc (1, sizeof (p11_persist));
- return_val_if_fail (persist != NULL, NULL);
-
- persist->constants = p11_constant_reverse (true);
- return_val_if_fail (persist->constants != NULL, NULL);
-
- return persist;
-}
-
-void
-p11_persist_free (p11_persist *persist)
-{
- if (!persist)
- return;
- p11_dict_free (persist->constants);
- asn1_delete_structure (&persist->asn1_defs);
- free (persist);
-}
-
-struct constant {
- CK_ULONG value;
- const char *string;
-};
-
-static bool
-parse_string (p11_lexer *lexer,
- CK_ATTRIBUTE *attr)
-{
- const char *value;
- const char *end;
- size_t length;
- unsigned char *data;
-
- value = lexer->tok.field.value;
- end = value + strlen (value);
-
- /* Not a string/binary value */
- if (value == end || value[0] != '\"' || *(end - 1) != '\"')
- return false;
-
- /* Note that we don't skip whitespace when decoding, as you might in other URLs */
- data = p11_url_decode (value + 1, end - 1, "", &length);
- if (data == NULL) {
- p11_lexer_msg(lexer, "bad encoding of attribute value");
- return false;
- }
-
- attr->pValue = data;
- attr->ulValueLen = length;
- return true;
-}
-
-static void
-format_string (CK_ATTRIBUTE *attr,
- p11_buffer *buf)
-{
- const unsigned char *value;
-
- assert (attr->ulValueLen != CK_UNAVAILABLE_INFORMATION);
-
- p11_buffer_add (buf, "\"", 1);
- value = attr->pValue;
- p11_url_encode (value, value + attr->ulValueLen, P11_URL_VERBATIM, buf);
- p11_buffer_add (buf, "\"", 1);
-}
-
-static bool
-parse_bool (p11_lexer *lexer,
- CK_ATTRIBUTE *attr)
-{
- const char *value = lexer->tok.field.value;
- CK_BBOOL boolean;
-
- if (strcmp (value, "true") == 0) {
- boolean = CK_TRUE;
-
- } else if (strcmp (value, "false") == 0) {
- boolean = CK_FALSE;
-
- } else {
- /* Not a valid boolean value */
- return false;
- }
-
- attr->pValue = memdup (&boolean, sizeof (boolean));
- return_val_if_fail (attr != NULL, FALSE);
- attr->ulValueLen = sizeof (boolean);
- return true;
-}
-
-static bool
-format_bool (CK_ATTRIBUTE *attr,
- p11_buffer *buf)
-{
- const CK_BBOOL *value;
-
- if (attr->ulValueLen != sizeof (CK_BBOOL))
- return false;
-
- switch (attr->type) {
- case CKA_TOKEN:
- case CKA_PRIVATE:
- case CKA_TRUSTED:
- case CKA_SENSITIVE:
- case CKA_ENCRYPT:
- case CKA_DECRYPT:
- case CKA_WRAP:
- case CKA_UNWRAP:
- case CKA_SIGN:
- case CKA_SIGN_RECOVER:
- case CKA_VERIFY:
- case CKA_VERIFY_RECOVER:
- case CKA_DERIVE:
- case CKA_EXTRACTABLE:
- case CKA_LOCAL:
- case CKA_NEVER_EXTRACTABLE:
- case CKA_ALWAYS_SENSITIVE:
- case CKA_MODIFIABLE:
- case CKA_SECONDARY_AUTH:
- case CKA_ALWAYS_AUTHENTICATE:
- case CKA_WRAP_WITH_TRUSTED:
- case CKA_RESET_ON_INIT:
- case CKA_HAS_RESET:
- case CKA_COLOR:
- case CKA_X_DISTRUSTED:
- break;
- default:
- return false;
- }
-
- value = attr->pValue;
- if (*value == CK_TRUE)
- p11_buffer_add (buf, "true", -1);
- else if (*value == CK_FALSE)
- p11_buffer_add (buf, "false", -1);
- else
- return false;
-
- return true;
-}
-
-static bool
-parse_ulong (p11_lexer *lexer,
- CK_ATTRIBUTE *attr)
-{
- unsigned long value;
- char *end;
-
- end = NULL;
- value = strtoul (lexer->tok.field.value, &end, 10);
-
- /* Not a valid number value */
- if (!end || *end != '\0')
- return false;
-
- attr->pValue = memdup (&value, sizeof (CK_ULONG));
- return_val_if_fail (attr->pValue != NULL, false);
- attr->ulValueLen = sizeof (CK_ULONG);
- return true;
-}
-
-static bool
-format_ulong (CK_ATTRIBUTE *attr,
- p11_buffer *buf)
-{
- char string[sizeof (CK_ULONG) * 4];
- const CK_ULONG *value;
-
- if (attr->ulValueLen != sizeof (CK_ULONG))
- return false;
-
- switch (attr->type) {
- case CKA_CERTIFICATE_CATEGORY:
- case CKA_CERTIFICATE_TYPE:
- case CKA_CLASS:
- case CKA_JAVA_MIDP_SECURITY_DOMAIN:
- case CKA_KEY_GEN_MECHANISM:
- case CKA_KEY_TYPE:
- case CKA_MECHANISM_TYPE:
- case CKA_MODULUS_BITS:
- case CKA_PRIME_BITS:
- case CKA_SUB_PRIME_BITS:
- case CKA_VALUE_BITS:
- case CKA_VALUE_LEN:
- case CKA_TRUST_DIGITAL_SIGNATURE:
- case CKA_TRUST_NON_REPUDIATION:
- case CKA_TRUST_KEY_ENCIPHERMENT:
- case CKA_TRUST_DATA_ENCIPHERMENT:
- case CKA_TRUST_KEY_AGREEMENT:
- case CKA_TRUST_KEY_CERT_SIGN:
- case CKA_TRUST_CRL_SIGN:
- case CKA_TRUST_SERVER_AUTH:
- case CKA_TRUST_CLIENT_AUTH:
- case CKA_TRUST_CODE_SIGNING:
- case CKA_TRUST_EMAIL_PROTECTION:
- case CKA_TRUST_IPSEC_END_SYSTEM:
- case CKA_TRUST_IPSEC_TUNNEL:
- case CKA_TRUST_IPSEC_USER:
- case CKA_TRUST_TIME_STAMPING:
- case CKA_TRUST_STEP_UP_APPROVED:
- case CKA_X_ASSERTION_TYPE:
- case CKA_AUTH_PIN_FLAGS:
- case CKA_HW_FEATURE_TYPE:
- case CKA_PIXEL_X:
- case CKA_PIXEL_Y:
- case CKA_RESOLUTION:
- case CKA_CHAR_ROWS:
- case CKA_CHAR_COLUMNS:
- case CKA_BITS_PER_PIXEL:
- break;
- default:
- return false;
- }
-
- value = attr->pValue;
- snprintf (string, sizeof (string), "%lu", *value);
-
- p11_buffer_add (buf, string, -1);
- return true;
-}
-
-static bool
-parse_constant (p11_persist *persist,
- p11_lexer *lexer,
- CK_ATTRIBUTE *attr)
-{
- CK_ULONG value;
-
- value = p11_constant_resolve (persist->constants, lexer->tok.field.value);
-
- /* Not a valid constant */
- if (value == CKA_INVALID)
- return false;
-
- attr->pValue = memdup (&value, sizeof (CK_ULONG));
- return_val_if_fail (attr->pValue != NULL, false);
- attr->ulValueLen = sizeof (CK_ULONG);
- return true;
-}
-
-static bool
-format_constant (CK_ATTRIBUTE *attr,
- p11_buffer *buf)
-{
- const p11_constant *table;
- const CK_ULONG *value;
- const char *nick;
-
- if (attr->ulValueLen != sizeof (CK_ULONG))
- return false;
-
- switch (attr->type) {
- case CKA_TRUST_DIGITAL_SIGNATURE:
- case CKA_TRUST_NON_REPUDIATION:
- case CKA_TRUST_KEY_ENCIPHERMENT:
- case CKA_TRUST_DATA_ENCIPHERMENT:
- case CKA_TRUST_KEY_AGREEMENT:
- case CKA_TRUST_KEY_CERT_SIGN:
- case CKA_TRUST_CRL_SIGN:
- case CKA_TRUST_SERVER_AUTH:
- case CKA_TRUST_CLIENT_AUTH:
- case CKA_TRUST_CODE_SIGNING:
- case CKA_TRUST_EMAIL_PROTECTION:
- case CKA_TRUST_IPSEC_END_SYSTEM:
- case CKA_TRUST_IPSEC_TUNNEL:
- case CKA_TRUST_IPSEC_USER:
- case CKA_TRUST_TIME_STAMPING:
- table = p11_constant_trusts;
- break;
- case CKA_CLASS:
- table = p11_constant_classes;
- break;
- case CKA_CERTIFICATE_TYPE:
- table = p11_constant_certs;
- break;
- case CKA_KEY_TYPE:
- table = p11_constant_keys;
- break;
- case CKA_X_ASSERTION_TYPE:
- table = p11_constant_asserts;
- break;
- case CKA_CERTIFICATE_CATEGORY:
- table = p11_constant_categories;
- break;
- case CKA_KEY_GEN_MECHANISM:
- case CKA_MECHANISM_TYPE:
- table = p11_constant_mechanisms;
- break;
- default:
- table = NULL;
- };
-
- if (!table)
- return false;
-
- value = attr->pValue;
- nick = p11_constant_nick (table, *value);
-
- if (!nick)
- return false;
-
- p11_buffer_add (buf, nick, -1);
- return true;
-}
-
-static bool
-parse_oid (p11_persist *persist,
- p11_lexer *lexer,
- CK_ATTRIBUTE *attr)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- node_asn *asn;
- size_t length;
- char *value;
- int ret;
-
- value = lexer->tok.field.value;
- length = strlen (value);
-
- /* Not an OID value? */
- if (length < 4 ||
- strchr (value, '.') == NULL ||
- strspn (value, "0123456790.") != length ||
- strstr (value, "..") != NULL ||
- value[0] == '.' || value[0] == '0' ||
- value[length - 1] == '.' ||
- strchr (value, '.') == strrchr (value, '.')) {
- return false;
- }
-
- if (!persist->asn1_defs) {
- ret = asn1_array2tree (basic_asn1_tab, &persist->asn1_defs, message);
- if (ret != ASN1_SUCCESS) {
- p11_debug_precond ("failed to load BASIC definitions: %s: %s\n",
- asn1_strerror (ret), message);
- return false;
- }
- }
-
- ret = asn1_create_element (persist->asn1_defs, "BASIC.ObjectIdentifier", &asn);
- if (ret != ASN1_SUCCESS) {
- p11_debug_precond ("failed to create ObjectIdentifier element: %s\n",
- asn1_strerror (ret));
- return false;
- }
-
- ret = asn1_write_value (asn, "", value, 1);
- if (ret == ASN1_VALUE_NOT_VALID) {
- p11_lexer_msg (lexer, "invalid oid value");
- asn1_delete_structure (&asn);
- return false;
- }
- return_val_if_fail (ret == ASN1_SUCCESS, false);
-
- attr->pValue = p11_asn1_encode (asn, &length);
- return_val_if_fail (attr->pValue != NULL, false);
- attr->ulValueLen = length;
-
- asn1_delete_structure (&asn);
- return true;
-}
-
-static bool
-format_oid (p11_persist *persist,
- CK_ATTRIBUTE *attr,
- p11_buffer *buf)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- node_asn *asn;
- char *data;
- size_t len;
- int ret;
-
- if (attr->type != CKA_OBJECT_ID || attr->ulValueLen == 0)
- return false;
-
- if (!persist->asn1_defs) {
- ret = asn1_array2tree (basic_asn1_tab, &persist->asn1_defs, message);
- if (ret != ASN1_SUCCESS) {
- p11_debug_precond ("failed to load BASIC definitions: %s: %s\n",
- asn1_strerror (ret), message);
- return false;
- }
- }
-
- ret = asn1_create_element (persist->asn1_defs, "BASIC.ObjectIdentifier", &asn);
- if (ret != ASN1_SUCCESS) {
- p11_debug_precond ("failed to create ObjectIdentifier element: %s\n",
- asn1_strerror (ret));
- return false;
- }
-
- ret = asn1_der_decoding (&asn, attr->pValue, attr->ulValueLen, message);
- if (ret != ASN1_SUCCESS) {
- p11_message ("invalid oid value: %s", message);
- return false;
- }
-
- data = p11_asn1_read (asn, "", &len);
- return_val_if_fail (data != NULL, false);
-
- asn1_delete_structure (&asn);
-
- p11_buffer_add (buf, data, len - 1);
- free (data);
-
- return true;
-}
-
-static bool
-parse_value (p11_persist *persist,
- p11_lexer *lexer,
- CK_ATTRIBUTE *attr)
-{
- return parse_constant (persist, lexer, attr) ||
- parse_string (lexer, attr) ||
- parse_bool (lexer, attr) ||
- parse_ulong (lexer, attr) ||
- parse_oid (persist, lexer, attr);
-}
-
-static void
-format_value (p11_persist *persist,
- CK_ATTRIBUTE *attr,
- p11_buffer *buf)
-{
- assert (attr->ulValueLen != CK_UNAVAILABLE_INFORMATION);
-
- if (format_bool (attr, buf) ||
- format_constant (attr, buf) ||
- format_ulong (attr, buf) ||
- format_oid (persist, attr, buf))
- return;
-
- /* Everything else as string */
- format_string (attr, buf);
-}
-
-static bool
-field_to_attribute (p11_persist *persist,
- p11_lexer *lexer,
- CK_ATTRIBUTE **attrs)
-{
- CK_ATTRIBUTE attr = { 0, };
- char *end;
-
- end = NULL;
- attr.type = strtoul (lexer->tok.field.name, &end, 10);
-
- /* Not a valid number value, probably a constant */
- if (!end || *end != '\0') {
- attr.type = p11_constant_resolve (persist->constants, lexer->tok.field.name);
- if (attr.type == CKA_INVALID || !p11_constant_name (p11_constant_types, attr.type)) {
- p11_lexer_msg (lexer, "invalid or unsupported attribute");
- return false;
- }
- }
-
- if (!parse_value (persist, lexer, &attr)) {
- p11_lexer_msg (lexer, "invalid value");
- return false;
- }
-
- *attrs = p11_attrs_take (*attrs, attr.type,
- attr.pValue, attr.ulValueLen);
- return true;
-}
-
-static CK_ATTRIBUTE *
-certificate_to_attributes (const unsigned char *der,
- size_t length)
-{
- CK_OBJECT_CLASS klassv = CKO_CERTIFICATE;
- CK_CERTIFICATE_TYPE x509 = CKC_X_509;
-
- CK_ATTRIBUTE klass = { CKA_CLASS, &klassv, sizeof (klassv) };
- CK_ATTRIBUTE certificate_type = { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) };
- CK_ATTRIBUTE value = { CKA_VALUE, (void *)der, length };
-
- return p11_attrs_build (NULL, &klass, &certificate_type, &value, NULL);
-}
-
-static CK_ATTRIBUTE *
-public_key_to_attributes (const unsigned char *der,
- size_t length)
-{
- /* Eventually we might choose to contribute a class here ... */
- CK_ATTRIBUTE public_key = { CKA_PUBLIC_KEY_INFO, (void *)der, length };
- return p11_attrs_build (NULL, &public_key, NULL);
-}
-
-typedef struct {
- p11_lexer *lexer;
- CK_ATTRIBUTE *attrs;
- bool result;
-} parse_block;
-
-static void
-on_pem_block (const char *type,
- const unsigned char *contents,
- size_t length,
- void *user_data)
-{
- parse_block *pb = user_data;
- CK_ATTRIBUTE *attrs;
-
- if (strcmp (type, "CERTIFICATE") == 0) {
- attrs = certificate_to_attributes (contents, length);
- pb->attrs = p11_attrs_merge (pb->attrs, attrs, false);
- pb->result = true;
-
- } else if (strcmp (type, "PUBLIC KEY") == 0) {
- attrs = public_key_to_attributes (contents, length);
- pb->attrs = p11_attrs_merge (pb->attrs, attrs, false);
- pb->result = true;
-
- } else {
- p11_lexer_msg (pb->lexer, "unsupported pem block in store");
- pb->result = false;
- }
-}
-
-static bool
-pem_to_attributes (p11_lexer *lexer,
- CK_ATTRIBUTE **attrs)
-{
- parse_block pb = { lexer, *attrs, false };
- unsigned int count;
-
- count = p11_pem_parse (lexer->tok.pem.begin,
- lexer->tok.pem.length,
- on_pem_block, &pb);
-
- if (count == 0) {
- p11_lexer_msg (lexer, "invalid pem block");
- return false;
- }
-
- /* The lexer should have only matched one block */
- return_val_if_fail (count == 1, false);
- *attrs = pb.attrs;
- return pb.result;
-}
-
-bool
-p11_persist_read (p11_persist *persist,
- const char *filename,
- const unsigned char *data,
- size_t length,
- p11_array *objects)
-{
- p11_lexer lexer;
- CK_ATTRIBUTE *attrs;
- bool failed;
- bool skip;
-
- return_val_if_fail (persist != NULL, false);
- return_val_if_fail (objects != NULL, false);
-
- skip = false;
- attrs = NULL;
- failed = false;
-
- p11_lexer_init (&lexer, filename, (const char *)data, length);
- while (p11_lexer_next (&lexer, &failed)) {
- switch (lexer.tok_type) {
- case TOK_SECTION:
- if (attrs && !p11_array_push (objects, attrs))
- return_val_if_reached (false);
- attrs = NULL;
- if (strcmp (lexer.tok.section.name, PERSIST_HEADER) != 0) {
- p11_lexer_msg (&lexer, "unrecognized or invalid section header");
- skip = true;
- } else {
- attrs = p11_attrs_build (NULL, NULL);
- return_val_if_fail (attrs != NULL, false);
- skip = false;
- }
- failed = false;
- break;
- case TOK_FIELD:
- if (skip) {
- failed = false;
- } else if (!attrs) {
- p11_lexer_msg (&lexer, "attribute before p11-kit section header");
- failed = true;
- } else {
- failed = !field_to_attribute (persist, &lexer, &attrs);
- }
- break;
- case TOK_PEM:
- if (skip) {
- failed = false;
- } else if (!attrs) {
- p11_lexer_msg (&lexer, "pem block before p11-kit section header");
- failed = true;
- } else {
- failed = !pem_to_attributes (&lexer, &attrs);
- }
- break;
- }
-
- if (failed)
- break;
- }
-
- if (attrs && !p11_array_push (objects, attrs))
- return_val_if_reached (false);
- attrs = NULL;
-
- p11_lexer_done (&lexer);
- return !failed;
-}
-
-static CK_ATTRIBUTE *
-find_certificate_value (CK_ATTRIBUTE *attrs)
-{
- CK_OBJECT_CLASS klass;
- CK_CERTIFICATE_TYPE type;
-
- if (!p11_attrs_find_ulong (attrs, CKA_CLASS, &klass) ||
- klass != CKO_CERTIFICATE)
- return NULL;
- if (!p11_attrs_find_ulong (attrs, CKA_CERTIFICATE_TYPE, &type) ||
- type != CKC_X_509)
- return NULL;
- return p11_attrs_find_valid (attrs, CKA_VALUE);
-}
-
-bool
-p11_persist_write (p11_persist *persist,
- CK_ATTRIBUTE *attrs,
- p11_buffer *buf)
-{
- char string[sizeof (CK_ULONG) * 4];
- CK_ATTRIBUTE *cert_value;
- CK_ATTRIBUTE *spki_value;
- const char *nick;
- int i;
-
- cert_value = find_certificate_value (attrs);
- spki_value = p11_attrs_find_valid (attrs, CKA_PUBLIC_KEY_INFO);
-
- p11_buffer_add (buf, "[" PERSIST_HEADER "]\n", -1);
-
- for (i = 0; !p11_attrs_terminator (attrs + i); i++) {
-
- /* These are written later? */
- if (cert_value != NULL &&
- (attrs[i].type == CKA_CLASS ||
- attrs[i].type == CKA_CERTIFICATE_TYPE ||
- attrs[i].type == CKA_VALUE))
- continue;
-
- /* These are written later? */
- if (spki_value != NULL &&
- attrs[i].type == CKA_PUBLIC_KEY_INFO)
- continue;
-
- /* These are never written */
- if (attrs[i].type == CKA_TOKEN ||
- attrs[i].type == CKA_X_ORIGIN ||
- attrs[i].type == CKA_X_GENERATED)
- continue;
-
- if (attrs[i].ulValueLen == CK_UNAVAILABLE_INFORMATION)
- continue;
-
- nick = p11_constant_nick (p11_constant_types, attrs[i].type);
- if (nick == NULL) {
- snprintf (string, sizeof (string), "%lu", attrs[i].type);
- nick = string;
- }
-
- p11_buffer_add (buf, nick, -1);
- p11_buffer_add (buf, ": ", 2);
- format_value (persist, attrs + i, buf);
- p11_buffer_add (buf, "\n", 1);
- }
-
- if (cert_value != NULL) {
- if (!p11_pem_write (cert_value->pValue, cert_value->ulValueLen, "CERTIFICATE", buf))
- return_val_if_reached (false);
- } else if (spki_value != NULL) {
- if (!p11_pem_write (spki_value->pValue, spki_value->ulValueLen, "PUBLIC KEY", buf))
- return_val_if_reached (false);
- }
-
- p11_buffer_add (buf, "\n", 1);
- return p11_buffer_ok (buf);
-}
diff --git a/trust/persist.h b/trust/persist.h
deleted file mode 100644
index 0ef142c..0000000
--- a/trust/persist.h
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Copyright (C) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_PERSIST_H_
-#define P11_PERSIST_H_
-
-#include "array.h"
-#include "compat.h"
-#include "dict.h"
-
-#include <sys/types.h>
-
-typedef struct _p11_persist p11_persist;
-
-p11_persist * p11_persist_new (void);
-
-bool p11_persist_magic (const unsigned char *data,
- size_t length);
-
-bool p11_persist_read (p11_persist *persist,
- const char *filename,
- const unsigned char *data,
- size_t length,
- p11_array *objects);
-
-bool p11_persist_write (p11_persist *persist,
- CK_ATTRIBUTE *object,
- p11_buffer *buf);
-
-void p11_persist_free (p11_persist *persist);
-
-#endif /* P11_PERSIST_H_ */
diff --git a/trust/pkix.asn b/trust/pkix.asn
deleted file mode 100644
index 38bb028..0000000
--- a/trust/pkix.asn
+++ /dev/null
@@ -1,566 +0,0 @@
-
-PKIX1 { }
-
-DEFINITIONS IMPLICIT TAGS ::=
-
-BEGIN
-
--- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules.
-
-id-pkix OBJECT IDENTIFIER ::=
- { iso(1) identified-organization(3) dod(6) internet(1)
- security(5) mechanisms(5) pkix(7) }
-
--- ISO arc for standard certificate and CRL extensions
-
--- authority key identifier OID and syntax
-
-AuthorityKeyIdentifier ::= SEQUENCE {
- keyIdentifier [0] KeyIdentifier OPTIONAL,
- authorityCertIssuer [1] GeneralNames OPTIONAL,
- authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- -- authorityCertIssuer and authorityCertSerialNumber shall both
- -- be present or both be absgent
-
-KeyIdentifier ::= OCTET STRING
-
--- subject key identifier OID and syntax
-
-SubjectKeyIdentifier ::= KeyIdentifier
-
--- key usage extension OID and syntax
-
-KeyUsage ::= BIT STRING
-
--- Directory string type --
-
-DirectoryString ::= CHOICE {
- teletexString TeletexString (SIZE (1..MAX)),
- printableString PrintableString (SIZE (1..MAX)),
- universalString UniversalString (SIZE (1..MAX)),
- utf8String UTF8String (SIZE (1..MAX)),
- bmpString BMPString (SIZE(1..MAX)),
- -- IA5String is added here to handle old UID encoded as ia5String --
- -- See tests/userid/ for more information. It shouldn't be here, --
- -- so if it causes problems, considering dropping it. --
- ia5String IA5String (SIZE(1..MAX)) }
-
-SubjectAltName ::= GeneralNames
-
-GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-
-GeneralName ::= CHOICE {
- otherName [0] AnotherName,
- rfc822Name [1] IA5String,
- dNSName [2] IA5String,
- x400Address [3] ANY,
--- Changed to work with the libtasn1 parser.
- directoryName [4] EXPLICIT RDNSequence, --Name,
- ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory
- uniformResourceIdentifier [6] IA5String,
- iPAddress [7] OCTET STRING,
- registeredID [8] OBJECT IDENTIFIER }
-
--- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
--- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
-
-AnotherName ::= SEQUENCE {
- type-id OBJECT IDENTIFIER,
- value [0] EXPLICIT ANY DEFINED BY type-id }
-
--- issuer alternative name extension OID and syntax
-
-IssuerAltName ::= GeneralNames
-
--- basic constraints extension OID and syntax
-
-BasicConstraints ::= SEQUENCE {
- cA BOOLEAN DEFAULT FALSE,
- pathLenConstraint INTEGER (0..MAX) OPTIONAL }
-
--- CRL distribution points extension OID and syntax
-
-CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-
-DistributionPoint ::= SEQUENCE {
- distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL,
- reasons [1] ReasonFlags OPTIONAL,
- cRLIssuer [2] GeneralNames OPTIONAL
-}
-
-DistributionPointName ::= CHOICE {
- fullName [0] GeneralNames,
- nameRelativeToCRLIssuer [1] RelativeDistinguishedName
-}
-
-ReasonFlags ::= BIT STRING
-
--- extended key usage extension OID and syntax
-
-ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
-
-KeyPurposeId ::= OBJECT IDENTIFIER
-
--- CRL number extension OID and syntax
-
-CRLNumber ::= INTEGER (0..MAX)
-
--- certificate issuer CRL entry extension OID and syntax
-
-CertificateIssuer ::= GeneralNames
-
--- --------------------------------------
--- EXPLICIT
--- --------------------------------------
-
--- UNIVERSAL Types defined in '93 and '98 ASN.1
--- but required by this specification
-
-NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING
-
-IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING
-
-TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
-
-PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING
-
-UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
- -- UniversalString is defined in ASN.1:1993
-
-BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
- -- BMPString is the subtype of UniversalString and models
- -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
-
-UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
- -- The content of this type conforms to RFC 2279.
-
-
--- attribute data types --
-
-Attribute ::= SEQUENCE {
- type AttributeType,
- values SET OF AttributeValue
- -- at least one value is required --
-}
-
-AttributeType ::= OBJECT IDENTIFIER
-
-AttributeValue ::= ANY DEFINED BY type
-
-AttributeTypeAndValue ::= SEQUENCE {
- type AttributeType,
- value AttributeValue }
-
--- suggested naming attributes: Definition of the following
--- information object set may be augmented to meet local
--- requirements. Note that deleting members of the set may
--- prevent interoperability with conforming implementations.
--- presented in pairs: the AttributeType followed by the
--- type definition for the corresponding AttributeValue
-
--- Arc for standard naming attributes
-id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
-
--- Attributes of type NameDirectoryString
-
--- gnutls: Note that the Object ID (id-at*) is being set just before the
--- actual definition. This is done in order for asn1_find_structure_from_oid
--- to work (locate structure from OID).
--- Maybe this is inefficient and memory consuming. Should we replace with
--- a table that maps OIDs to structures?
-
-PostalAddress ::= SEQUENCE OF DirectoryString
-
- -- Legacy attributes
-
-emailAddress AttributeType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 1 }
-
-Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
-
--- naming data types --
-
-Name ::= CHOICE { -- only one possibility for now --
- rdnSequence RDNSequence }
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-DistinguishedName ::= RDNSequence
-
-RelativeDistinguishedName ::=
- SET SIZE (1 .. MAX) OF AttributeTypeAndValue
-
-
-
--- --------------------------------------------------------
--- certificate and CRL specific structures begin here
--- --------------------------------------------------------
-
-Certificate ::= SEQUENCE {
- tbsCertificate TBSCertificate,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING }
-
-TBSCertificate ::= SEQUENCE {
- version [0] EXPLICIT Version DEFAULT v1,
- serialNumber CertificateSerialNumber,
- signature AlgorithmIdentifier,
- issuer Name,
- validity Validity,
- subject Name,
- subjectPublicKeyInfo SubjectPublicKeyInfo,
- issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- -- If present, version shall be v2 or v3
- subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- -- If present, version shall be v2 or v3
- extensions [3] EXPLICIT Extensions OPTIONAL
- -- If present, version shall be v3 --
-}
-
-Version ::= INTEGER { v1(0), v2(1), v3(2) }
-
-CertificateSerialNumber ::= INTEGER
-
-Validity ::= SEQUENCE {
- notBefore Time,
- notAfter Time }
-
-Time ::= CHOICE {
- utcTime UTCTime,
- generalTime GeneralizedTime }
-
-UniqueIdentifier ::= BIT STRING
-
-SubjectPublicKeyInfo ::= SEQUENCE {
- algorithm AlgorithmIdentifier,
- subjectPublicKey BIT STRING }
-
-Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
-
-Extension ::= SEQUENCE {
- extnID OBJECT IDENTIFIER,
- critical BOOLEAN DEFAULT FALSE,
- extnValue OCTET STRING }
-
-
--- ------------------------------------------
--- CRL structures
--- ------------------------------------------
-
-CertificateList ::= SEQUENCE {
- tbsCertList TBSCertList,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING }
-
-TBSCertList ::= SEQUENCE {
- version Version OPTIONAL,
- -- if present, shall be v2
- signature AlgorithmIdentifier,
- issuer Name,
- thisUpdate Time,
- nextUpdate Time OPTIONAL,
- revokedCertificates SEQUENCE OF SEQUENCE {
- userCertificate CertificateSerialNumber,
- revocationDate Time,
- crlEntryExtensions Extensions OPTIONAL
- -- if present, shall be v2
- } OPTIONAL,
- crlExtensions [0] EXPLICIT Extensions OPTIONAL
- -- if present, shall be v2 --
-}
-
--- Version, Time, CertificateSerialNumber, and Extensions were
--- defined earlier for use in the certificate structure
-
-AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL }
- -- contains a value of the type
- -- registered for use with the
- -- algorithm object identifier value
-
--- Algorithm OIDs and parameter structures
-
-Dss-Sig-Value ::= SEQUENCE {
- r INTEGER,
- s INTEGER
-}
-
-DomainParameters ::= SEQUENCE {
- p INTEGER, -- odd prime, p=jq +1
- g INTEGER, -- generator, g
- q INTEGER, -- factor of p-1
- j INTEGER OPTIONAL, -- subgroup factor, j>= 2
- validationParms ValidationParms OPTIONAL }
-
-ValidationParms ::= SEQUENCE {
- seed BIT STRING,
- pgenCounter INTEGER }
-
-Dss-Parms ::= SEQUENCE {
- p INTEGER,
- q INTEGER,
- g INTEGER }
-
--- x400 address syntax starts here
--- OR Names
-
-CountryName ::= [APPLICATION 1] CHOICE {
- x121-dcc-code NumericString
- (SIZE (ub-country-name-numeric-length)),
- iso-3166-alpha2-code PrintableString
- (SIZE (ub-country-name-alpha-length)) }
-
-OrganizationName ::= PrintableString
- (SIZE (1..ub-organization-name-length))
--- see also teletex-organization-name
-
-NumericUserIdentifier ::= NumericString
- (SIZE (1..ub-numeric-user-id-length))
-
--- see also teletex-personal-name
-
-OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
- OF OrganizationalUnitName
--- see also teletex-organizational-unit-names
-
-OrganizationalUnitName ::= PrintableString (SIZE
- (1..ub-organizational-unit-name-length))
-
--- Extension types and attribute values
---
-
-CommonName ::= PrintableString
-
--- END of PKIX1Implicit88
-
-
--- BEGIN of RFC2630
-
--- Cryptographic Message Syntax
-
-pkcs-7-ContentInfo ::= SEQUENCE {
- contentType pkcs-7-ContentType,
- content [0] EXPLICIT ANY DEFINED BY contentType }
-
-pkcs-7-DigestInfo ::= SEQUENCE {
- digestAlgorithm pkcs-7-DigestAlgorithmIdentifier,
- digest pkcs-7-Digest
-}
-
-pkcs-7-Digest ::= OCTET STRING
-
-pkcs-7-ContentType ::= OBJECT IDENTIFIER
-
-pkcs-7-SignedData ::= SEQUENCE {
- version pkcs-7-CMSVersion,
- digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers,
- encapContentInfo pkcs-7-EncapsulatedContentInfo,
- certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL,
- crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL,
- signerInfos pkcs-7-SignerInfos
-}
-
-pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
-
-pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier
-
-pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-
-pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
- eContentType pkcs-7-ContentType,
- eContent [0] EXPLICIT OCTET STRING OPTIONAL }
-
--- We don't use CertificateList here since we only want
--- to read the raw data.
-pkcs-7-CertificateRevocationLists ::= SET OF ANY
-
-pkcs-7-CertificateChoices ::= CHOICE {
--- Although the paper uses Certificate type, we
--- don't use it since, we don't need to parse it.
--- We only need to read and store it.
- certificate ANY
-}
-
-pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
-
-pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it
- -- anyway
-
-
--- BEGIN of RFC2986
-
--- Certificate requests
-pkcs-10-CertificationRequestInfo ::= SEQUENCE {
- version INTEGER { v1(0) },
- subject Name,
- subjectPKInfo SubjectPublicKeyInfo,
- attributes [0] Attributes
-}
-
-Attributes ::= SET OF Attribute
-
-pkcs-10-CertificationRequest ::= SEQUENCE {
- certificationRequestInfo pkcs-10-CertificationRequestInfo,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING
-}
-
--- stuff from PKCS#9
-
-pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 7}
-
-pkcs-9-challengePassword ::= CHOICE {
- printableString PrintableString,
- utf8String UTF8String }
-
-pkcs-9-localKeyId ::= OCTET STRING
-
--- PKCS #8 stuff
-
--- Private-key information syntax
-
-pkcs-8-PrivateKeyInfo ::= SEQUENCE {
- version pkcs-8-Version,
- privateKeyAlgorithm AlgorithmIdentifier,
- privateKey pkcs-8-PrivateKey,
- attributes [0] Attributes OPTIONAL }
-
-pkcs-8-Version ::= INTEGER {v1(0)}
-
-pkcs-8-PrivateKey ::= OCTET STRING
-
-pkcs-8-Attributes ::= SET OF Attribute
-
--- Encrypted private-key information syntax
-
-pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE {
- encryptionAlgorithm AlgorithmIdentifier,
- encryptedData pkcs-8-EncryptedData
-}
-
-pkcs-8-EncryptedData ::= OCTET STRING
-
--- PKCS #5 stuff
-
-pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8))
-pkcs-5-aes128-CBC-params ::= OCTET STRING (SIZE(16))
-pkcs-5-aes192-CBC-params ::= OCTET STRING (SIZE(16))
-pkcs-5-aes256-CBC-params ::= OCTET STRING (SIZE(16))
-
-pkcs-5-PBES2-params ::= SEQUENCE {
- keyDerivationFunc AlgorithmIdentifier,
- encryptionScheme AlgorithmIdentifier }
-
--- PBKDF2
-
--- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::=
--- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL}
-
-pkcs-5-PBKDF2-params ::= SEQUENCE {
- salt CHOICE {
- specified OCTET STRING,
- otherSource AlgorithmIdentifier
- },
- iterationCount INTEGER (1..MAX),
- keyLength INTEGER (1..MAX) OPTIONAL,
- prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1
-}
-
--- PKCS #12 stuff
-
-pkcs-12-PFX ::= SEQUENCE {
- version INTEGER {v3(3)},
- authSafe pkcs-7-ContentInfo,
- macData pkcs-12-MacData OPTIONAL
-}
-
-pkcs-12-PbeParams ::= SEQUENCE {
- salt OCTET STRING,
- iterations INTEGER
-}
-
-pkcs-12-MacData ::= SEQUENCE {
- mac pkcs-7-DigestInfo,
- macSalt OCTET STRING,
- iterations INTEGER DEFAULT 1
--- Note: The default is for historical reasons and its use is
--- deprecated. A higher value, like 1024 is recommended.
-}
-
-pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo
- -- Data if unencrypted
- -- EncryptedData if password-encrypted
- -- EnvelopedData if public key-encrypted
-
-pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
-
-pkcs-12-SafeBag ::= SEQUENCE {
- bagId OBJECT IDENTIFIER,
- bagValue [0] EXPLICIT ANY DEFINED BY badId,
- bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL
-}
-
--- Bag types
-
-pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo
-
--- Shrouded KeyBag
-
-pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo
-
--- CertBag
-
-pkcs-12-CertBag ::= SEQUENCE {
- certId OBJECT IDENTIFIER,
- certValue [0] EXPLICIT ANY DEFINED BY certId
-}
-
--- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}}
--- DER-encoded X.509 certificate stored in OCTET STRING
-
-pkcs-12-CRLBag ::= SEQUENCE {
- crlId OBJECT IDENTIFIER,
- crlValue [0] EXPLICIT ANY DEFINED BY crlId
-}
-
-pkcs-12-SecretBag ::= SEQUENCE {
- secretTypeId OBJECT IDENTIFIER,
- secretValue [0] EXPLICIT ANY DEFINED BY secretTypeId
-}
-
--- x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}}
--- DER-encoded X.509 CRL stored in OCTET STRING
-
-pkcs-12-PKCS12Attribute ::= Attribute
-
--- PKCS #7 stuff (needed in PKCS 12)
-
-pkcs-7-Data ::= OCTET STRING
-
-pkcs-7-EncryptedData ::= SEQUENCE {
- version pkcs-7-CMSVersion,
- encryptedContentInfo pkcs-7-EncryptedContentInfo,
- unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
-
-pkcs-7-EncryptedContentInfo ::= SEQUENCE {
- contentType pkcs-7-ContentType,
- contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
- encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL }
-
-pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
-pkcs-7-EncryptedContent ::= OCTET STRING
-
-pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
-
--- rfc3820
-
-ProxyCertInfo ::= SEQUENCE {
- pCPathLenConstraint INTEGER (0..MAX) OPTIONAL,
- proxyPolicy ProxyPolicy }
-
-ProxyPolicy ::= SEQUENCE {
- policyLanguage OBJECT IDENTIFIER,
- policy OCTET STRING OPTIONAL }
-
-END
diff --git a/trust/pkix.asn.h b/trust/pkix.asn.h
deleted file mode 100644
index d5d5cc4..0000000
--- a/trust/pkix.asn.h
+++ /dev/null
@@ -1,408 +0,0 @@
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#include <libtasn1.h>
-
-const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
- { "PKIX1", 536875024, NULL },
- { NULL, 1073741836, NULL },
- { "id-pkix", 1879048204, NULL },
- { "iso", 1073741825, "1"},
- { "identified-organization", 1073741825, "3"},
- { "dod", 1073741825, "6"},
- { "internet", 1073741825, "1"},
- { "security", 1073741825, "5"},
- { "mechanisms", 1073741825, "5"},
- { "pkix", 1, "7"},
- { "AuthorityKeyIdentifier", 1610612741, NULL },
- { "keyIdentifier", 1610637314, "KeyIdentifier"},
- { NULL, 4104, "0"},
- { "authorityCertIssuer", 1610637314, "GeneralNames"},
- { NULL, 4104, "1"},
- { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"},
- { NULL, 4104, "2"},
- { "KeyIdentifier", 1073741831, NULL },
- { "SubjectKeyIdentifier", 1073741826, "KeyIdentifier"},
- { "KeyUsage", 1073741830, NULL },
- { "DirectoryString", 1610612754, NULL },
- { "teletexString", 1612709890, "TeletexString"},
- { "MAX", 524298, "1"},
- { "printableString", 1612709890, "PrintableString"},
- { "MAX", 524298, "1"},
- { "universalString", 1612709890, "UniversalString"},
- { "MAX", 524298, "1"},
- { "utf8String", 1612709890, "UTF8String"},
- { "MAX", 524298, "1"},
- { "bmpString", 1612709890, "BMPString"},
- { "MAX", 524298, "1"},
- { "ia5String", 538968066, "IA5String"},
- { "MAX", 524298, "1"},
- { "SubjectAltName", 1073741826, "GeneralNames"},
- { "GeneralNames", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "GeneralName"},
- { "GeneralName", 1610612754, NULL },
- { "otherName", 1610620930, "AnotherName"},
- { NULL, 4104, "0"},
- { "rfc822Name", 1610620930, "IA5String"},
- { NULL, 4104, "1"},
- { "dNSName", 1610620930, "IA5String"},
- { NULL, 4104, "2"},
- { "x400Address", 1610620941, NULL },
- { NULL, 4104, "3"},
- { "directoryName", 1610620930, "RDNSequence"},
- { NULL, 2056, "4"},
- { "ediPartyName", 1610620941, NULL },
- { NULL, 4104, "5"},
- { "uniformResourceIdentifier", 1610620930, "IA5String"},
- { NULL, 4104, "6"},
- { "iPAddress", 1610620935, NULL },
- { NULL, 4104, "7"},
- { "registeredID", 536879116, NULL },
- { NULL, 4104, "8"},
- { "AnotherName", 1610612741, NULL },
- { "type-id", 1073741836, NULL },
- { "value", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "type-id", 1, NULL },
- { "IssuerAltName", 1073741826, "GeneralNames"},
- { "BasicConstraints", 1610612741, NULL },
- { "cA", 1610645508, NULL },
- { NULL, 131081, NULL },
- { "pathLenConstraint", 537411587, NULL },
- { "0", 10, "MAX"},
- { "CRLDistributionPoints", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "DistributionPoint"},
- { "DistributionPoint", 1610612741, NULL },
- { "distributionPoint", 1610637314, "DistributionPointName"},
- { NULL, 2056, "0"},
- { "reasons", 1610637314, "ReasonFlags"},
- { NULL, 4104, "1"},
- { "cRLIssuer", 536895490, "GeneralNames"},
- { NULL, 4104, "2"},
- { "DistributionPointName", 1610612754, NULL },
- { "fullName", 1610620930, "GeneralNames"},
- { NULL, 4104, "0"},
- { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"},
- { NULL, 4104, "1"},
- { "ReasonFlags", 1073741830, NULL },
- { "ExtKeyUsageSyntax", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "KeyPurposeId"},
- { "KeyPurposeId", 1073741836, NULL },
- { "CRLNumber", 1611137027, NULL },
- { "0", 10, "MAX"},
- { "CertificateIssuer", 1073741826, "GeneralNames"},
- { "NumericString", 1610620935, NULL },
- { NULL, 4360, "18"},
- { "IA5String", 1610620935, NULL },
- { NULL, 4360, "22"},
- { "TeletexString", 1610620935, NULL },
- { NULL, 4360, "20"},
- { "PrintableString", 1610620935, NULL },
- { NULL, 4360, "19"},
- { "UniversalString", 1610620935, NULL },
- { NULL, 4360, "28"},
- { "BMPString", 1610620935, NULL },
- { NULL, 4360, "30"},
- { "UTF8String", 1610620935, NULL },
- { NULL, 4360, "12"},
- { "Attribute", 1610612741, NULL },
- { "type", 1073741826, "AttributeType"},
- { "values", 536870927, NULL },
- { NULL, 2, "AttributeValue"},
- { "AttributeType", 1073741836, NULL },
- { "AttributeValue", 1614807053, NULL },
- { "type", 1, NULL },
- { "AttributeTypeAndValue", 1610612741, NULL },
- { "type", 1073741826, "AttributeType"},
- { "value", 2, "AttributeValue"},
- { "id-at", 1879048204, NULL },
- { "joint-iso-ccitt", 1073741825, "2"},
- { "ds", 1073741825, "5"},
- { NULL, 1, "4"},
- { "PostalAddress", 1610612747, NULL },
- { NULL, 2, "DirectoryString"},
- { "emailAddress", 1880096780, "AttributeType"},
- { "iso", 1073741825, "1"},
- { "member-body", 1073741825, "2"},
- { "us", 1073741825, "840"},
- { "rsadsi", 1073741825, "113549"},
- { "pkcs", 1073741825, "1"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "1"},
- { "Pkcs9email", 1612709890, "IA5String"},
- { "ub-emailaddress-length", 524298, "1"},
- { "Name", 1610612754, NULL },
- { "rdnSequence", 2, "RDNSequence"},
- { "RDNSequence", 1610612747, NULL },
- { NULL, 2, "RelativeDistinguishedName"},
- { "DistinguishedName", 1073741826, "RDNSequence"},
- { "RelativeDistinguishedName", 1612709903, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "AttributeTypeAndValue"},
- { "Certificate", 1610612741, NULL },
- { "tbsCertificate", 1073741826, "TBSCertificate"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 6, NULL },
- { "TBSCertificate", 1610612741, NULL },
- { "version", 1610653698, "Version"},
- { NULL, 1073741833, "v1"},
- { NULL, 2056, "0"},
- { "serialNumber", 1073741826, "CertificateSerialNumber"},
- { "signature", 1073741826, "AlgorithmIdentifier"},
- { "issuer", 1073741826, "Name"},
- { "validity", 1073741826, "Validity"},
- { "subject", 1073741826, "Name"},
- { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"},
- { "issuerUniqueID", 1610637314, "UniqueIdentifier"},
- { NULL, 4104, "1"},
- { "subjectUniqueID", 1610637314, "UniqueIdentifier"},
- { NULL, 4104, "2"},
- { "extensions", 536895490, "Extensions"},
- { NULL, 2056, "3"},
- { "Version", 1610874883, NULL },
- { "v1", 1073741825, "0"},
- { "v2", 1073741825, "1"},
- { "v3", 1, "2"},
- { "CertificateSerialNumber", 1073741827, NULL },
- { "Validity", 1610612741, NULL },
- { "notBefore", 1073741826, "Time"},
- { "notAfter", 2, "Time"},
- { "Time", 1610612754, NULL },
- { "utcTime", 1090519057, NULL },
- { "generalTime", 8388625, NULL },
- { "UniqueIdentifier", 1073741830, NULL },
- { "SubjectPublicKeyInfo", 1610612741, NULL },
- { "algorithm", 1073741826, "AlgorithmIdentifier"},
- { "subjectPublicKey", 6, NULL },
- { "Extensions", 1612709899, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "Extension"},
- { "Extension", 1610612741, NULL },
- { "extnID", 1073741836, NULL },
- { "critical", 1610645508, NULL },
- { NULL, 131081, NULL },
- { "extnValue", 7, NULL },
- { "CertificateList", 1610612741, NULL },
- { "tbsCertList", 1073741826, "TBSCertList"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 6, NULL },
- { "TBSCertList", 1610612741, NULL },
- { "version", 1073758210, "Version"},
- { "signature", 1073741826, "AlgorithmIdentifier"},
- { "issuer", 1073741826, "Name"},
- { "thisUpdate", 1073741826, "Time"},
- { "nextUpdate", 1073758210, "Time"},
- { "revokedCertificates", 1610629131, NULL },
- { NULL, 536870917, NULL },
- { "userCertificate", 1073741826, "CertificateSerialNumber"},
- { "revocationDate", 1073741826, "Time"},
- { "crlEntryExtensions", 16386, "Extensions"},
- { "crlExtensions", 536895490, "Extensions"},
- { NULL, 2056, "0"},
- { "AlgorithmIdentifier", 1610612741, NULL },
- { "algorithm", 1073741836, NULL },
- { "parameters", 541081613, NULL },
- { "algorithm", 1, NULL },
- { "Dss-Sig-Value", 1610612741, NULL },
- { "r", 1073741827, NULL },
- { "s", 3, NULL },
- { "DomainParameters", 1610612741, NULL },
- { "p", 1073741827, NULL },
- { "g", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "j", 1073758211, NULL },
- { "validationParms", 16386, "ValidationParms"},
- { "ValidationParms", 1610612741, NULL },
- { "seed", 1073741830, NULL },
- { "pgenCounter", 3, NULL },
- { "Dss-Parms", 1610612741, NULL },
- { "p", 1073741827, NULL },
- { "q", 1073741827, NULL },
- { "g", 3, NULL },
- { "CountryName", 1610620946, NULL },
- { NULL, 1073746952, "1"},
- { "x121-dcc-code", 1612709890, "NumericString"},
- { NULL, 1048586, "ub-country-name-numeric-length"},
- { "iso-3166-alpha2-code", 538968066, "PrintableString"},
- { NULL, 1048586, "ub-country-name-alpha-length"},
- { "OrganizationName", 1612709890, "PrintableString"},
- { "ub-organization-name-length", 524298, "1"},
- { "NumericUserIdentifier", 1612709890, "NumericString"},
- { "ub-numeric-user-id-length", 524298, "1"},
- { "OrganizationalUnitNames", 1612709899, NULL },
- { "ub-organizational-units", 1074266122, "1"},
- { NULL, 2, "OrganizationalUnitName"},
- { "OrganizationalUnitName", 1612709890, "PrintableString"},
- { "ub-organizational-unit-name-length", 524298, "1"},
- { "CommonName", 1073741826, "PrintableString"},
- { "pkcs-7-ContentInfo", 1610612741, NULL },
- { "contentType", 1073741826, "pkcs-7-ContentType"},
- { "content", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "contentType", 1, NULL },
- { "pkcs-7-DigestInfo", 1610612741, NULL },
- { "digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"},
- { "digest", 2, "pkcs-7-Digest"},
- { "pkcs-7-Digest", 1073741831, NULL },
- { "pkcs-7-ContentType", 1073741836, NULL },
- { "pkcs-7-SignedData", 1610612741, NULL },
- { "version", 1073741826, "pkcs-7-CMSVersion"},
- { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"},
- { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"},
- { "certificates", 1610637314, "pkcs-7-CertificateSet"},
- { NULL, 4104, "0"},
- { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"},
- { NULL, 4104, "1"},
- { "signerInfos", 2, "pkcs-7-SignerInfos"},
- { "pkcs-7-CMSVersion", 1610874883, NULL },
- { "v0", 1073741825, "0"},
- { "v1", 1073741825, "1"},
- { "v2", 1073741825, "2"},
- { "v3", 1073741825, "3"},
- { "v4", 1, "4"},
- { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL },
- { NULL, 2, "pkcs-7-DigestAlgorithmIdentifier"},
- { "pkcs-7-DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
- { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL },
- { "eContentType", 1073741826, "pkcs-7-ContentType"},
- { "eContent", 536895495, NULL },
- { NULL, 2056, "0"},
- { "pkcs-7-CertificateRevocationLists", 1610612751, NULL },
- { NULL, 13, NULL },
- { "pkcs-7-CertificateChoices", 1610612754, NULL },
- { "certificate", 13, NULL },
- { "pkcs-7-CertificateSet", 1610612751, NULL },
- { NULL, 2, "pkcs-7-CertificateChoices"},
- { "pkcs-7-SignerInfos", 1610612751, NULL },
- { NULL, 13, NULL },
- { "pkcs-10-CertificationRequestInfo", 1610612741, NULL },
- { "version", 1610874883, NULL },
- { "v1", 1, "0"},
- { "subject", 1073741826, "Name"},
- { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"},
- { "attributes", 536879106, "Attributes"},
- { NULL, 4104, "0"},
- { "Attributes", 1610612751, NULL },
- { NULL, 2, "Attribute"},
- { "pkcs-10-CertificationRequest", 1610612741, NULL },
- { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"},
- { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "signature", 6, NULL },
- { "pkcs-9-at-challengePassword", 1879048204, NULL },
- { "iso", 1073741825, "1"},
- { "member-body", 1073741825, "2"},
- { "us", 1073741825, "840"},
- { "rsadsi", 1073741825, "113549"},
- { "pkcs", 1073741825, "1"},
- { NULL, 1073741825, "9"},
- { NULL, 1, "7"},
- { "pkcs-9-challengePassword", 1610612754, NULL },
- { "printableString", 1073741826, "PrintableString"},
- { "utf8String", 2, "UTF8String"},
- { "pkcs-9-localKeyId", 1073741831, NULL },
- { "pkcs-8-PrivateKeyInfo", 1610612741, NULL },
- { "version", 1073741826, "pkcs-8-Version"},
- { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "privateKey", 1073741826, "pkcs-8-PrivateKey"},
- { "attributes", 536895490, "Attributes"},
- { NULL, 4104, "0"},
- { "pkcs-8-Version", 1610874883, NULL },
- { "v1", 1, "0"},
- { "pkcs-8-PrivateKey", 1073741831, NULL },
- { "pkcs-8-Attributes", 1610612751, NULL },
- { NULL, 2, "Attribute"},
- { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL },
- { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"},
- { "encryptedData", 2, "pkcs-8-EncryptedData"},
- { "pkcs-8-EncryptedData", 1073741831, NULL },
- { "pkcs-5-des-EDE3-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "8"},
- { "pkcs-5-aes128-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "16"},
- { "pkcs-5-aes192-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "16"},
- { "pkcs-5-aes256-CBC-params", 1612709895, NULL },
- { NULL, 1048586, "16"},
- { "pkcs-5-PBES2-params", 1610612741, NULL },
- { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"},
- { "encryptionScheme", 2, "AlgorithmIdentifier"},
- { "pkcs-5-PBKDF2-params", 1610612741, NULL },
- { "salt", 1610612754, NULL },
- { "specified", 1073741831, NULL },
- { "otherSource", 2, "AlgorithmIdentifier"},
- { "iterationCount", 1611137027, NULL },
- { "1", 10, "MAX"},
- { "keyLength", 1611153411, NULL },
- { "1", 10, "MAX"},
- { "prf", 16386, "AlgorithmIdentifier"},
- { "pkcs-12-PFX", 1610612741, NULL },
- { "version", 1610874883, NULL },
- { "v3", 1, "3"},
- { "authSafe", 1073741826, "pkcs-7-ContentInfo"},
- { "macData", 16386, "pkcs-12-MacData"},
- { "pkcs-12-PbeParams", 1610612741, NULL },
- { "salt", 1073741831, NULL },
- { "iterations", 3, NULL },
- { "pkcs-12-MacData", 1610612741, NULL },
- { "mac", 1073741826, "pkcs-7-DigestInfo"},
- { "macSalt", 1073741831, NULL },
- { "iterations", 536903683, NULL },
- { NULL, 9, "1"},
- { "pkcs-12-AuthenticatedSafe", 1610612747, NULL },
- { NULL, 2, "pkcs-7-ContentInfo"},
- { "pkcs-12-SafeContents", 1610612747, NULL },
- { NULL, 2, "pkcs-12-SafeBag"},
- { "pkcs-12-SafeBag", 1610612741, NULL },
- { "bagId", 1073741836, NULL },
- { "bagValue", 1614815245, NULL },
- { NULL, 1073743880, "0"},
- { "badId", 1, NULL },
- { "bagAttributes", 536887311, NULL },
- { NULL, 2, "pkcs-12-PKCS12Attribute"},
- { "pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"},
- { "pkcs-12-PKCS8ShroudedKeyBag", 1073741826, "pkcs-8-EncryptedPrivateKeyInfo"},
- { "pkcs-12-CertBag", 1610612741, NULL },
- { "certId", 1073741836, NULL },
- { "certValue", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "certId", 1, NULL },
- { "pkcs-12-CRLBag", 1610612741, NULL },
- { "crlId", 1073741836, NULL },
- { "crlValue", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "crlId", 1, NULL },
- { "pkcs-12-SecretBag", 1610612741, NULL },
- { "secretTypeId", 1073741836, NULL },
- { "secretValue", 541073421, NULL },
- { NULL, 1073743880, "0"},
- { "secretTypeId", 1, NULL },
- { "pkcs-12-PKCS12Attribute", 1073741826, "Attribute"},
- { "pkcs-7-Data", 1073741831, NULL },
- { "pkcs-7-EncryptedData", 1610612741, NULL },
- { "version", 1073741826, "pkcs-7-CMSVersion"},
- { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"},
- { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"},
- { NULL, 4104, "1"},
- { "pkcs-7-EncryptedContentInfo", 1610612741, NULL },
- { "contentType", 1073741826, "pkcs-7-ContentType"},
- { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"},
- { "encryptedContent", 536895490, "pkcs-7-EncryptedContent"},
- { NULL, 4104, "0"},
- { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
- { "pkcs-7-EncryptedContent", 1073741831, NULL },
- { "pkcs-7-UnprotectedAttributes", 1612709903, NULL },
- { "MAX", 1074266122, "1"},
- { NULL, 2, "Attribute"},
- { "ProxyCertInfo", 1610612741, NULL },
- { "pCPathLenConstraint", 1611153411, NULL },
- { "0", 10, "MAX"},
- { "proxyPolicy", 2, "ProxyPolicy"},
- { "ProxyPolicy", 536870917, NULL },
- { "policyLanguage", 1073741836, NULL },
- { "policy", 16391, NULL },
- { NULL, 0, NULL }
-};
diff --git a/trust/save.c b/trust/save.c
deleted file mode 100644
index 66c9050..0000000
--- a/trust/save.c
+++ /dev/null
@@ -1,593 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "buffer.h"
-#include "debug.h"
-#include "dict.h"
-#include "message.h"
-#include "save.h"
-
-#include <sys/stat.h>
-
-#include <assert.h>
-#include <dirent.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-struct _p11_save_file {
- char *bare;
- char *extension;
- char *temp;
- int fd;
- int flags;
-};
-
-struct _p11_save_dir {
- p11_dict *cache;
- char *path;
- int flags;
-};
-
-static char * make_unique_name (const char *bare,
- const char *extension,
- int (*check) (void *, char *),
- void *data);
-
-bool
-p11_save_write_and_finish (p11_save_file *file,
- const void *data,
- ssize_t length)
-{
- bool ret;
-
- if (!file)
- return false;
-
- ret = p11_save_write (file, data, length);
- if (!p11_save_finish_file (file, NULL, ret))
- ret = false;
-
- return ret;
-}
-
-p11_save_file *
-p11_save_open_file (const char *path,
- const char *extension,
- int flags)
-{
- p11_save_file *file;
- char *temp;
- int fd;
-
- return_val_if_fail (path != NULL, NULL);
-
- if (extension == NULL)
- extension = "";
-
- if (asprintf (&temp, "%s%s.XXXXXX", path, extension) < 0)
- return_val_if_reached (NULL);
-
- fd = mkstemp (temp);
- if (fd < 0) {
- p11_message_err (errno, "couldn't create file: %s%s", path, extension);
- free (temp);
- return NULL;
- }
-
- file = calloc (1, sizeof (p11_save_file));
- return_val_if_fail (file != NULL, NULL);
- file->temp = temp;
- file->bare = strdup (path);
- return_val_if_fail (file->bare != NULL, NULL);
- file->extension = strdup (extension);
- return_val_if_fail (file->extension != NULL, NULL);
- file->flags = flags;
- file->fd = fd;
-
- return file;
-}
-
-bool
-p11_save_write (p11_save_file *file,
- const void *data,
- ssize_t length)
-{
- const unsigned char *buf = data;
- ssize_t written = 0;
- ssize_t res;
-
- if (!file)
- return false;
-
- /* Automatically calculate length */
- if (length < 0) {
- if (!data)
- return true;
- length = strlen (data);
- }
-
- while (written < length) {
- res = write (file->fd, buf + written, length - written);
- if (res <= 0) {
- if (errno == EAGAIN || errno == EINTR)
- continue;
- p11_message_err (errno, "couldn't write to file: %s", file->temp);
- return false;
- } else {
- written += res;
- }
- }
-
- return true;
-}
-
-static void
-filo_free (p11_save_file *file)
-{
- free (file->temp);
- free (file->bare);
- free (file->extension);
- free (file);
-}
-
-#ifdef OS_UNIX
-
-static int
-on_unique_try_link (void *data,
- char *path)
-{
- p11_save_file *file = data;
-
- if (link (file->temp, path) < 0) {
- if (errno == EEXIST)
- return 0; /* Continue trying other names */
- p11_message_err (errno, "couldn't complete writing of file: %s", path);
- return -1;
- }
-
- return 1; /* All done */
-}
-
-#else /* OS_WIN32 */
-
-static int
-on_unique_try_rename (void *data,
- char *path)
-{
- p11_save_file *file = data;
-
- if (rename (file->temp, path) < 0) {
- if (errno == EEXIST)
- return 0; /* Continue trying other names */
- p11_message ("couldn't complete writing of file: %s", path);
- return -1;
- }
-
- return 1; /* All done */
-}
-
-#endif /* OS_WIN32 */
-
-bool
-p11_save_finish_file (p11_save_file *file,
- char **path_out,
- bool commit)
-{
- bool ret = true;
- char *path;
-
- if (!file)
- return false;
-
- if (!commit) {
- close (file->fd);
- unlink (file->temp);
- filo_free (file);
- return true;
- }
-
- if (asprintf (&path, "%s%s", file->bare, file->extension) < 0)
- return_val_if_reached (false);
-
- if (close (file->fd) < 0) {
- p11_message_err (errno, "couldn't write file: %s", file->temp);
- ret = false;
-
-#ifdef OS_UNIX
- /* Set the mode of the file, readable by everyone, but not writable */
- } else if (chmod (file->temp, S_IRUSR | S_IRGRP | S_IROTH) < 0) {
- p11_message_err (errno, "couldn't set file permissions: %s", file->temp);
- ret = false;
-
- /* Atomically rename the tempfile over the filename */
- } else if (file->flags & P11_SAVE_OVERWRITE) {
- if (rename (file->temp, path) < 0) {
- p11_message_err (errno, "couldn't complete writing file: %s", path);
- ret = false;
- } else {
- unlink (file->temp);
- }
-
- /* Create a unique name if requested unique file name */
- } else if (file->flags & P11_SAVE_UNIQUE) {
- free (path);
- path = make_unique_name (file->bare, file->extension,
- on_unique_try_link, file);
- if (!path)
- ret = false;
- unlink (file->temp);
-
- /* When not overwriting, link will fail if filename exists. */
- } else {
- if (link (file->temp, path) < 0) {
- p11_message_err (errno, "couldn't complete writing of file: %s", path);
- ret = false;
- }
- unlink (file->temp);
-
-#else /* OS_WIN32 */
-
- /* Windows does not do atomic renames, so delete original file first */
- } else {
- /* Create a unique name if requested unique file name */
- if (file->flags & P11_SAVE_UNIQUE) {
- free (path);
- path = make_unique_name (file->bare, file->extension,
- on_unique_try_rename, file);
- if (!path)
- ret = false;
-
- } else if ((file->flags & P11_SAVE_OVERWRITE) &&
- unlink (path) < 0 && errno != ENOENT) {
- p11_message_err (errno, "couldn't remove original file: %s", path);
- ret = false;
- }
-
- if (ret == true &&
- rename (file->temp, path) < 0) {
- p11_message_err (errno, "couldn't complete writing file: %s", path);
- ret = false;
- }
-
- unlink (file->temp);
-
-#endif /* OS_WIN32 */
- }
-
- if (ret && path_out) {
- *path_out = path;
- path = NULL;
- }
-
- free (path);
- filo_free (file);
- return ret;
-}
-
-p11_save_dir *
-p11_save_open_directory (const char *path,
- int flags)
-{
-#ifdef OS_UNIX
- struct stat sb;
-#endif
- p11_save_dir *dir;
-
- return_val_if_fail (path != NULL, NULL);
-
-#ifdef OS_UNIX
- /* We update the permissions when we finish writing */
- if (mkdir (path, S_IRWXU) < 0) {
-#else /* OS_WIN32 */
- if (mkdir (path) < 0) {
-#endif
- /* Some random error, report it */
- if (errno != EEXIST) {
- p11_message_err (errno, "couldn't create directory: %s", path);
-
- /* The directory exists and we're not overwriting */
- } else if (!(flags & P11_SAVE_OVERWRITE)) {
- p11_message ("directory already exists: %s", path);
- return NULL;
- }
-#ifdef OS_UNIX
- /*
- * If the directory exists on unix, we may have restricted
- * the directory permissions to read-only. We have to change
- * them back to writable in order for things to work.
- */
- if (stat (path, &sb) >= 0) {
- if ((sb.st_mode & S_IRWXU) != S_IRWXU &&
- chmod (path, S_IRWXU | sb.st_mode) < 0) {
- p11_message_err (errno, "couldn't make directory writable: %s", path);
- return NULL;
- }
- }
-#endif /* OS_UNIX */
- }
-
- dir = calloc (1, sizeof (p11_save_dir));
- return_val_if_fail (dir != NULL, NULL);
-
- dir->path = strdup (path);
- return_val_if_fail (dir->path != NULL, NULL);
-
- dir->cache = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
- return_val_if_fail (dir->cache != NULL, NULL);
-
- dir->flags = flags;
- return dir;
-}
-
-static char *
-make_unique_name (const char *bare,
- const char *extension,
- int (*check) (void *, char *),
- void *data)
-{
- char unique[16];
- p11_buffer buf;
- int ret;
- int i;
-
- assert (bare != NULL);
- assert (check != NULL);
-
- p11_buffer_init_null (&buf, 0);
-
- for (i = 0; true; i++) {
-
- p11_buffer_reset (&buf, 64);
-
- switch (i) {
-
- /*
- * For the first iteration, just build the filename as
- * provided by the caller.
- */
- case 0:
- p11_buffer_add (&buf, bare, -1);
- break;
-
- /*
- * On later iterations we try to add a numeric .N suffix
- * before the extension, so the resulting file might look
- * like filename.1.ext.
- *
- * As a special case if the extension is already '.0' then
- * just just keep incerementing that.
- */
- case 1:
- if (extension && strcmp (extension, ".0") == 0)
- extension = NULL;
- /* fall through */
-
- default:
- p11_buffer_add (&buf, bare, -1);
- snprintf (unique, sizeof (unique), ".%d", i);
- p11_buffer_add (&buf, unique, -1);
- break;
- }
-
- if (extension)
- p11_buffer_add (&buf, extension, -1);
-
- return_val_if_fail (p11_buffer_ok (&buf), NULL);
-
- ret = check (data, buf.data);
- if (ret < 0)
- return NULL;
- else if (ret > 0)
- return p11_buffer_steal (&buf, NULL);
- }
-
- assert_not_reached ();
-}
-
-static int
-on_unique_check_dir (void *data,
- char *name)
-{
- p11_save_dir *dir = data;
-
- if (!p11_dict_get (dir->cache, name))
- return 1;
-
- return 0; /* Keep looking */
-}
-
-p11_save_file *
-p11_save_open_file_in (p11_save_dir *dir,
- const char *basename,
- const char *extension)
-{
- p11_save_file *file = NULL;
- char *name;
- char *path;
-
- return_val_if_fail (dir != NULL, NULL);
- return_val_if_fail (basename != NULL, NULL);
-
- name = make_unique_name (basename, extension, on_unique_check_dir, dir);
- return_val_if_fail (name != NULL, NULL);
-
- if (asprintf (&path, "%s/%s", dir->path, name) < 0)
- return_val_if_reached (NULL);
-
- file = p11_save_open_file (path, NULL, dir->flags);
-
- if (file) {
- if (!p11_dict_set (dir->cache, name, name))
- return_val_if_reached (NULL);
- name = NULL;
- }
-
- free (name);
- free (path);
-
- return file;
-}
-
-#ifdef OS_UNIX
-
-bool
-p11_save_symlink_in (p11_save_dir *dir,
- const char *linkname,
- const char *extension,
- const char *destination)
-{
- char *name;
- char *path;
- bool ret;
-
- return_val_if_fail (dir != NULL, false);
- return_val_if_fail (linkname != NULL, false);
- return_val_if_fail (destination != NULL, false);
-
- name = make_unique_name (linkname, extension, on_unique_check_dir, dir);
- return_val_if_fail (name != NULL, false);
-
- if (asprintf (&path, "%s/%s", dir->path, name) < 0)
- return_val_if_reached (false);
-
- unlink (path);
-
- if (symlink (destination, path) < 0) {
- p11_message_err (errno, "couldn't create symlink: %s", path);
- ret = false;
- } else {
- if (!p11_dict_set (dir->cache, name, name))
- return_val_if_reached (false);
- name = NULL;
- ret = true;
- }
-
- free (path);
- free (name);
-
- return ret;
-}
-
-#endif /* OS_UNIX */
-
-static bool
-cleanup_directory (const char *directory,
- p11_dict *cache)
-{
- struct dirent *dp;
- struct stat st;
- p11_dict *remove;
- p11_dictiter iter;
- char *path;
- DIR *dir;
- bool ret;
-
- /* First we load all the modules */
- dir = opendir (directory);
- if (!dir) {
- p11_message_err (errno, "couldn't list directory: %s", directory);
- return false;
- }
-
- remove = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, NULL);
-
- while ((dp = readdir (dir)) != NULL) {
- if (p11_dict_get (cache, dp->d_name))
- continue;
-
- if (asprintf (&path, "%s/%s", directory, dp->d_name) < 0)
- return_val_if_reached (false);
-
-
- if (stat (path, &st) >= 0 && !S_ISDIR (st.st_mode)) {
- if (!p11_dict_set (remove, path, path))
- return_val_if_reached (false);
- } else {
- free (path);
- }
- }
-
- closedir (dir);
-
- ret = true;
-
- /* Remove all the files still in the cache */
- p11_dict_iterate (remove, &iter);
- while (p11_dict_next (&iter, (void **)&path, NULL)) {
- if (unlink (path) < 0 && errno != ENOENT) {
- p11_message_err (errno, "couldn't remove file: %s", path);
- ret = false;
- break;
- }
- }
-
- p11_dict_free (remove);
-
- return ret;
-}
-
-bool
-p11_save_finish_directory (p11_save_dir *dir,
- bool commit)
-{
- bool ret = true;
-
- if (!dir)
- return false;
-
- if (commit) {
- if (dir->flags & P11_SAVE_OVERWRITE)
- ret = cleanup_directory (dir->path, dir->cache);
-
-#ifdef OS_UNIX
- /* Try to set the mode of the directory to readable */
- if (ret && chmod (dir->path, S_IRUSR | S_IXUSR | S_IRGRP |
- S_IXGRP | S_IROTH | S_IXOTH) < 0) {
- p11_message_err (errno, "couldn't set directory permissions: %s", dir->path);
- ret = false;
- }
-#endif /* OS_UNIX */
- }
-
- p11_dict_free (dir->cache);
- free (dir->path);
- free (dir);
-
- return ret;
-}
diff --git a/trust/save.h b/trust/save.h
deleted file mode 100644
index 81f1044..0000000
--- a/trust/save.h
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_SAVE_H_
-#define P11_SAVE_H_
-
-#include "compat.h"
-
-enum {
- P11_SAVE_OVERWRITE = 1 << 0,
- P11_SAVE_UNIQUE = 1 << 1,
-};
-
-typedef struct _p11_save_file p11_save_file;
-typedef struct _p11_save_dir p11_save_dir;
-
-p11_save_file * p11_save_open_file (const char *path,
- const char *extension,
- int flags);
-
-bool p11_save_write (p11_save_file *file,
- const void *data,
- ssize_t length);
-
-bool p11_save_write_and_finish (p11_save_file *file,
- const void *data,
- ssize_t length);
-
-bool p11_save_finish_file (p11_save_file *file,
- char **path,
- bool commit);
-
-const char * p11_save_file_name (p11_save_file *file);
-
-p11_save_dir * p11_save_open_directory (const char *path,
- int flags);
-
-p11_save_file * p11_save_open_file_in (p11_save_dir *directory,
- const char *basename,
- const char *extension);
-
-#ifdef OS_UNIX
-
-bool p11_save_symlink_in (p11_save_dir *dir,
- const char *linkname,
- const char *extension,
- const char *destination);
-
-#endif /* OS_UNIX */
-
-bool p11_save_finish_directory (p11_save_dir *dir,
- bool commit);
-
-#endif /* P11_SAVE_H_ */
diff --git a/trust/session.c b/trust/session.c
deleted file mode 100644
index b93a5c3..0000000
--- a/trust/session.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "attrs.h"
-#define P11_DEBUG_FLAG P11_DEBUG_TRUST
-#include "debug.h"
-#include "dict.h"
-#include "message.h"
-#include "pkcs11.h"
-#include "module.h"
-#include "session.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <stdlib.h>
-#include <string.h>
-
-p11_session *
-p11_session_new (p11_token *token)
-{
- p11_session *session;
-
- session = calloc (1, sizeof (p11_session));
- return_val_if_fail (session != NULL, NULL);
-
- session->handle = p11_module_next_id ();
-
- session->builder = p11_builder_new (P11_BUILDER_FLAG_NONE);
- return_val_if_fail (session->builder, NULL);
-
- session->index = p11_index_new (p11_builder_build, NULL, NULL,
- p11_builder_changed,
- session->builder);
- return_val_if_fail (session->index != NULL, NULL);
-
- session->token = token;
-
- return session;
-}
-
-void
-p11_session_free (void *data)
-{
- p11_session *session = data;
-
- p11_session_set_operation (session, NULL, NULL);
- p11_builder_free (session->builder);
- p11_index_free (session->index);
-
- free (session);
-}
-
-void
-p11_session_set_operation (p11_session *session,
- p11_session_cleanup cleanup,
- void *operation)
-{
- assert (session != NULL);
-
- if (session->cleanup)
- (session->cleanup) (session->operation);
- session->cleanup = cleanup;
- session->operation = operation;
-}
diff --git a/trust/session.h b/trust/session.h
deleted file mode 100644
index ec394b1..0000000
--- a/trust/session.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "builder.h"
-#include "index.h"
-#include "pkcs11.h"
-#include "token.h"
-
-#ifndef P11_SESSION_H_
-#define P11_SESSION_H_
-
-typedef void (* p11_session_cleanup) (void *data);
-
-typedef struct {
- CK_SESSION_HANDLE handle;
- p11_index *index;
- p11_builder *builder;
- p11_token *token;
- CK_BBOOL loaded;
- bool read_write;
-
- /* Used by various operations */
- p11_session_cleanup cleanup;
- void *operation;
-} p11_session;
-
-p11_session * p11_session_new (p11_token *token);
-
-void p11_session_free (void *data);
-
-void p11_session_set_operation (p11_session *session,
- p11_session_cleanup cleanup,
- void *operation);
-
-#endif /* P11_SESSION_H_ */
diff --git a/trust/test-asn1.c b/trust/test-asn1.c
deleted file mode 100644
index df75dfd..0000000
--- a/trust/test-asn1.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "asn1.h"
-#include "debug.h"
-#include "oid.h"
-#include "x509.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-struct {
- p11_dict *asn1_defs;
-} test;
-
-static void
-setup (void *unused)
-{
- test.asn1_defs = p11_asn1_defs_load ();
- assert_ptr_not_null (test.asn1_defs);
-}
-
-static void
-teardown (void *unused)
-{
- p11_dict_free (test.asn1_defs);
- memset (&test, 0, sizeof (test));
-}
-
-static void
-test_tlv_length (void)
-{
- struct {
- const char *der;
- size_t der_len;
- int expected;
- } tlv_lengths[] = {
- { "\x01\x01\x00", 3, 3 },
- { "\x01\x01\x00\x01\x02", 5, 3 },
- { "\x01\x05\x00", 3, -1 },
- { NULL }
- };
-
- int length;
- int i;
-
- for (i = 0; tlv_lengths[i].der != NULL; i++) {
- length = p11_asn1_tlv_length ((const unsigned char *)tlv_lengths[i].der, tlv_lengths[i].der_len);
- assert_num_eq (tlv_lengths[i].expected, length);
- }
-}
-
-static const unsigned char test_eku_server_and_client[] = {
- 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
- 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
-};
-
-static void
-test_asn1_cache (void)
-{
- p11_asn1_cache *cache;
- p11_dict *defs;
- node_asn *asn;
- node_asn *check;
-
- cache = p11_asn1_cache_new ();
- assert_ptr_not_null (cache);
-
- defs = p11_asn1_cache_defs (cache);
- assert_ptr_not_null (defs);
-
- asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax",
- test_eku_server_and_client,
- sizeof (test_eku_server_and_client), NULL);
- assert_ptr_not_null (defs);
-
- /* Place the parsed data in the cache */
- p11_asn1_cache_take (cache, asn, "PKIX1.ExtKeyUsageSyntax",
- test_eku_server_and_client,
- sizeof (test_eku_server_and_client));
-
- /* Get it back out */
- check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax",
- test_eku_server_and_client,
- sizeof (test_eku_server_and_client));
- assert_ptr_eq (asn, check);
-
- /* Flush should remove it */
- p11_asn1_cache_flush (cache);
- check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax",
- test_eku_server_and_client,
- sizeof (test_eku_server_and_client));
- assert_ptr_eq (NULL, check);
-
- p11_asn1_cache_free (cache);
-}
-
-static void
-test_asn1_free (void)
-{
- p11_dict *defs;
- node_asn *asn;
-
- defs = p11_asn1_defs_load ();
- assert_ptr_not_null (defs);
-
- asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax",
- test_eku_server_and_client,
- sizeof (test_eku_server_and_client), NULL);
- assert_ptr_not_null (asn);
-
- p11_asn1_free (asn);
- p11_asn1_free (NULL);
- p11_dict_free (defs);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_fixture (setup, teardown);
- p11_test (test_tlv_length, "/asn1/tlv_length");
-
- p11_fixture (NULL, NULL);
- p11_test (test_asn1_cache, "/asn1/asn1_cache");
- p11_test (test_asn1_free, "/asn1/free");
-
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-base64.c b/trust/test-base64.c
deleted file mode 100644
index ce303e8..0000000
--- a/trust/test-base64.c
+++ /dev/null
@@ -1,204 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "base64.h"
-#include "debug.h"
-#include "message.h"
-
-#include <assert.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static void
-check_decode_msg (const char *file,
- int line,
- const char *function,
- const char *input,
- ssize_t input_len,
- const unsigned char *expected,
- ssize_t expected_len)
-{
- unsigned char decoded[8192];
- int length;
-
- if (input_len < 0)
- input_len = strlen (input);
- if (expected_len < 0)
- expected_len = strlen ((char *)expected);
- length = p11_b64_pton (input, input_len, decoded, sizeof (decoded));
-
- if (expected == NULL) {
- if (length >= 0)
- p11_test_fail (file, line, function, "decoding should have failed");
-
- } else {
- if (length < 0)
- p11_test_fail (file, line, function, "decoding failed");
- if (expected_len != length)
- p11_test_fail (file, line, function, "wrong length: (%lu != %lu)",
- (unsigned long)expected_len, (unsigned long)length);
- if (memcmp (decoded, expected, length) != 0)
- p11_test_fail (file, line, function, "decoded wrong");
- }
-}
-
-#define check_decode_success(input, input_len, expected, expected_len) \
- check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len)
-
-#define check_decode_failure(input, input_len) \
- check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0)
-
-static void
-test_decode_simple (void)
-{
- check_decode_success ("", 0, (unsigned char *)"", 0);
- check_decode_success ("MQ==", 0, (unsigned char *)"1", 0);
- check_decode_success ("YmxhaAo=", -1, (unsigned char *)"blah\n", -1);
- check_decode_success ("bGVlbGEK", -1, (unsigned char *)"leela\n", -1);
- check_decode_success ("bGVlbG9vCg==", -1, (unsigned char *)"leeloo\n", -1);
-}
-
-static void
-test_decode_thawte (void)
-{
- const char *input =
- "MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB"
- "rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf"
- "Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw"
- "MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV"
- "BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa"
- "Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl"
- "LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u"
- "MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl"
- "ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm"
- "gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8"
- "YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf"
- "b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9"
- "9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S"
- "zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk"
- "OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV"
- "HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA"
- "2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW"
- "oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu"
- "t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c"
- "KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM"
- "m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu"
- "MdRAGmI0Nj81Aa6sY6A=";
-
- const unsigned char output[] = {
- 0x30, 0x82, 0x04, 0x2a, 0x30, 0x82, 0x03, 0x12, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x60,
- 0x01, 0x97, 0xb7, 0x46, 0xa7, 0xea, 0xb4, 0xb4, 0x9a, 0xd6, 0x4b, 0x2f, 0xf7, 0x90, 0xfb, 0x30,
- 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81,
- 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15,
- 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c,
- 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1f,
- 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53, 0x65,
- 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x31,
- 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32, 0x30,
- 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x20,
- 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64,
- 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55,
- 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61,
- 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33, 0x30,
- 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x34, 0x30, 0x32, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
- 0x17, 0x0d, 0x33, 0x37, 0x31, 0x32, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30,
- 0x81, 0xae, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
- 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65,
- 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x28, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13,
- 0x1f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x53,
- 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x44, 0x69, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e,
- 0x31, 0x38, 0x30, 0x36, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2f, 0x28, 0x63, 0x29, 0x20, 0x32,
- 0x30, 0x30, 0x38, 0x20, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
- 0x20, 0x2d, 0x20, 0x46, 0x6f, 0x72, 0x20, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65,
- 0x64, 0x20, 0x75, 0x73, 0x65, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x31, 0x24, 0x30, 0x22, 0x06, 0x03,
- 0x55, 0x04, 0x03, 0x13, 0x1b, 0x74, 0x68, 0x61, 0x77, 0x74, 0x65, 0x20, 0x50, 0x72, 0x69, 0x6d,
- 0x61, 0x72, 0x79, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x20, 0x2d, 0x20, 0x47, 0x33,
- 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
- 0x00, 0xb2, 0xbf, 0x27, 0x2c, 0xfb, 0xdb, 0xd8, 0x5b, 0xdd, 0x78, 0x7b, 0x1b, 0x9e, 0x77, 0x66,
- 0x81, 0xcb, 0x3e, 0xbc, 0x7c, 0xae, 0xf3, 0xa6, 0x27, 0x9a, 0x34, 0xa3, 0x68, 0x31, 0x71, 0x38,
- 0x33, 0x62, 0xe4, 0xf3, 0x71, 0x66, 0x79, 0xb1, 0xa9, 0x65, 0xa3, 0xa5, 0x8b, 0xd5, 0x8f, 0x60,
- 0x2d, 0x3f, 0x42, 0xcc, 0xaa, 0x6b, 0x32, 0xc0, 0x23, 0xcb, 0x2c, 0x41, 0xdd, 0xe4, 0xdf, 0xfc,
- 0x61, 0x9c, 0xe2, 0x73, 0xb2, 0x22, 0x95, 0x11, 0x43, 0x18, 0x5f, 0xc4, 0xb6, 0x1f, 0x57, 0x6c,
- 0x0a, 0x05, 0x58, 0x22, 0xc8, 0x36, 0x4c, 0x3a, 0x7c, 0xa5, 0xd1, 0xcf, 0x86, 0xaf, 0x88, 0xa7,
- 0x44, 0x02, 0x13, 0x74, 0x71, 0x73, 0x0a, 0x42, 0x59, 0x02, 0xf8, 0x1b, 0x14, 0x6b, 0x42, 0xdf,
- 0x6f, 0x5f, 0xba, 0x6b, 0x82, 0xa2, 0x9d, 0x5b, 0xe7, 0x4a, 0xbd, 0x1e, 0x01, 0x72, 0xdb, 0x4b,
- 0x74, 0xe8, 0x3b, 0x7f, 0x7f, 0x7d, 0x1f, 0x04, 0xb4, 0x26, 0x9b, 0xe0, 0xb4, 0x5a, 0xac, 0x47,
- 0x3d, 0x55, 0xb8, 0xd7, 0xb0, 0x26, 0x52, 0x28, 0x01, 0x31, 0x40, 0x66, 0xd8, 0xd9, 0x24, 0xbd,
- 0xf6, 0x2a, 0xd8, 0xec, 0x21, 0x49, 0x5c, 0x9b, 0xf6, 0x7a, 0xe9, 0x7f, 0x55, 0x35, 0x7e, 0x96,
- 0x6b, 0x8d, 0x93, 0x93, 0x27, 0xcb, 0x92, 0xbb, 0xea, 0xac, 0x40, 0xc0, 0x9f, 0xc2, 0xf8, 0x80,
- 0xcf, 0x5d, 0xf4, 0x5a, 0xdc, 0xce, 0x74, 0x86, 0xa6, 0x3e, 0x6c, 0x0b, 0x53, 0xca, 0xbd, 0x92,
- 0xce, 0x19, 0x06, 0x72, 0xe6, 0x0c, 0x5c, 0x38, 0x69, 0xc7, 0x04, 0xd6, 0xbc, 0x6c, 0xce, 0x5b,
- 0xf6, 0xf7, 0x68, 0x9c, 0xdc, 0x25, 0x15, 0x48, 0x88, 0xa1, 0xe9, 0xa9, 0xf8, 0x98, 0x9c, 0xe0,
- 0xf3, 0xd5, 0x31, 0x28, 0x61, 0x11, 0x6c, 0x67, 0x96, 0x8d, 0x39, 0x99, 0xcb, 0xc2, 0x45, 0x24,
- 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d,
- 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55,
- 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55,
- 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xad, 0x6c, 0xaa, 0x94, 0x60, 0x9c, 0xed, 0xe4, 0xff, 0xfa,
- 0x3e, 0x0a, 0x74, 0x2b, 0x63, 0x03, 0xf7, 0xb6, 0x59, 0xbf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
- 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x1a, 0x40,
- 0xd8, 0x95, 0x65, 0xac, 0x09, 0x92, 0x89, 0xc6, 0x39, 0xf4, 0x10, 0xe5, 0xa9, 0x0e, 0x66, 0x53,
- 0x5d, 0x78, 0xde, 0xfa, 0x24, 0x91, 0xbb, 0xe7, 0x44, 0x51, 0xdf, 0xc6, 0x16, 0x34, 0x0a, 0xef,
- 0x6a, 0x44, 0x51, 0xea, 0x2b, 0x07, 0x8a, 0x03, 0x7a, 0xc3, 0xeb, 0x3f, 0x0a, 0x2c, 0x52, 0x16,
- 0xa0, 0x2b, 0x43, 0xb9, 0x25, 0x90, 0x3f, 0x70, 0xa9, 0x33, 0x25, 0x6d, 0x45, 0x1a, 0x28, 0x3b,
- 0x27, 0xcf, 0xaa, 0xc3, 0x29, 0x42, 0x1b, 0xdf, 0x3b, 0x4c, 0xc0, 0x33, 0x34, 0x5b, 0x41, 0x88,
- 0xbf, 0x6b, 0x2b, 0x65, 0xaf, 0x28, 0xef, 0xb2, 0xf5, 0xc3, 0xaa, 0x66, 0xce, 0x7b, 0x56, 0xee,
- 0xb7, 0xc8, 0xcb, 0x67, 0xc1, 0xc9, 0x9c, 0x1a, 0x18, 0xb8, 0xc4, 0xc3, 0x49, 0x03, 0xf1, 0x60,
- 0x0e, 0x50, 0xcd, 0x46, 0xc5, 0xf3, 0x77, 0x79, 0xf7, 0xb6, 0x15, 0xe0, 0x38, 0xdb, 0xc7, 0x2f,
- 0x28, 0xa0, 0x0c, 0x3f, 0x77, 0x26, 0x74, 0xd9, 0x25, 0x12, 0xda, 0x31, 0xda, 0x1a, 0x1e, 0xdc,
- 0x29, 0x41, 0x91, 0x22, 0x3c, 0x69, 0xa7, 0xbb, 0x02, 0xf2, 0xb6, 0x5c, 0x27, 0x03, 0x89, 0xf4,
- 0x06, 0xea, 0x9b, 0xe4, 0x72, 0x82, 0xe3, 0xa1, 0x09, 0xc1, 0xe9, 0x00, 0x19, 0xd3, 0x3e, 0xd4,
- 0x70, 0x6b, 0xba, 0x71, 0xa6, 0xaa, 0x58, 0xae, 0xf4, 0xbb, 0xe9, 0x6c, 0xb6, 0xef, 0x87, 0xcc,
- 0x9b, 0xbb, 0xff, 0x39, 0xe6, 0x56, 0x61, 0xd3, 0x0a, 0xa7, 0xc4, 0x5c, 0x4c, 0x60, 0x7b, 0x05,
- 0x77, 0x26, 0x7a, 0xbf, 0xd8, 0x07, 0x52, 0x2c, 0x62, 0xf7, 0x70, 0x63, 0xd9, 0x39, 0xbc, 0x6f,
- 0x1c, 0xc2, 0x79, 0xdc, 0x76, 0x29, 0xaf, 0xce, 0xc5, 0x2c, 0x64, 0x04, 0x5e, 0x88, 0x36, 0x6e,
- 0x31, 0xd4, 0x40, 0x1a, 0x62, 0x34, 0x36, 0x3f, 0x35, 0x01, 0xae, 0xac, 0x63, 0xa0,
- };
-
- check_decode_success (input, -1, output, sizeof (output));
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_decode_simple, "/base64/decode-simple");
- p11_test (test_decode_thawte, "/base64/decode-thawte");
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-builder.c b/trust/test-builder.c
deleted file mode 100644
index 5f4b823..0000000
--- a/trust/test-builder.c
+++ /dev/null
@@ -1,2237 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "builder.h"
-#include "debug.h"
-#include "digest.h"
-#include "index.h"
-#include "message.h"
-#include "oid.h"
-#include "pkcs11i.h"
-#include "pkcs11x.h"
-
-struct {
- p11_builder *builder;
- p11_index *index;
-} test;
-
-static CK_TRUST trusted = CKT_NSS_TRUSTED;
-static CK_TRUST trusted_delegator = CKT_NSS_TRUSTED_DELEGATOR;
-static CK_TRUST not_trusted = CKT_NSS_NOT_TRUSTED;
-static CK_TRUST trust_unknown = CKT_NSS_TRUST_UNKNOWN;
-static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS data = CKO_DATA;
-static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION;
-static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-static CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION;
-static CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE;
-static CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE;
-static CK_CERTIFICATE_TYPE x509 = CKC_X_509;
-static CK_ULONG certificate_authority = 2;
-static CK_ULONG other_entity = 3;
-static CK_BBOOL truev = CK_TRUE;
-static CK_BBOOL falsev = CK_FALSE;
-
-static void
-setup (void *unused)
-{
- test.builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN);
- assert_ptr_not_null (test.builder);
-
- test.index = p11_index_new (p11_builder_build, NULL, NULL, p11_builder_changed, test.builder);
- assert_ptr_not_null (test.index);
-}
-
-static void
-teardown (void *unused)
-{
- p11_builder_free (test.builder);
- p11_index_free (test.index);
- memset (&test, 0, sizeof (test));
-}
-
-static void
-test_get_cache (void)
-{
- p11_asn1_cache *cache;
-
- cache = p11_builder_get_cache (test.builder);
- assert_ptr_eq (NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4));
-}
-
-static void
-test_build_data (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_VALUE, "the value", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE check[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_TOKEN, &truev, sizeof (truev) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_PRIVATE, &falsev, sizeof (falsev) },
- { CKA_LABEL, "", 0 },
- { CKA_VALUE, "the value", 9 },
- { CKA_APPLICATION, "", 0 },
- { CKA_OBJECT_ID, "", 0 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, merge, true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (check, attrs);
- p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_LABEL, "the label", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 },
- { CKA_START_DATE, "20110523", 8 },
- { CKA_END_DATE, "20210520", 8, },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_LABEL, "the label", 9 },
- { CKA_ID, "u\xa8q`L\x88\x13\xf0x\xd9\x89w\xb5m\xc5\x89\xdf\xbc\xb1z", 20},
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, merge, true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (expected, attrs);
- p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate_empty (void)
-{
- unsigned char checksum[P11_DIGEST_SHA1_LEN];
- CK_ULONG domain = 0;
- CK_ULONG category = 0;
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_URL, "http://blah", 11 },
- { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) },
- { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_LABEL, "the label", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
- { CKA_VALUE, "", 0 },
- { CKA_START_DATE, "", 0 },
- { CKA_END_DATE, "", 0, },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_ISSUER, "", 0 },
- { CKA_SERIAL_NUMBER, "", 0 },
- { CKA_HASH_OF_ISSUER_PUBLIC_KEY, checksum, sizeof (checksum) },
- { CKA_HASH_OF_SUBJECT_PUBLIC_KEY, checksum, sizeof (checksum) },
- { CKA_LABEL, "the label", 9 },
- { CKA_JAVA_MIDP_SECURITY_DOMAIN, &domain, sizeof (domain) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_digest_sha1 (checksum, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, merge, true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (expected, attrs);
- p11_attrs_free (attrs);
-}
-
-static const unsigned char entrust_pretend_ca[] = {
- 0x30, 0x82, 0x04, 0x5c, 0x30, 0x82, 0x03, 0x44, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x04, 0x38,
- 0x63, 0xb9, 0x66, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
- 0x05, 0x00, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b,
- 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06,
- 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73,
- 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69,
- 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79, 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28,
- 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69, 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30,
- 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28, 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39,
- 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d,
- 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45,
- 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
- 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
- 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x39, 0x31,
- 0x32, 0x32, 0x34, 0x31, 0x37, 0x35, 0x30, 0x35, 0x31, 0x5a, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x32,
- 0x32, 0x34, 0x31, 0x38, 0x32, 0x30, 0x35, 0x31, 0x5a, 0x30, 0x81, 0xb4, 0x31, 0x14, 0x30, 0x12,
- 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e,
- 0x65, 0x74, 0x31, 0x40, 0x30, 0x3e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x14, 0x37, 0x77, 0x77, 0x77,
- 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65, 0x74, 0x2f, 0x43, 0x50, 0x53,
- 0x5f, 0x32, 0x30, 0x34, 0x38, 0x20, 0x69, 0x6e, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x20, 0x62, 0x79,
- 0x20, 0x72, 0x65, 0x66, 0x2e, 0x20, 0x28, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x20, 0x6c, 0x69,
- 0x61, 0x62, 0x2e, 0x29, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1c, 0x28,
- 0x63, 0x29, 0x20, 0x31, 0x39, 0x39, 0x39, 0x20, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e,
- 0x6e, 0x65, 0x74, 0x20, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x65, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06,
- 0x03, 0x55, 0x04, 0x03, 0x13, 0x2a, 0x45, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x6e, 0x65,
- 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20,
- 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x20, 0x28, 0x32, 0x30, 0x34, 0x38, 0x29,
- 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
- 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a,
- 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40,
- 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93,
- 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e,
- 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5,
- 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77,
- 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97,
- 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89,
- 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60,
- 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53,
- 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce,
- 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf,
- 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f,
- 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90,
- 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e,
- 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07,
- 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x74, 0x30, 0x72, 0x30, 0x11, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x01, 0x04, 0x04, 0x03, 0x02, 0x00, 0x07, 0x30, 0x1f, 0x06,
- 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80,
- 0xbe, 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d,
- 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x55, 0xe4, 0x81, 0xd1, 0x11, 0x80, 0xbe,
- 0xd8, 0x89, 0xb9, 0x08, 0xa3, 0x31, 0xf9, 0xa1, 0x24, 0x09, 0x16, 0xb9, 0x70, 0x30, 0x1d, 0x06,
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf6, 0x7d, 0x07, 0x41, 0x00, 0x04, 0x10, 0x30, 0x0e, 0x1b, 0x08,
- 0x56, 0x35, 0x2e, 0x30, 0x3a, 0x34, 0x2e, 0x30, 0x03, 0x02, 0x04, 0x90, 0x30, 0x0d, 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00,
- 0x59, 0x47, 0xac, 0x21, 0x84, 0x8a, 0x17, 0xc9, 0x9c, 0x89, 0x53, 0x1e, 0xba, 0x80, 0x85, 0x1a,
- 0xc6, 0x3c, 0x4e, 0x3e, 0xb1, 0x9c, 0xb6, 0x7c, 0xc6, 0x92, 0x5d, 0x18, 0x64, 0x02, 0xe3, 0xd3,
- 0x06, 0x08, 0x11, 0x61, 0x7c, 0x63, 0xe3, 0x2b, 0x9d, 0x31, 0x03, 0x70, 0x76, 0xd2, 0xa3, 0x28,
- 0xa0, 0xf4, 0xbb, 0x9a, 0x63, 0x73, 0xed, 0x6d, 0xe5, 0x2a, 0xdb, 0xed, 0x14, 0xa9, 0x2b, 0xc6,
- 0x36, 0x11, 0xd0, 0x2b, 0xeb, 0x07, 0x8b, 0xa5, 0xda, 0x9e, 0x5c, 0x19, 0x9d, 0x56, 0x12, 0xf5,
- 0x54, 0x29, 0xc8, 0x05, 0xed, 0xb2, 0x12, 0x2a, 0x8d, 0xf4, 0x03, 0x1b, 0xff, 0xe7, 0x92, 0x10,
- 0x87, 0xb0, 0x3a, 0xb5, 0xc3, 0x9d, 0x05, 0x37, 0x12, 0xa3, 0xc7, 0xf4, 0x15, 0xb9, 0xd5, 0xa4,
- 0x39, 0x16, 0x9b, 0x53, 0x3a, 0x23, 0x91, 0xf1, 0xa8, 0x82, 0xa2, 0x6a, 0x88, 0x68, 0xc1, 0x79,
- 0x02, 0x22, 0xbc, 0xaa, 0xa6, 0xd6, 0xae, 0xdf, 0xb0, 0x14, 0x5f, 0xb8, 0x87, 0xd0, 0xdd, 0x7c,
- 0x7f, 0x7b, 0xff, 0xaf, 0x1c, 0xcf, 0xe6, 0xdb, 0x07, 0xad, 0x5e, 0xdb, 0x85, 0x9d, 0xd0, 0x2b,
- 0x0d, 0x33, 0xdb, 0x04, 0xd1, 0xe6, 0x49, 0x40, 0x13, 0x2b, 0x76, 0xfb, 0x3e, 0xe9, 0x9c, 0x89,
- 0x0f, 0x15, 0xce, 0x18, 0xb0, 0x85, 0x78, 0x21, 0x4f, 0x6b, 0x4f, 0x0e, 0xfa, 0x36, 0x67, 0xcd,
- 0x07, 0xf2, 0xff, 0x08, 0xd0, 0xe2, 0xde, 0xd9, 0xbf, 0x2a, 0xaf, 0xb8, 0x87, 0x86, 0x21, 0x3c,
- 0x04, 0xca, 0xb7, 0x94, 0x68, 0x7f, 0xcf, 0x3c, 0xe9, 0x98, 0xd7, 0x38, 0xff, 0xec, 0xc0, 0xd9,
- 0x50, 0xf0, 0x2e, 0x4b, 0x58, 0xae, 0x46, 0x6f, 0xd0, 0x2e, 0xc3, 0x60, 0xda, 0x72, 0x55, 0x72,
- 0xbd, 0x4c, 0x45, 0x9e, 0x61, 0xba, 0xbf, 0x84, 0x81, 0x92, 0x03, 0xd1, 0xd2, 0x69, 0x7c, 0xc5,
-};
-
-static const unsigned char entrust_public_key[] = {
- 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
- 0x00, 0xad, 0x4d, 0x4b, 0xa9, 0x12, 0x86, 0xb2, 0xea, 0xa3, 0x20, 0x07, 0x15, 0x16, 0x64, 0x2a,
- 0x2b, 0x4b, 0xd1, 0xbf, 0x0b, 0x4a, 0x4d, 0x8e, 0xed, 0x80, 0x76, 0xa5, 0x67, 0xb7, 0x78, 0x40,
- 0xc0, 0x73, 0x42, 0xc8, 0x68, 0xc0, 0xdb, 0x53, 0x2b, 0xdd, 0x5e, 0xb8, 0x76, 0x98, 0x35, 0x93,
- 0x8b, 0x1a, 0x9d, 0x7c, 0x13, 0x3a, 0x0e, 0x1f, 0x5b, 0xb7, 0x1e, 0xcf, 0xe5, 0x24, 0x14, 0x1e,
- 0xb1, 0x81, 0xa9, 0x8d, 0x7d, 0xb8, 0xcc, 0x6b, 0x4b, 0x03, 0xf1, 0x02, 0x0c, 0xdc, 0xab, 0xa5,
- 0x40, 0x24, 0x00, 0x7f, 0x74, 0x94, 0xa1, 0x9d, 0x08, 0x29, 0xb3, 0x88, 0x0b, 0xf5, 0x87, 0x77,
- 0x9d, 0x55, 0xcd, 0xe4, 0xc3, 0x7e, 0xd7, 0x6a, 0x64, 0xab, 0x85, 0x14, 0x86, 0x95, 0x5b, 0x97,
- 0x32, 0x50, 0x6f, 0x3d, 0xc8, 0xba, 0x66, 0x0c, 0xe3, 0xfc, 0xbd, 0xb8, 0x49, 0xc1, 0x76, 0x89,
- 0x49, 0x19, 0xfd, 0xc0, 0xa8, 0xbd, 0x89, 0xa3, 0x67, 0x2f, 0xc6, 0x9f, 0xbc, 0x71, 0x19, 0x60,
- 0xb8, 0x2d, 0xe9, 0x2c, 0xc9, 0x90, 0x76, 0x66, 0x7b, 0x94, 0xe2, 0xaf, 0x78, 0xd6, 0x65, 0x53,
- 0x5d, 0x3c, 0xd6, 0x9c, 0xb2, 0xcf, 0x29, 0x03, 0xf9, 0x2f, 0xa4, 0x50, 0xb2, 0xd4, 0x48, 0xce,
- 0x05, 0x32, 0x55, 0x8a, 0xfd, 0xb2, 0x64, 0x4c, 0x0e, 0xe4, 0x98, 0x07, 0x75, 0xdb, 0x7f, 0xdf,
- 0xb9, 0x08, 0x55, 0x60, 0x85, 0x30, 0x29, 0xf9, 0x7b, 0x48, 0xa4, 0x69, 0x86, 0xe3, 0x35, 0x3f,
- 0x1e, 0x86, 0x5d, 0x7a, 0x7a, 0x15, 0xbd, 0xef, 0x00, 0x8e, 0x15, 0x22, 0x54, 0x17, 0x00, 0x90,
- 0x26, 0x93, 0xbc, 0x0e, 0x49, 0x68, 0x91, 0xbf, 0xf8, 0x47, 0xd3, 0x9d, 0x95, 0x42, 0xc1, 0x0e,
- 0x4d, 0xdf, 0x6f, 0x26, 0xcf, 0xc3, 0x18, 0x21, 0x62, 0x66, 0x43, 0x70, 0xd6, 0xd5, 0xc0, 0x07,
- 0xe1, 0x02, 0x03, 0x01, 0x00, 0x01,
-};
-
-static void
-test_build_certificate_non_ca (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_CATEGORY, &other_entity, sizeof (other_entity) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- extra = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (expected, attrs);
- p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate_v1_ca (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- extra = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (expected, attrs);
- p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate_staple_ca (void)
-{
- CK_ULONG category = 2; /* CA */
-
- CK_ATTRIBUTE attached[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
- { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
- { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 },
- { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- /* Adding the attached extension *first*, and then the certificate */
-
- /* Add a attached certificate */
- rv = p11_index_add (test.index, attached, 4, NULL);
- assert_num_eq (CKR_OK, rv);
-
- attrs = NULL;
- extra = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- /*
- * Even though the certificate is not a valid CA, the presence of the
- * attached certificate extension transforms it into a CA.
- */
- test_check_attrs (expected, attrs);
- p11_attrs_free (attrs);
-}
-
-static void
-test_build_certificate_staple_ca_backwards (void)
-{
- CK_ULONG category = 2; /* CA */
-
- CK_ATTRIBUTE attached[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
- { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
- { CKA_VALUE, "\x30\x0f\x06\x03\x55\x1d\x13\x01\x01\xff\x04\x05\x30\x03\x01\x01\xff", 17 },
- { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
- { CKA_INVALID },
- };
-
- CK_RV rv;
- CK_ATTRIBUTE *attrs;
- CK_OBJECT_HANDLE handle;
-
- /* Adding the certificate *first*, and then the attached extension */
-
- rv = p11_index_add (test.index, input, 4, &handle);
- assert_num_eq (CKR_OK, rv);
-
- /* Add a attached certificate */
- rv = p11_index_add (test.index, attached, 4, NULL);
- assert_num_eq (CKR_OK, rv);
-
- /*
- * Even though the certificate is not a valid CA, the presence of the
- * attached certificate extension transforms it into a CA.
- */
- attrs = p11_index_lookup (test.index, handle);
- test_check_attrs (expected, attrs);
-}
-
-static void
-test_build_certificate_no_type (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_message_quiet ();
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-}
-
-static void
-test_build_certificate_bad_type (void)
-{
- CK_CERTIFICATE_TYPE type = CKC_WTLS;
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &type, sizeof (type) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_message_quiet ();
-
- attrs = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-}
-
-static void
-test_build_extension (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE check[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
- { CKA_TOKEN, &truev, sizeof (truev) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_PRIVATE, &falsev, sizeof (falsev) },
- { CKA_OBJECT_ID, "\x06\x03\x55\x1d\x50", 5 },
- { CKA_VALUE, "\x30\x11\x06\x03\x55\x1d\x50\x04\x0a\x74\x68\x65\x20\x76\x61\x6c\x75\x65\x0a", 19 },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_LABEL, "", 0 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- extra = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (check, attrs);
- p11_attrs_free (attrs);
-}
-
-/* This certificate has and end date in 2067 */
-static const unsigned char cert_distant_end_date[] = {
- 0x30, 0x82, 0x01, 0x6a, 0x30, 0x82, 0x01, 0x14, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x03,
- 0xe7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00,
- 0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72,
- 0x2d, 0x69, 0x6e, 0x2d, 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65,
- 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x20, 0x17, 0x0d, 0x31, 0x33,
- 0x30, 0x33, 0x32, 0x37, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x36,
- 0x37, 0x31, 0x32, 0x32, 0x39, 0x31, 0x36, 0x34, 0x39, 0x33, 0x33, 0x5a, 0x30, 0x28, 0x31, 0x26,
- 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1d, 0x66, 0x61, 0x72, 0x2d, 0x69, 0x6e, 0x2d,
- 0x74, 0x68, 0x65, 0x2d, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70,
- 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x5c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
- 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x4b, 0x00, 0x30, 0x48, 0x02, 0x41, 0x00, 0xe2,
- 0x2d, 0x35, 0x70, 0x75, 0xc0, 0x07, 0x56, 0x40, 0x7d, 0x63, 0xbc, 0xd2, 0x60, 0xb3, 0xcf, 0xb8,
- 0x3d, 0x27, 0x6e, 0x10, 0xcd, 0x42, 0x50, 0x51, 0x9d, 0x79, 0x30, 0x79, 0x5a, 0xe3, 0xc3, 0x51,
- 0x38, 0x85, 0x4c, 0xb4, 0x91, 0xd9, 0xe6, 0x8d, 0x69, 0x6a, 0xd4, 0x9c, 0x1c, 0x49, 0xc2, 0x25,
- 0x2a, 0xc9, 0x2b, 0xf2, 0xf4, 0x8e, 0x8a, 0x3f, 0x8b, 0x4c, 0x97, 0xc3, 0x16, 0x96, 0x99, 0x02,
- 0x03, 0x01, 0x00, 0x01, 0xa3, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04,
- 0x1b, 0x30, 0x19, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b,
- 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x03, 0x2a, 0x03, 0x04, 0x30, 0x0d, 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x41, 0x00, 0xc2, 0x83,
- 0x27, 0x32, 0x80, 0x74, 0x73, 0xe2, 0xa3, 0x92, 0xaa, 0x7c, 0xd8, 0x50, 0xf4, 0x61, 0x50, 0xb1,
- 0x63, 0x9e, 0x29, 0xef, 0x38, 0x1d, 0xc0, 0x55, 0x20, 0x0f, 0x7e, 0xe9, 0x1f, 0xa1, 0x54, 0x1a,
- 0x5f, 0x8c, 0x26, 0x1b, 0x66, 0x96, 0x0e, 0x64, 0x52, 0x1c, 0x00, 0x96, 0xfb, 0x81, 0x77, 0xa2,
- 0x3a, 0x1d, 0x49, 0x0c, 0x03, 0xd5, 0x19, 0xf2, 0x6a, 0x01, 0x29, 0x31, 0xfb, 0xf5,
-};
-
-static void
-test_build_distant_end_date (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)cert_distant_end_date, sizeof (cert_distant_end_date) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_END_DATE, "20671229", 8 },
- { CKA_START_DATE, "20130327", 8 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- extra = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (expected, attrs);
- p11_attrs_free (attrs);
-}
-
-static void
-test_valid_bool (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_BBOOL value = CK_TRUE;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_PRIVATE, &value, sizeof (value) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
-}
-
-static void
-test_invalid_bool (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_PRIVATE, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- p11_message_quiet ();
-
- input[0].pValue = "123";
- input[0].ulValueLen = 3;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-
- input[0].pValue = NULL;
- input[0].ulValueLen = sizeof (CK_BBOOL);
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_valid_ulong (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_ULONG value = 2;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_CERTIFICATE_CATEGORY, &value, sizeof (value) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
-}
-
-static void
-test_invalid_ulong (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_CERTIFICATE_CATEGORY, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- p11_message_quiet ();
-
- input[0].pValue = "123";
- input[0].ulValueLen = 3;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-
- input[0].pValue = NULL;
- input[0].ulValueLen = sizeof (CK_ULONG);
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_valid_utf8 (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_LABEL, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- input[0].pValue = NULL;
- input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
-}
-
-static void
-test_invalid_utf8 (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_LABEL, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- p11_message_quiet ();
-
- input[0].pValue = "\xfex23";
- input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
-
- input[0].pValue = NULL;
- input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_valid_dates (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_DATE date;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_START_DATE, &date, sizeof (CK_DATE) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- memcpy (date.year, "2000", sizeof (date.year));
- memcpy (date.month, "10", sizeof (date.month));
- memcpy (date.day, "10", sizeof (date.day));
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
- p11_attrs_free (attrs);
- attrs = NULL;
-
- input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
- p11_attrs_free (attrs);
-}
-
-static void
-test_invalid_dates (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_DATE date;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_START_DATE, &date, sizeof (CK_DATE) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- p11_message_quiet ();
-
- memcpy (date.year, "AAAA", sizeof (date.year));
- memcpy (date.month, "BB", sizeof (date.month));
- memcpy (date.day, "CC", sizeof (date.day));
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- memcpy (date.year, "2000", sizeof (date.year));
- memcpy (date.month, "15", sizeof (date.month));
- memcpy (date.day, "80", sizeof (date.day));
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- input[0].pValue = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_valid_name (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_SUBJECT, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- input[0].pValue = NULL;
- input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
- p11_attrs_free (attrs);
- attrs = NULL;
-
- input[0].pValue = (void *)test_cacert3_ca_issuer;
- input[0].ulValueLen = sizeof (test_cacert3_ca_issuer);
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
- p11_attrs_free (attrs);
-}
-
-static void
-test_invalid_name (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_SUBJECT, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- p11_message_quiet ();
-
- input[0].pValue = "blah";
- input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- input[0].pValue = NULL;
- input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_valid_serial (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_SERIAL_NUMBER, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- input[0].pValue = NULL;
- input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
- attrs = NULL;
-
- input[0].pValue = (void *)test_cacert3_ca_serial;
- input[0].ulValueLen = sizeof (test_cacert3_ca_serial);
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
-}
-
-static void
-test_invalid_serial (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_SERIAL_NUMBER, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- p11_message_quiet ();
-
- input[0].pValue = "blah";
- input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- input[0].pValue = (void *)test_cacert3_ca_subject;
- input[0].ulValueLen = sizeof (test_cacert3_ca_subject);
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- input[0].pValue = NULL;
- input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_valid_cert (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_VALUE, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- input[0].pValue = NULL;
- input[0].ulValueLen = 0;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
- attrs = NULL;
-
- input[0].pValue = (void *)test_cacert3_ca_der;
- input[0].ulValueLen = sizeof (test_cacert3_ca_der);
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_attrs_free (extra);
-}
-
-static void
-test_invalid_cert (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_VALUE, NULL, 0 },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_INVALID },
- };
-
- p11_message_quiet ();
-
- input[0].pValue = "blah";
- input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- input[0].pValue = (void *)test_cacert3_ca_subject;
- input[0].ulValueLen = sizeof (test_cacert3_ca_subject);
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- input[0].pValue = NULL;
- input[0].ulValueLen = 4;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_ATTRIBUTE_VALUE_INVALID, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_invalid_schema (void)
-{
- CK_ATTRIBUTE *attrs = NULL;
- CK_ATTRIBUTE *extra = NULL;
- CK_RV rv;
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_URL, "http://blah", 11 },
- { CKA_INVALID },
- };
-
- p11_message_quiet ();
-
- /* Missing CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY */
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_create_not_settable (void)
-{
- /*
- * CKA_PUBLIC_KEY_INFO cannot be created/modified
- */
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_message_quiet ();
-
- attrs = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_create_but_loadable (void)
-{
- /*
- * CKA_PUBLIC_KEY_INFO cannot be set on creation, but can be set if we're
- * loading from our store. This is signified by batching.
- */
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_index_load (test.index);
-
- attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- p11_index_finish (test.index);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (input, attrs);
- p11_attrs_free (attrs);
-}
-
-static void
-test_create_unsupported (void)
-{
- CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY;
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_message_quiet ();
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-}
-
-static void
-test_create_generated (void)
-{
- CK_OBJECT_CLASS klass = CKO_NSS_TRUST;
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_message_quiet ();
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-}
-
-static void
-test_create_bad_attribute (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_VALUE, "the value", 9 },
- { CKA_COLOR, "blue", 4 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_message_quiet ();
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-}
-
-static void
-test_create_missing_attribute (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_message_quiet ();
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-}
-
-static void
-test_create_no_class (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_VALUE, "the value", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_message_quiet ();
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-}
-
-static void
-test_create_token_mismatch (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_TOKEN, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- p11_message_quiet ();
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-}
-
-static void
-test_modify_success (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_MODIFIABLE, &truev, sizeof (truev) },
- { CKA_VALUE, "the value", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE modify[] = {
- { CKA_VALUE, "new value long", 14 },
- { CKA_LABEL, "new label", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_MODIFIABLE, &truev, sizeof (truev) },
- { CKA_VALUE, "new value long", 14 },
- { CKA_LABEL, "new label", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- extra = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- extra = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (expected, attrs);
- p11_attrs_free (attrs);
-}
-
-static void
-test_modify_read_only (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_MODIFIABLE, &truev, sizeof (truev) },
- { CKA_VALUE, "the value", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE modify[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- extra = NULL;
- merge = p11_attrs_dup (input);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, merge, true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- p11_message_quiet ();
-
- extra = NULL;
- merge = p11_attrs_dup (modify);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_modify_unchanged (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_MODIFIABLE, &truev, sizeof (truev) },
- { CKA_VALUE, "the value", 9 },
- { CKA_INVALID },
- };
-
- /*
- * Although CKA_CLASS is read-only, changing to same value
- * shouldn't fail
- */
-
- CK_ATTRIBUTE modify[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_VALUE, "the other", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_VALUE, "the other", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- extra = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, modify, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (modify), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- test_check_attrs (expected, attrs);
- p11_attrs_free (attrs);
-}
-
-static void
-test_modify_not_modifiable (void)
-{
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_VALUE, "the value", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE modify[] = {
- { CKA_VALUE, "the value", 9 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *merge;
- CK_ATTRIBUTE *extra;
- CK_RV rv;
-
- attrs = NULL;
- extra = NULL;
- rv = p11_builder_build (test.builder, test.index, attrs, input, &extra);
- assert_num_eq (CKR_OK, rv);
-
- attrs = p11_attrs_merge (attrs, p11_attrs_dup (input), true);
- attrs = p11_attrs_merge (attrs, extra, false);
-
- p11_message_quiet ();
-
- extra = NULL;
- merge = p11_attrs_dup (modify);
- rv = p11_builder_build (test.builder, test.index, attrs, merge, &extra);
- assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
- p11_attrs_free (merge);
-
- p11_message_loud ();
-
- p11_attrs_free (attrs);
-}
-
-static CK_ATTRIBUTE cacert3_assert_distrust_server[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_client[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1},
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_code[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_CODE_SIGNING_STR, sizeof (P11_OID_CODE_SIGNING_STR) - 1},
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_email[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_EMAIL_PROTECTION_STR, sizeof (P11_OID_EMAIL_PROTECTION_STR) - 1},
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_system[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_END_SYSTEM_STR, sizeof (P11_OID_IPSEC_END_SYSTEM_STR) - 1},
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_tunnel[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_TUNNEL_STR, sizeof (P11_OID_IPSEC_TUNNEL_STR) - 1},
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_user[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_IPSEC_USER_STR, sizeof (P11_OID_IPSEC_USER_STR) - 1},
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_assert_distrust_time[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_TIME_STAMPING_STR, sizeof (P11_OID_TIME_STAMPING_STR) - 1},
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
-};
-
-static void
-test_changed_trusted_certificate (void)
-{
- static CK_ATTRIBUTE cacert3_trusted_certificate[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 },
- { CKA_START_DATE, "20110523", 8 },
- { CKA_END_DATE, "20210520", 8, },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_ID, "cacert3", 7 },
- { CKA_LABEL, "Custom Label", 12 },
- { CKA_INVALID },
- };
-
- static unsigned char eku_server_and_client[] = {
- 0x30, 0x20, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x01, 0x01, 0xff, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08,
- 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
- 0x03, 0x02,
- };
-
- CK_ATTRIBUTE eku_extension_server_and_client[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
- { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_LABEL, "Custom Label", 12 },
- { CKA_VALUE, eku_server_and_client, sizeof (eku_server_and_client) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- static char eku_client_email[] = {
- 0x30, 0x1a, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x99, 0x77, 0x06, 0x0a, 0x01, 0x04, 0x0c,
- 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04,
- };
-
- static CK_ATTRIBUTE reject_extension_email[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
- { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_LABEL, "Custom Label", 12 },
- { CKA_VALUE, eku_client_email, sizeof (eku_client_email) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- static CK_ATTRIBUTE nss_trust_server_and_client_distrust_email[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust), },
- { CKA_ID, "cacert3", 7 },
- { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
- { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 },
- { CKA_LABEL, "Custom Label", 12 },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_TRUST_CLIENT_AUTH, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_TRUST_EMAIL_PROTECTION, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_CODE_SIGNING, &trust_unknown, sizeof (trust_unknown) },
- { CKA_TRUST_IPSEC_END_SYSTEM, &trust_unknown, sizeof (trust_unknown) },
- { CKA_TRUST_IPSEC_TUNNEL, &trust_unknown, sizeof (trust_unknown) },
- { CKA_TRUST_IPSEC_USER, &trust_unknown, sizeof (trust_unknown) },
- { CKA_TRUST_TIME_STAMPING, &trust_unknown, sizeof (trust_unknown) },
- { CKA_TRUST_DIGITAL_SIGNATURE, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_TRUST_NON_REPUDIATION, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_TRUST_KEY_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_TRUST_DATA_ENCIPHERMENT, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_TRUST_KEY_AGREEMENT, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_TRUST_KEY_CERT_SIGN, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_TRUST_CRL_SIGN, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_INVALID, }
- };
-
- static CK_ATTRIBUTE server_anchor_assertion[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
- { CKA_LABEL, "Custom Label", 12 },
- { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- static CK_ATTRIBUTE client_anchor_assertion[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_CLIENT_AUTH_STR, sizeof (P11_OID_CLIENT_AUTH_STR) - 1 },
- { CKA_LABEL, "Custom Label", 12 },
- { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- /*
- * We should get an NSS trust object and various assertions here.
- * The first two attributes of each object are enough to look it up,
- * and then we check the rest of the attributes match.
- */
-
- CK_ATTRIBUTE *expected[] = {
- nss_trust_server_and_client_distrust_email,
- cacert3_assert_distrust_email,
- server_anchor_assertion,
- client_anchor_assertion,
- NULL,
- };
-
- CK_OBJECT_HANDLE handle;
- CK_ATTRIBUTE *attrs;
- CK_RV rv;
- int i;
-
- /*
- * A trusted cetrificate, trusted for server and client purposes,
- * and explicitly rejects the email and timestamping purposes.
- */
- p11_index_load (test.index);
- rv = p11_index_take (test.index, p11_attrs_dup (cacert3_trusted_certificate), NULL);
- assert_num_eq (CKR_OK, rv);
- rv = p11_index_take (test.index, p11_attrs_dup (eku_extension_server_and_client), NULL);
- assert_num_eq (CKR_OK, rv);
- rv = p11_index_take (test.index, p11_attrs_dup (reject_extension_email), NULL);
- assert_num_eq (CKR_OK, rv);
- p11_index_finish (test.index);
-
-
- /* The other objects */
- for (i = 0; expected[i]; i++) {
- handle = p11_index_find (test.index, expected[i], 2);
- assert (handle != 0);
-
- attrs = p11_index_lookup (test.index, handle);
- assert_ptr_not_null (attrs);
-
- test_check_attrs (expected[i], attrs);
- }
-}
-
-static void
-test_changed_distrust_value (void)
-{
- CK_ATTRIBUTE distrust_cert[] = {
- { CKA_CLASS, &certificate, sizeof (certificate), },
- { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
- { CKA_PRIVATE, &falsev, sizeof (falsev) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE eku_extension[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
- { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
- { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE reject_extension[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
- { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
- { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE nss_trust_nothing[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust), },
- { CKA_ID, "cacert3", 7 },
- { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
- { CKA_CERT_MD5_HASH, "\xf7\x25\x12\x82\x4e\x67\xb5\xd0\x8d\x92\xb7\x7c\x0b\x86\x7a\x42", 16 },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_TRUST_SERVER_AUTH, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_CLIENT_AUTH, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_EMAIL_PROTECTION, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_CODE_SIGNING, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_IPSEC_END_SYSTEM, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_IPSEC_TUNNEL, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_IPSEC_USER, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_TIME_STAMPING, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_DIGITAL_SIGNATURE, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_NON_REPUDIATION, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_KEY_ENCIPHERMENT, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_DATA_ENCIPHERMENT, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_KEY_AGREEMENT, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_KEY_CERT_SIGN, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_CRL_SIGN, &not_trusted, sizeof (not_trusted) },
- { CKA_INVALID, }
- };
-
- /*
- * We should get an NSS trust object and various assertions here.
- * The first two attributes of each object are enough to look it up,
- * and then we check the rest of the attributes match.
- */
-
- CK_ATTRIBUTE *expected[] = {
- nss_trust_nothing,
- cacert3_assert_distrust_server,
- cacert3_assert_distrust_client,
- cacert3_assert_distrust_code,
- cacert3_assert_distrust_email,
- cacert3_assert_distrust_system,
- cacert3_assert_distrust_tunnel,
- cacert3_assert_distrust_user,
- cacert3_assert_distrust_time,
- NULL
- };
-
- CK_OBJECT_HANDLE handle;
- CK_ATTRIBUTE *attrs;
- CK_RV rv;
- int i;
-
- /*
- * A distrusted certificate with a value, plus some extra
- * extensions (which should be ignored).
- */
- p11_index_load (test.index);
- rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL);
- assert_num_eq (CKR_OK, rv);
- rv = p11_index_take (test.index, p11_attrs_dup (eku_extension), NULL);
- assert_num_eq (CKR_OK, rv);
- rv = p11_index_take (test.index, p11_attrs_dup (reject_extension), NULL);
- assert_num_eq (CKR_OK, rv);
- p11_index_finish (test.index);
-
- /* The other objects */
- for (i = 0; expected[i]; i++) {
- handle = p11_index_find (test.index, expected[i], 2);
- assert (handle != 0);
-
- attrs = p11_index_lookup (test.index, handle);
- assert_ptr_not_null (attrs);
-
- test_check_attrs (expected[i], attrs);
- }
-}
-
-static void
-test_changed_distrust_serial (void)
-{
- CK_ATTRIBUTE distrust_cert[] = {
- { CKA_CLASS, &certificate, sizeof (certificate), },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE nss_trust_distrust[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust), },
- { CKA_ID, "cacert3", 7 },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_TRUST_SERVER_AUTH, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_CLIENT_AUTH, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_EMAIL_PROTECTION, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_CODE_SIGNING, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_IPSEC_END_SYSTEM, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_IPSEC_TUNNEL, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_IPSEC_USER, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_TIME_STAMPING, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_DIGITAL_SIGNATURE, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_NON_REPUDIATION, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_KEY_ENCIPHERMENT, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_DATA_ENCIPHERMENT, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_KEY_AGREEMENT, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_KEY_CERT_SIGN, &not_trusted, sizeof (not_trusted) },
- { CKA_TRUST_CRL_SIGN, &not_trusted, sizeof (not_trusted) },
- { CKA_INVALID, }
- };
-
- /*
- * We should get an NSS trust object and various assertions here.
- * The first two attributes of each object are enough to look it up,
- * and then we check the rest of the attributes match.
- */
-
- CK_ATTRIBUTE *expected[] = {
- nss_trust_distrust,
- cacert3_assert_distrust_server,
- cacert3_assert_distrust_client,
- cacert3_assert_distrust_code,
- cacert3_assert_distrust_email,
- cacert3_assert_distrust_system,
- cacert3_assert_distrust_tunnel,
- cacert3_assert_distrust_user,
- cacert3_assert_distrust_time,
- NULL
- };
-
- CK_OBJECT_HANDLE handle;
- CK_ATTRIBUTE *attrs;
- CK_RV rv;
- int i;
-
- /*
- * A distrusted certificate without a value.
- */
- p11_index_load (test.index);
- rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL);
- assert_num_eq (CKR_OK, rv);
- p11_index_finish (test.index);
-
- for (i = 0; expected[i]; i++) {
- handle = p11_index_find (test.index, expected[i], 2);
- assert (handle != 0);
- attrs = p11_index_lookup (test.index, handle);
- assert_ptr_not_null (attrs);
- test_check_attrs (expected[i], attrs);
- }
-}
-
-static void
-test_changed_dup_certificates (void)
-{
- static CK_ATTRIBUTE trusted_cert[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- static CK_ATTRIBUTE distrust_cert[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- static CK_ATTRIBUTE trusted_nss[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust), },
- { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
- { CKA_TRUST_SERVER_AUTH, &trusted_delegator, sizeof (trusted_delegator) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID, }
- };
-
- static CK_ATTRIBUTE distrust_nss[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust), },
- { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
- { CKA_TRUST_SERVER_AUTH, &not_trusted, sizeof (not_trusted) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID, }
- };
-
- static CK_ATTRIBUTE unknown_nss[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust), },
- { CKA_CERT_SHA1_HASH, "\xad\x7c\x3f\x64\xfc\x44\x39\xfe\xf4\xe9\x0b\xe8\xf4\x7c\x6c\xfa\x8a\xad\xfd\xce", 20 },
- { CKA_TRUST_SERVER_AUTH, &trust_unknown, sizeof (trust_unknown) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID, }
- };
-
- static CK_ATTRIBUTE match_nss[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust), },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID, }
- };
-
- static CK_ATTRIBUTE anchor_assertion[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
- { CKA_X_CERTIFICATE_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_X_ASSERTION_TYPE, &anchored_certificate, sizeof (anchored_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- static CK_ATTRIBUTE distrust_assertion[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_X_PURPOSE, (void *)P11_OID_SERVER_AUTH_STR, sizeof (P11_OID_SERVER_AUTH_STR) - 1 },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_ASSERTION_TYPE, &distrusted_certificate, sizeof (distrusted_certificate) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID },
- };
-
- static CK_ATTRIBUTE match_assertion[] = {
- { CKA_CLASS, &trust_assertion, sizeof (trust_assertion) },
- { CKA_ID, "cacert3", 7 },
- { CKA_INVALID, }
- };
-
- CK_OBJECT_HANDLE handle1;
- CK_OBJECT_HANDLE handle2;
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- /*
- * A trusted certificate, should create trutsed nss trust
- * and anchor assertions
- */
- p11_index_load (test.index);
- rv = p11_index_take (test.index, p11_attrs_dup (trusted_cert), &handle1);
- assert_num_eq (CKR_OK, rv);
- p11_index_finish (test.index);
-
- handle = p11_index_find (test.index, match_nss, -1);
- assert (handle != 0);
- handle = p11_index_find (test.index, match_assertion, -1);
- assert (handle != 0);
- handle = p11_index_find (test.index, trusted_nss, -1);
- assert (handle != 0);
- handle = p11_index_find (test.index, anchor_assertion, -1);
- assert (handle != 0);
-
- /* Now we add a distrusted certificate, should update the objects */
- p11_index_load (test.index);
- rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), &handle2);
- assert_num_eq (CKR_OK, rv);
- p11_index_finish (test.index);
-
- handle = p11_index_find (test.index, trusted_nss, -1);
- assert (handle == 0);
- handle = p11_index_find (test.index, distrust_nss, -1);
- assert (handle != 0);
- handle = p11_index_find (test.index, anchor_assertion, -1);
- assert (handle == 0);
- handle = p11_index_find (test.index, distrust_assertion, -1);
- assert (handle != 0);
-
- /* Now remove the trusted cetrificate, should update again */
- rv = p11_index_remove (test.index, handle2);
- assert_num_eq (CKR_OK, rv);
-
- handle = p11_index_find (test.index, trusted_nss, -1);
- assert (handle != 0);
- handle = p11_index_find (test.index, distrust_nss, -1);
- assert (handle == 0);
- handle = p11_index_find (test.index, anchor_assertion, -1);
- assert (handle != 0);
- handle = p11_index_find (test.index, distrust_assertion, -1);
- assert (handle == 0);
-
- /* Now remove the original certificate, unknown nss and no assertions */
- rv = p11_index_remove (test.index, handle1);
- assert_num_eq (CKR_OK, rv);
-
- handle = p11_index_find (test.index, unknown_nss, -1);
- assert (handle != 0);
- handle = p11_index_find (test.index, match_assertion, -1);
- assert (handle == 0);
-}
-
-static void
-test_changed_without_id (void)
-{
- static CK_ATTRIBUTE trusted_without_id[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CERTIFICATE_CATEGORY, &certificate_authority, sizeof (certificate_authority) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_ID, NULL, 0, },
- { CKA_INVALID },
- };
-
- CK_OBJECT_CLASS klass = 0;
- CK_ATTRIBUTE match[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_INVALID },
- };
-
- /*
- * A cetrificate without a CKA_ID that's created should still
- * automatically create compat objects.
- */
-
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- p11_index_load (test.index);
- rv = p11_index_take (test.index, p11_attrs_dup (trusted_without_id), NULL);
- assert_num_eq (CKR_OK, rv);
- p11_index_finish (test.index);
-
- klass = CKO_NSS_TRUST;
- handle = p11_index_find (test.index, match, -1);
- assert (handle != 0);
-
- klass = CKO_X_TRUST_ASSERTION;
- handle = p11_index_find (test.index, match, -1);
- assert (handle != 0);
-}
-
-static void
-test_changed_staple_ca (void)
-{
- CK_ULONG category = 0;
-
- CK_ATTRIBUTE attached[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
- { CKA_OBJECT_ID, (void *)P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS) },
- { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff", 14 },
- { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) },
- { CKA_ID, "the id", 6 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
- { CKA_ID, "the id", 6 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE match[] = {
- { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
- { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_RV rv;
-
- attrs = NULL;
- rv = p11_index_take (test.index, p11_attrs_dup (input), NULL);
- assert_num_eq (CKR_OK, rv);
-
- /* Not a CA at this point, until we staple */
- category = 0;
- assert (p11_index_find (test.index, match, -1) == 0);
-
- /* Add a attached basic constraint */
- rv = p11_index_add (test.index, attached, 4, NULL);
- assert_num_eq (CKR_OK, rv);
-
- /* Now should be a CA */
- category = 2;
- assert (p11_index_find (test.index, match, -1) != 0);
-
- p11_attrs_free (attrs);
-}
-
-static void
-test_changed_staple_ku (void)
-{
- CK_ATTRIBUTE attached_ds_and_np[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
- { CKA_OBJECT_ID, (void *)P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE) },
- { CKA_VALUE, "\x30\x0c\x06\x03\x55\x1d\x0f\x04\x05\x03\x03\x07\xc0\x00", 14 },
- { CKA_PUBLIC_KEY_INFO, (void *)entrust_public_key, sizeof (entrust_public_key) },
- { CKA_ID, "the id", 6 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE input[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (void *)entrust_pretend_ca, sizeof (entrust_pretend_ca) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_ID, "the id", 6 },
- { CKA_INVALID },
- };
-
- static CK_ATTRIBUTE nss_trust_ds_and_np[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust), },
- { CKA_ID, "the id", 6 },
- { CKA_TRUST_SERVER_AUTH, &trusted, sizeof (trusted) },
- { CKA_TRUST_CLIENT_AUTH, &trusted, sizeof (trusted) },
- { CKA_TRUST_EMAIL_PROTECTION, &trusted, sizeof (trusted) },
- { CKA_TRUST_CODE_SIGNING, &trusted, sizeof (trusted) },
- { CKA_TRUST_IPSEC_END_SYSTEM, &trusted, sizeof (trusted) },
- { CKA_TRUST_IPSEC_TUNNEL, &trusted, sizeof (trusted) },
- { CKA_TRUST_IPSEC_USER, &trusted, sizeof (trusted) },
- { CKA_TRUST_TIME_STAMPING, &trusted, sizeof (trusted) },
- { CKA_TRUST_DIGITAL_SIGNATURE, &trusted, sizeof (trusted) },
- { CKA_TRUST_NON_REPUDIATION, &trusted, sizeof (trusted) },
- { CKA_TRUST_KEY_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) },
- { CKA_TRUST_DATA_ENCIPHERMENT, &trust_unknown, sizeof (trust_unknown) },
- { CKA_TRUST_KEY_AGREEMENT, &trust_unknown, sizeof (trust_unknown) },
- { CKA_TRUST_KEY_CERT_SIGN, &trust_unknown, sizeof (trust_unknown) },
- { CKA_TRUST_CRL_SIGN, &trust_unknown, sizeof (trust_unknown) },
- { CKA_INVALID, }
- };
-
- CK_OBJECT_HANDLE handle;
- CK_ATTRIBUTE *attrs;
- CK_RV rv;
-
- p11_index_load (test.index);
- rv = p11_index_take (test.index, p11_attrs_dup (input), NULL);
- assert_num_eq (CKR_OK, rv);
- rv = p11_index_take (test.index, p11_attrs_dup (attached_ds_and_np), NULL);
- assert_num_eq (CKR_OK, rv);
- p11_index_finish (test.index);
-
- handle = p11_index_find (test.index, nss_trust_ds_and_np, 2);
- assert (handle != 0);
-
- attrs = p11_index_lookup (test.index, handle);
- test_check_attrs (nss_trust_ds_and_np, attrs);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_fixture (setup, teardown);
- p11_test (test_get_cache, "/builder/get_cache");
- p11_test (test_build_data, "/builder/build_data");
- p11_test (test_build_certificate, "/builder/build_certificate");
- p11_test (test_build_certificate_empty, "/builder/build_certificate_empty");
- p11_test (test_build_certificate_non_ca, "/builder/build_certificate_non_ca");
- p11_test (test_build_certificate_v1_ca, "/builder/build_certificate_v1_ca");
- p11_test (test_build_certificate_staple_ca, "/builder/build_certificate_staple_ca");
- p11_test (test_build_certificate_staple_ca_backwards, "/builder/build-certificate-staple-ca-backwards");
- p11_test (test_build_certificate_no_type, "/builder/build_certificate_no_type");
- p11_test (test_build_certificate_bad_type, "/builder/build_certificate_bad_type");
- p11_test (test_build_extension, "/builder/build_extension");
- p11_test (test_build_distant_end_date, "/builder/build_distant_end_date");
-
- p11_test (test_valid_bool, "/builder/valid-bool");
- p11_test (test_valid_ulong, "/builder/valid-ulong");
- p11_test (test_valid_utf8, "/builder/valid-utf8");
- p11_test (test_valid_dates, "/builder/valid-date");
- p11_test (test_valid_name, "/builder/valid-name");
- p11_test (test_valid_serial, "/builder/valid-serial");
- p11_test (test_valid_cert, "/builder/valid-cert");
- p11_test (test_invalid_bool, "/builder/invalid-bool");
- p11_test (test_invalid_ulong, "/builder/invalid-ulong");
- p11_test (test_invalid_utf8, "/builder/invalid-utf8");
- p11_test (test_invalid_dates, "/builder/invalid-date");
- p11_test (test_invalid_name, "/builder/invalid-name");
- p11_test (test_invalid_serial, "/builder/invalid-serial");
- p11_test (test_invalid_cert, "/builder/invalid-cert");
- p11_test (test_invalid_schema, "/builder/invalid-schema");
-
- p11_test (test_create_not_settable, "/builder/create_not_settable");
- p11_test (test_create_but_loadable, "/builder/create_but_loadable");
- p11_test (test_create_unsupported, "/builder/create_unsupported");
- p11_test (test_create_generated, "/builder/create_generated");
- p11_test (test_create_bad_attribute, "/builder/create_bad_attribute");
- p11_test (test_create_missing_attribute, "/builder/create_missing_attribute");
- p11_test (test_create_no_class, "/builder/create_no_class");
- p11_test (test_create_token_mismatch, "/builder/create_token_mismatch");
- p11_test (test_modify_success, "/builder/modify_success");
- p11_test (test_modify_read_only, "/builder/modify_read_only");
- p11_test (test_modify_unchanged, "/builder/modify_unchanged");
- p11_test (test_modify_not_modifiable, "/builder/modify_not_modifiable");
-
- p11_test (test_changed_trusted_certificate, "/builder/changed_trusted_certificate");
- p11_test (test_changed_distrust_value, "/builder/changed_distrust_value");
- p11_test (test_changed_distrust_serial, "/builder/changed_distrust_serial");
- p11_test (test_changed_without_id, "/builder/changed_without_id");
- p11_test (test_changed_staple_ca, "/builder/changed_staple_ca");
- p11_test (test_changed_staple_ku, "/builder/changed_staple_ku");
- p11_test (test_changed_dup_certificates, "/builder/changed_dup_certificates");
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-bundle.c b/trust/test-bundle.c
deleted file mode 100644
index 3af7277..0000000
--- a/trust/test-bundle.c
+++ /dev/null
@@ -1,272 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#define P11_KIT_DISABLE_DEPRECATED
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "extract.h"
-#include "message.h"
-#include "mock.h"
-#include "path.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "oid.h"
-#include "test.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-struct {
- CK_FUNCTION_LIST module;
- p11_enumerate ex;
- char *directory;
-} test;
-
-static void
-setup (void *unused)
-{
- CK_RV rv;
-
- mock_module_reset ();
- memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
- rv = test.module.C_Initialize (NULL);
- assert_num_eq (CKR_OK, rv);
-
- p11_enumerate_init (&test.ex);
-
- test.directory = p11_test_directory ("test-extract");
-}
-
-static void
-teardown (void *unused)
-{
- CK_RV rv;
-
- if (rmdir (test.directory) < 0)
- assert_not_reached ();
- free (test.directory);
-
- p11_enumerate_cleanup (&test.ex);
-
- rv = test.module.C_Finalize (NULL);
- assert_num_eq (CKR_OK, rv);
-}
-
-static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
-static CK_CERTIFICATE_TYPE x509_type = CKC_X_509;
-
-static CK_ATTRIBUTE cacert3_authority_attrs[] = {
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
- { CKA_LABEL, "Cacert3 Here", 12 },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_ID, "ID1", 3 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE certificate_filter[] = {
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_INVALID },
-};
-
-static void
-test_file (void)
-{
- char *destination;
- bool ret;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_pem_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/cacert3.pem");
-
- free (destination);
-}
-
-static void
-test_file_multiple (void)
-{
- char *destination;
- bool ret;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_pem_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/cacert3-twice.pem");
-
- free (destination);
-}
-
-static void
-test_file_without (void)
-{
- char *destination;
- bool ret;
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_pem_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_data (test.directory, "extract.pem", "", 0);
-
- free (destination);
-}
-
-static void
-test_directory (void)
-{
- bool ret;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- /* Yes, this is a race, and why you shouldn't build software as root */
- if (rmdir (test.directory) < 0)
- assert_not_reached ();
-
- ret = p11_extract_pem_directory (&test.ex, test.directory);
- assert_num_eq (true, ret);
-
- test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL));
- test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/trust/fixtures/cacert3.pem");
- test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/trust/fixtures/cacert3.pem");
-}
-
-static void
-test_directory_empty (void)
-{
- bool ret;
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- /* Yes, this is a race, and why you shouldn't build software as root */
- if (rmdir (test.directory) < 0)
- assert_not_reached ();
-
- ret = p11_extract_pem_directory (&test.ex, test.directory);
- assert_num_eq (true, ret);
-
- test_check_directory (test.directory, (NULL, NULL));
-}
-
-static void
-test_directory_hash (void)
-{
- bool ret;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- /* Yes, this is a race, and why you shouldn't build software as root */
- if (rmdir (test.directory) < 0)
- assert_not_reached ();
-
- ret = p11_extract_pem_directory_hash (&test.ex, test.directory);
- assert_num_eq (true, ret);
-
- test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem",
-#ifdef OS_UNIX
- "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0",
-#endif
- NULL));
- test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/trust/fixtures/cacert3.pem");
- test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/trust/fixtures/cacert3.pem");
-#ifdef OS_UNIX
- test_check_symlink (test.directory, "e5662767.0", "Cacert3_Here.pem");
- test_check_symlink (test.directory, "e5662767.1", "Cacert3_Here.1.pem");
- test_check_symlink (test.directory, "590d426f.0", "Cacert3_Here.pem");
- test_check_symlink (test.directory, "590d426f.1", "Cacert3_Here.1.pem");
-#endif
-}
-
-int
-main (int argc,
- char *argv[])
-{
- mock_module_init ();
-
- p11_fixture (setup, teardown);
- p11_test (test_file, "/pem/test_file");
- p11_test (test_file_multiple, "/pem/test_file_multiple");
- p11_test (test_file_without, "/pem/test_file_without");
- p11_test (test_directory, "/pem/test_directory");
- p11_test (test_directory_empty, "/pem/test_directory_empty");
- p11_test (test_directory_hash, "/pem/test_directory_hash");
- return p11_test_run (argc, argv);
-}
-
-#include "enumerate.c"
-#include "extract-pem.c"
-#include "extract-openssl.c"
-#include "save.c"
diff --git a/trust/test-cer.c b/trust/test-cer.c
deleted file mode 100644
index 422b528..0000000
--- a/trust/test-cer.c
+++ /dev/null
@@ -1,247 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#define P11_KIT_DISABLE_DEPRECATED
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "extract.h"
-#include "message.h"
-#include "mock.h"
-#include "path.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "oid.h"
-#include "test.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-struct {
- CK_FUNCTION_LIST module;
- p11_enumerate ex;
- char *directory;
-} test;
-
-static void
-setup (void *unused)
-{
- CK_RV rv;
-
- mock_module_reset ();
- memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
- rv = test.module.C_Initialize (NULL);
- assert_num_eq (CKR_OK, rv);
-
- p11_enumerate_init (&test.ex);
-
- test.directory = p11_test_directory ("test-extract");
-}
-
-static void
-teardown (void *unused)
-{
- CK_RV rv;
-
- if (rmdir (test.directory) < 0)
- assert_fail ("rmdir() failed", test.directory);
- free (test.directory);
-
- p11_enumerate_cleanup (&test.ex);
-
- rv = test.module.C_Finalize (NULL);
- assert_num_eq (CKR_OK, rv);
-}
-
-static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
-static CK_CERTIFICATE_TYPE x509_type = CKC_X_509;
-
-static CK_ATTRIBUTE cacert3_authority_attrs[] = {
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
- { CKA_LABEL, "Cacert3 Here", 12 },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_ID, "ID1", 3 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE certificate_filter[] = {
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_INVALID },
-};
-
-static void
-test_file (void)
-{
- char *destination;
- bool ret;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0)
- assert_not_reached ();
-
- ret = p11_extract_x509_file (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_file (test.directory, "extract.cer", SRCDIR "/trust/fixtures/cacert3.der");
-
- free (destination);
-}
-
-static void
-test_file_multiple (void)
-{
- char *destination;
- bool ret;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0)
- assert_not_reached ();
-
- p11_message_quiet ();
-
- ret = p11_extract_x509_file (&test.ex, destination);
- assert_num_eq (true, ret);
-
- assert (strstr (p11_message_last (), "multiple certificates") != NULL);
-
- p11_message_loud ();
-
- test_check_file (test.directory, "extract.cer", SRCDIR "/trust/fixtures/cacert3.der");
-
- free (destination);
-}
-
-static void
-test_file_without (void)
-{
- char *destination;
- bool ret;
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.cer") < 0)
- assert_not_reached ();
-
- p11_message_quiet ();
-
- ret = p11_extract_x509_file (&test.ex, destination);
- assert_num_eq (false, ret);
-
- assert (strstr (p11_message_last (), "no certificate") != NULL);
-
- p11_message_loud ();
-
- free (destination);
-}
-
-static void
-test_directory (void)
-{
- bool ret;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- /* Yes, this is a race, and why you shouldn't build software as root */
- if (rmdir (test.directory) < 0)
- assert_not_reached ();
-
- ret = p11_extract_x509_directory (&test.ex, test.directory);
- assert_num_eq (true, ret);
-
- test_check_directory (test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL));
- test_check_file (test.directory, "Cacert3_Here.cer", SRCDIR "/trust/fixtures/cacert3.der");
- test_check_file (test.directory, "Cacert3_Here.1.cer", SRCDIR "/trust/fixtures/cacert3.der");
-}
-
-static void
-test_directory_empty (void)
-{
- bool ret;
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- /* Yes, this is a race, and why you shouldn't build software as root */
- if (rmdir (test.directory) < 0)
- assert_not_reached ();
-
- ret = p11_extract_x509_directory (&test.ex, test.directory);
- assert_num_eq (true, ret);
-
- test_check_directory (test.directory, (NULL, NULL));
-}
-
-int
-main (int argc,
- char *argv[])
-{
- mock_module_init ();
-
- p11_fixture (setup, teardown);
- p11_test (test_file, "/x509/test_file");
- p11_test (test_file_multiple, "/x509/test_file_multiple");
- p11_test (test_file_without, "/x509/test_file_without");
- p11_test (test_directory, "/x509/test_directory");
- p11_test (test_directory_empty, "/x509/test_directory_empty");
- return p11_test_run (argc, argv);
-}
-
-#include "enumerate.c"
-#include "extract-cer.c"
-#include "save.c"
diff --git a/trust/test-digest.c b/trust/test-digest.c
deleted file mode 100644
index f2cb669..0000000
--- a/trust/test-digest.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "digest.h"
-
-const char *sha1_input[] = {
- "abc",
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- NULL
-};
-
-const char *sha1_checksum[] = {
- "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D",
- "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1",
- NULL
-};
-
-static void
-test_sha1 (void)
-{
- unsigned char checksum[P11_DIGEST_SHA1_LEN];
- size_t len;
- int i;
-
- for (i = 0; sha1_input[i] != NULL; i++) {
- memset (checksum, 0, sizeof (checksum));
- len = strlen (sha1_input[i]);
-
- p11_digest_sha1 (checksum, sha1_input[i], len, NULL);
- assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0);
-
- if (len > 6) {
- p11_digest_sha1 (checksum, sha1_input[i], 6, sha1_input[i] + 6, len - 6, NULL);
- assert (memcmp (sha1_checksum[i], checksum, P11_DIGEST_SHA1_LEN) == 0);
- }
- }
-}
-
-static void
-test_sha1_long (void)
-{
- unsigned char checksum[P11_DIGEST_SHA1_LEN];
- char *expected = "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F";
- char *input;
-
- input = malloc (1000000);
- assert (input != NULL);
- memset (input, 'a', 1000000);
-
- p11_digest_sha1 (checksum, input, 1000000, NULL);
- assert (memcmp (expected, checksum, P11_DIGEST_SHA1_LEN) == 0);
-
- free (input);
-}
-
-const char *md5_input[] = {
- "",
- "a",
- "abc",
- "message digest",
- "abcdefghijklmnopqrstuvwxyz",
- NULL
-};
-
-const char *md5_checksum[] = {
- "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e",
- "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61",
- "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72",
- "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0",
- "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b",
- NULL
-};
-
-static void
-test_md5 (void)
-{
- unsigned char checksum[P11_DIGEST_MD5_LEN];
- size_t len;
- int i;
-
- for (i = 0; md5_input[i] != NULL; i++) {
- memset (checksum, 0, sizeof (checksum));
- len = strlen (md5_input[i]);
-
- p11_digest_md5 (checksum, md5_input[i], len, NULL);
- assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0);
-
- if (len > 5) {
- p11_digest_md5 (checksum, md5_input[i], 5, md5_input[i] + 5, len - 5, NULL);
- assert (memcmp (md5_checksum[i], checksum, P11_DIGEST_MD5_LEN) == 0);
- }
- }
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_sha1, "/digest/sha1");
- p11_test (test_sha1_long, "/digest/sha1-long");
- p11_test (test_md5, "/digest/md5");
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-enumerate.c b/trust/test-enumerate.c
deleted file mode 100644
index 424437e..0000000
--- a/trust/test-enumerate.c
+++ /dev/null
@@ -1,538 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#define P11_KIT_DISABLE_DEPRECATED
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "extract.h"
-#include "message.h"
-#include "mock.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "oid.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-
-static void
-test_file_name_for_label (void)
-{
- CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
- p11_enumerate ex;
- char *name;
-
- p11_enumerate_init (&ex);
-
- ex.attrs = p11_attrs_build (NULL, &label, NULL);
-
- name = p11_enumerate_filename (&ex);
- assert_str_eq ("The_Label_", name);
- free (name);
-
- p11_enumerate_cleanup (&ex);
-}
-
-static void
-test_file_name_for_class (void)
-{
- p11_enumerate ex;
- char *name;
-
- p11_enumerate_init (&ex);
-
- ex.klass = CKO_CERTIFICATE;
-
- name = p11_enumerate_filename (&ex);
- assert_str_eq ("certificate", name);
- free (name);
-
- ex.klass = CKO_DATA;
-
- name = p11_enumerate_filename (&ex);
- assert_str_eq ("unknown", name);
- free (name);
-
- p11_enumerate_cleanup (&ex);
-}
-
-static void
-test_comment_for_label (void)
-{
- CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
- p11_enumerate ex;
- char *comment;
-
- p11_enumerate_init (&ex);
-
- ex.flags = P11_EXTRACT_COMMENT;
- ex.attrs = p11_attrs_build (NULL, &label, NULL);
-
- comment = p11_enumerate_comment (&ex, true);
- assert_str_eq ("# The Label!\n", comment);
- free (comment);
-
- comment = p11_enumerate_comment (&ex, false);
- assert_str_eq ("\n# The Label!\n", comment);
- free (comment);
-
- p11_enumerate_cleanup (&ex);
-}
-
-static void
-test_comment_not_enabled (void)
-{
- CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
- p11_enumerate ex;
- char *comment;
-
- p11_enumerate_init (&ex);
-
- ex.attrs = p11_attrs_build (NULL, &label, NULL);
-
- comment = p11_enumerate_comment (&ex, true);
- assert_ptr_eq (NULL, comment);
-
- comment = p11_enumerate_comment (&ex, false);
- assert_ptr_eq (NULL, comment);
-
- p11_enumerate_cleanup (&ex);
-}
-
-struct {
- CK_FUNCTION_LIST module;
- CK_FUNCTION_LIST_PTR modules[2];
- p11_enumerate ex;
-} test;
-
-static void
-setup (void *unused)
-{
- CK_RV rv;
-
- mock_module_reset ();
- memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
-
- rv = test.module.C_Initialize (NULL);
- assert_num_eq (CKR_OK, rv);
-
- p11_enumerate_init (&test.ex);
-
- /* Prefill the modules */
- test.modules[0] = &test.module;
- test.modules[1] = NULL;
- test.ex.modules = test.modules;
-}
-
-static void
-teardown (void *unused)
-{
- CK_RV rv;
-
- /* Don't free the modules */
- test.ex.modules = NULL;
-
- p11_enumerate_cleanup (&test.ex);
-
- rv = test.module.C_Finalize (NULL);
- assert_num_eq (CKR_OK, rv);
-}
-
-static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS public_key_class = CKO_PUBLIC_KEY;
-static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION;
-static CK_CERTIFICATE_TYPE x509_type = CKC_X_509;
-static CK_BBOOL truev = CK_TRUE;
-
-static CK_ATTRIBUTE cacert3_trusted[] = {
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
- { CKA_LABEL, "Cacert3 Here", 11 },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_ID, "ID1", 3 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_distrusted[] = {
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
- { CKA_LABEL, "Another CaCert", 11 },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE cacert3_distrusted_by_key[] = {
- { CKA_CLASS, &public_key_class, sizeof (public_key_class) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE certificate_filter[] = {
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE extension_eku_server_client[] = {
- { CKA_CLASS, &extension_class, sizeof (extension_class) },
- { CKA_ID, "ID1", 3 },
- { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
- { CKA_VALUE, "\x30\x1d\x06\x03\x55\x1d\x25\x04\x16\x30\x14\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 31 },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE extension_eku_invalid[] = {
- { CKA_CLASS, &extension_class, sizeof (extension_class) },
- { CKA_ID, "ID1", 3 },
- { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x25\x04\x07\x69\x6e\x76\x61\x6c\x69\x64", 16 },
- { CKA_INVALID },
-};
-
-static void
-test_info_simple_certificate (void)
-{
- void *value;
- size_t length;
- CK_RV rv;
-
- assert_ptr_not_null (test.ex.asn1_defs);
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_enumerate_ready (&test.ex, NULL);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_OK, rv);
-
- assert_num_eq (CKO_CERTIFICATE, test.ex.klass);
- assert_ptr_not_null (test.ex.attrs);
- value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length);
- assert_ptr_not_null (value);
- assert (memcmp (value, test_cacert3_ca_der, length) == 0);
- assert_ptr_not_null (test.ex.cert_der);
- assert (memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0);
- assert_ptr_not_null (test.ex.cert_asn);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_info_limit_purposes (void)
-{
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
-
- /* This should not match the above, with the attached certificat ext */
- assert_ptr_eq (NULL, test.ex.limit_to_purposes);
- p11_enumerate_opt_purpose (&test.ex, "1.1.1");
- assert_ptr_not_null (test.ex.limit_to_purposes);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_enumerate_ready (&test.ex, NULL);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_info_invalid_purposes (void)
-{
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_enumerate_ready (&test.ex, NULL);
-
- p11_kit_be_quiet ();
-
- /* No results due to invalid purpose on certificate */
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-
- p11_kit_be_loud ();
-}
-
-static void
-test_info_skip_non_certificate (void)
-{
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-
- p11_enumerate_ready (&test.ex, NULL);
-
- p11_message_quiet ();
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_OK, rv);
-
- assert_num_eq (CKO_CERTIFICATE, test.ex.klass);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_limit_to_purpose_match (void)
-{
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
-
- p11_enumerate_opt_purpose (&test.ex, P11_OID_SERVER_AUTH_STR);
- p11_enumerate_ready (&test.ex, NULL);
-
- p11_message_quiet ();
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_OK, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_limit_to_purpose_no_match (void)
-{
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
-
- p11_enumerate_opt_purpose (&test.ex, "3.3.3.3");
- p11_enumerate_ready (&test.ex, NULL);
-
- p11_message_quiet ();
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-
- p11_message_loud ();
-}
-
-static void
-test_duplicate_extract (void)
-{
- CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
-
- p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
- p11_enumerate_ready (&test.ex, NULL);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_OK, rv);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_OK, rv);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_duplicate_distrusted (void)
-{
- CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
- CK_ATTRIBUTE attrs[] = {
- { CKA_X_DISTRUSTED, NULL, 0 },
- };
-
- CK_BBOOL val;
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
-
- test.ex.flags = P11_ENUMERATE_COLLAPSE;
- p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
- p11_enumerate_ready (&test.ex, NULL);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_OK, rv);
-
- rv = p11_kit_iter_load_attributes (test.ex.iter, attrs, 1);
- assert_num_eq (CKR_OK, rv);
- assert (p11_attrs_findn_bool (attrs, 1, CKA_X_DISTRUSTED, &val));
- assert_num_eq (val, CK_TRUE);
- free (attrs[0].pValue);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_trusted_match (void)
-{
- CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
-
- test.ex.flags = P11_ENUMERATE_ANCHORS;
- p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
- p11_enumerate_ready (&test.ex, NULL);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_distrust_match (void)
-{
- CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
- CK_BBOOL boolv;
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
-
- test.ex.flags = P11_ENUMERATE_BLACKLIST;
- p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
- p11_enumerate_ready (&test.ex, NULL);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_OK, rv);
-
- if (!p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &boolv))
- boolv = CK_FALSE;
- assert_num_eq (CK_TRUE, boolv);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_override_by_issuer_serial (void)
-{
- CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
- CK_BBOOL distrusted = CK_FALSE;
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
-
- test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
- p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
- p11_enumerate_ready (&test.ex, NULL);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_OK, rv);
-
- assert (p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &distrusted));
- assert_num_eq (CK_TRUE, distrusted);
-
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-}
-
-static void
-test_override_by_public_key (void)
-{
- CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
- CK_RV rv;
-
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
- mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted_by_key);
-
- test.ex.flags = P11_ENUMERATE_ANCHORS | P11_ENUMERATE_BLACKLIST;
- p11_kit_iter_add_filter (test.ex.iter, &certificate, 1);
- p11_enumerate_ready (&test.ex, NULL);
-
- /* No results returned, because distrust is not a cert */
- rv = p11_kit_iter_next (test.ex.iter);
- assert_num_eq (CKR_CANCEL, rv);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- mock_module_init ();
-
- p11_test (test_file_name_for_label, "/extract/test_file_name_for_label");
- p11_test (test_file_name_for_class, "/extract/test_file_name_for_class");
- p11_test (test_comment_for_label, "/extract/test_comment_for_label");
- p11_test (test_comment_not_enabled, "/extract/test_comment_not_enabled");
-
- p11_fixture (setup, teardown);
- p11_test (test_info_simple_certificate, "/extract/test_info_simple_certificate");
- p11_test (test_info_limit_purposes, "/extract/test_info_limit_purposes");
- p11_test (test_info_invalid_purposes, "/extract/test_info_invalid_purposes");
- p11_test (test_info_skip_non_certificate, "/extract/test_info_skip_non_certificate");
- p11_test (test_limit_to_purpose_match, "/extract/test_limit_to_purpose_match");
- p11_test (test_limit_to_purpose_no_match, "/extract/test_limit_to_purpose_no_match");
- p11_test (test_duplicate_extract, "/extract/test_duplicate_extract");
- p11_test (test_duplicate_distrusted, "/extract/test-duplicate-distrusted");
- p11_test (test_trusted_match, "/extract/test_trusted_match");
- p11_test (test_distrust_match, "/extract/test_distrust_match");
- p11_test (test_override_by_issuer_serial, "/extract/override-by-issuer-and-serial");
- p11_test (test_override_by_public_key, "/extract/override-by-public-key");
-
- return p11_test_run (argc, argv);
-}
-
-#include "enumerate.c"
diff --git a/trust/test-extract.in b/trust/test-extract.in
deleted file mode 100644
index 59f6cd6..0000000
--- a/trust/test-extract.in
+++ /dev/null
@@ -1,189 +0,0 @@
-#!/bin/sh
-
-set -euf
-
-# -----------------------------------------------------------------------------
-# Basic fundamentals
-
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-datarootdir=@datarootdir@
-datadir=@datadir@
-sysconfdir=@sysconfdir@
-libdir=@libdir@
-privatedir=@privatedir@
-with_trust_paths=@with_trust_paths@
-script=$(basename $0)
-
-# -----------------------------------------------------------------------------
-# Testing
-
-warning()
-{
- echo "$script: $@" >&2
-}
-
-assert_fail()
-{
- warning $@
- exit 1
-}
-
-assert_contains()
-{
- if ! grep -qF $2 $1; then
- assert_fail "$1 does not contain $2"
- fi
-}
-
-assert_not_contains()
-{
- if grep -qF $2 $1; then
- assert_fail "$1 contains $2"
- fi
-}
-
-teardown()
-{
- for x in $TD; do
- if [ -d $x ]; then
- rmdir $x
- elif [ -f $x ]; then
- rm $x
- fi
- done
- TD=""
-}
-
-teardown_dirty()
-{
- echo "not ok $TEST_NUMBER $TEST_NAME"
- teardown
-}
-
-openssl_quiet()
-(
- command='/Generating a|-----|^[.+]+$|writing new private key/d'
- exec 3>&1
- openssl $@ 2>&1 >&3 3>&- | sed -r "$command" 3>&-
-)
-
-skip()
-{
- TEST_SKIP=yes
- echo "ok $TEST_NUMBER # skip $TEST_NAME: $@"
-}
-
-setup()
-{
- # Parse the trust paths
- oldifs="$IFS"
- IFS=:
- set $with_trust_paths
- IFS="$oldifs"
-
- if [ ! -d $1 ]; then
- skip "$1 is not a directory"
- return
- fi
-
- SOURCE_1=$1
- if [ $# -lt 2 ]; then
- warning "certain tests neutered if only 1 trust path: $with_trust_paths"
- SOURCE_2=$1
- else
- SOURCE_2=$2
- fi
-
- # Make a temporary directory
- dir=$(mktemp -d)
- cd $dir
- CLEANUP="$dir $TD"
-
- # Generate a unique identifier
- CERT_1_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
- CERT_2_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
- CERT_3_CN=test_$(dd if=/dev/urandom count=40 bs=1 status=none | base64 | tr -d '+/=')
-
- # Generate relevant certificates
- openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
- -out cert_1.pem -subj /CN=$CERT_1_CN
- openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
- -out cert_2.pem -subj /CN=$CERT_2_CN
- openssl_quiet req -x509 -newkey rsa:512 -keyout /dev/null -days 3 -nodes \
- -out cert_3.pem -subj /CN=$CERT_3_CN
-
- TD="cert_1.pem cert_2.pem cert_3.pem $TD"
-
- mkdir -p $SOURCE_1/anchors
- cp cert_1.pem $SOURCE_1/anchors/
-
- mkdir -p $SOURCE_2/anchors
- cp cert_2.pem $SOURCE_2/anchors/
- cp cert_3.pem $SOURCE_2/anchors/
-
- TD="$SOURCE_1/anchors/cert_1.pem $SOURCE_2/anchors/cert_2.pem $SOURCE_2/anchors/cert_3.pem $TD"
-}
-
-run()
-{
- TOTAL=0
- for TEST_NAME in $@; do
- TOTAL=$(expr $TOTAL + 1)
- done
-
- echo "1..$TOTAL"
-
- TEST_NUMBER=0
- for TEST_NAME in $@; do
- TEST_NUMBER=$(expr $TEST_NUMBER + 1)
- (
- trap teardown_dirty EXIT
- trap "teardown_dirty; exit 127" INT TERM
- TD=""
-
- TEST_SKIP=no
- setup
-
- if [ $TEST_SKIP != "yes" ]; then
- $TEST_NAME
- fi
- if [ $TEST_SKIP != "yes" ]; then
- echo "ok $TEST_NUMBER $TEST_NAME"
- fi
-
- trap - EXIT
- teardown
- )
- done
-}
-
-# -----------------------------------------------------------------------------
-# Main tests
-
-test_extract()
-{
- trust extract --filter=ca-anchors --format=pem-bundle \
- --purpose=server-auth --comment \
- extract-test.pem
-
- assert_contains extract-test.pem $CERT_1_CN
- assert_contains extract-test.pem $CERT_2_CN
- assert_contains extract-test.pem $CERT_3_CN
-}
-
-test_blacklist()
-{
- mkdir -p $SOURCE_1/blacklist
- cp cert_3.pem $SOURCE_1/blacklist
- TD="$SOURCE_1/blacklist/cert_3.pem $TD"
-
- trust extract --filter=ca-anchors --format=pem-bundle \
- --purpose=server-auth --comment \
- blacklist-test.pem
-
- assert_contains blacklist-test.pem $CERT_1_CN
- assert_not_contains blacklist-test.pem $CERT_3_CN
-}
-
-run test_extract test_blacklist
diff --git a/trust/test-index.c b/trust/test-index.c
deleted file mode 100644
index fc861b2..0000000
--- a/trust/test-index.c
+++ /dev/null
@@ -1,1144 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "debug.h"
-#include "index.h"
-#include "message.h"
-
-struct {
- p11_index *index;
-} test;
-
-static void
-setup (void *unused)
-{
- test.index = p11_index_new (NULL, NULL, NULL, NULL, NULL);
- assert_ptr_not_null (test.index);
-}
-
-static void
-teardown (void *unused)
-{
- p11_index_free (test.index);
- memset (&test, 0, sizeof (test));
-}
-
-static void
-test_take_lookup (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *check;
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- attrs = p11_attrs_dup (original);
- rv = p11_index_take (test.index, attrs, &handle);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (test.index, handle);
- test_check_attrs (original, check);
-
- check = p11_index_lookup (test.index, 1UL);
- assert_ptr_eq (NULL, check);
-
- check = p11_index_lookup (test.index, 0UL);
- assert_ptr_eq (NULL, check);
-}
-
-static void
-test_add_lookup (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE *check;
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- rv = p11_index_add (test.index, original, 2, &handle);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (test.index, handle);
- test_check_attrs (original, check);
-}
-
-static void
-test_size (void)
-{
- static CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_RV rv;
-
- rv = p11_index_add (test.index, original, 2, NULL);
- assert (rv == CKR_OK);
-
- rv = p11_index_add (test.index, original, 2, NULL);
- assert (rv == CKR_OK);
-
- rv = p11_index_add (test.index, original, 2, NULL);
- assert (rv == CKR_OK);
-
- assert_num_eq (3, p11_index_size (test.index));
-}
-
-static int
-compar_ulong (const void *one,
- const void *two)
-{
- const CK_ULONG *u1 = one;
- const CK_ULONG *u2 = two;
-
- if (*u1 == *u2)
- return 0;
- if (*u1 < *u2)
- return -1;
- return 1;
-}
-
-static void
-test_snapshot (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- static const int NUM = 16;
- CK_OBJECT_HANDLE expected[NUM];
- CK_OBJECT_HANDLE *snapshot;
- int i;
-
- for (i = 0; i < NUM; i++)
- p11_index_add (test.index, original, 2, expected + i);
-
- snapshot = p11_index_snapshot (test.index, NULL, NULL, 0);
- assert_ptr_not_null (snapshot);
-
- for (i = 0; i < NUM; i++)
- assert (snapshot[i] != 0);
- assert (snapshot[NUM] == 0);
-
- qsort (snapshot, NUM, sizeof (CK_OBJECT_HANDLE), compar_ulong);
-
- for (i = 0; i < NUM; i++)
- assert_num_eq (expected[i], snapshot[i]);
-
- free (snapshot);
-}
-
-static void
-test_snapshot_base (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- static const int NUM = 16;
- CK_OBJECT_HANDLE expected[NUM];
- CK_OBJECT_HANDLE *snapshot;
- CK_RV rv;
- int i;
-
- for (i = 0; i < NUM; i++) {
- rv = p11_index_add (test.index, original, 2, expected + i);
- assert (rv == CKR_OK);
- }
-
- snapshot = p11_index_snapshot (test.index, test.index, NULL, 0);
- assert_ptr_not_null (snapshot);
-
- for (i = 0; i < NUM * 2; i++)
- assert (snapshot[i] != 0);
- assert (snapshot[NUM * 2] == 0);
-
- qsort (snapshot, NUM * 2, sizeof (CK_OBJECT_HANDLE), compar_ulong);
-
- for (i = 0; i < NUM * 2; i++)
- assert_num_eq (expected[i / 2], snapshot[i]);
-
- free (snapshot);
-}
-
-static void
-test_remove (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *check;
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- attrs = p11_attrs_dup (original);
- rv = p11_index_take (test.index, attrs, &handle);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (test.index, handle);
- assert_ptr_eq (attrs, check);
-
- rv = p11_index_remove (test.index, 1UL);
- assert (rv == CKR_OBJECT_HANDLE_INVALID);
-
- rv = p11_index_remove (test.index, handle);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (test.index, handle);
- assert_ptr_eq (NULL, check);
-}
-
-static void
-test_set (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 };
-
- CK_ATTRIBUTE changed[] = {
- { CKA_LABEL, "naay", 4 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *check;
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- attrs = p11_attrs_dup (original);
- rv = p11_index_take (test.index, attrs, &handle);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (test.index, handle);
- test_check_attrs (original, check);
-
- rv = p11_index_set (test.index, handle, &change, 1);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (test.index, handle);
- test_check_attrs (changed, check);
-
- rv = p11_index_set (test.index, 1UL, &change, 1);
- assert (rv == CKR_OBJECT_HANDLE_INVALID);
-}
-
-static void
-test_update (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE change = { CKA_LABEL, "naay", 4 };
-
- CK_ATTRIBUTE changed[] = {
- { CKA_LABEL, "naay", 4 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE *attrs;
- CK_ATTRIBUTE *check;
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- attrs = p11_attrs_dup (original);
- rv = p11_index_take (test.index, attrs, &handle);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (test.index, handle);
- test_check_attrs (original, check);
-
- attrs = p11_attrs_build (NULL, &change, NULL);
- rv = p11_index_update (test.index, handle, attrs);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (test.index, handle);
- test_check_attrs (changed, check);
-
- attrs = p11_attrs_build (NULL, &change, NULL);
- rv = p11_index_update (test.index, 1L, attrs);
- assert (rv == CKR_OBJECT_HANDLE_INVALID);
-}
-
-static void
-test_find (void)
-{
- CK_ATTRIBUTE first[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "one", 3 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE second[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "two", 3 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE third[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "three", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match3[] = {
- { CKA_VALUE, "three", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match_any[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match_none[] = {
- { CKA_VALUE, "blonononon", 10 },
- { CKA_LABEL, "yay", 3 },
- { CKA_INVALID }
- };
-
- CK_OBJECT_HANDLE check;
- CK_OBJECT_HANDLE one;
- CK_OBJECT_HANDLE two;
- CK_OBJECT_HANDLE three;
-
- p11_index_add (test.index, first, 2, &one);
- p11_index_add (test.index, second, 2, &two);
- p11_index_add (test.index, third, 2, &three);
-
- check = p11_index_find (test.index, match3, -1);
- assert_num_eq (three, check);
-
- check = p11_index_find (test.index, match3, 1);
- assert_num_eq (three, check);
-
- check = p11_index_find (test.index, match_any, -1);
- assert (check == one || check == two || check == three);
-
- check = p11_index_find (test.index, match_any, 1);
- assert (check == one || check == two || check == three);
-
- check = p11_index_find (test.index, match_none, -1);
- assert_num_eq (0, check);
-
- check = p11_index_find (test.index, match_none, 2);
- assert_num_eq (0, check);
-}
-
-static bool
-handles_are (CK_OBJECT_HANDLE *handles,
- ...)
-{
- CK_OBJECT_HANDLE handle;
- bool matched = true;
- int count;
- int num;
- va_list va;
- int i;
-
- if (!handles)
- return false;
-
- /* Count number of handles */
- for (num = 0; handles[num]; num++);
-
- va_start (va, handles);
-
- for (count = 0; matched; count++) {
- handle = va_arg (va, CK_OBJECT_HANDLE);
- if (handle == 0)
- break;
-
- for (i = 0; handles[i]; i++) {
- if (handle == handles[i])
- break;
- }
-
- if (handles[i] != handle)
- matched = false;
- }
-
- va_end (va);
-
- return matched && (count == num);
-}
-
-static void
-test_find_all (void)
-{
- CK_ATTRIBUTE first[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "one", 3 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE second[] = {
- { CKA_LABEL, "even", 4 },
- { CKA_VALUE, "two", 3 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE third[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "three", 5 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match_odd[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match_3[] = {
- { CKA_VALUE, "three", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match_any[] = {
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match_none[] = {
- { CKA_VALUE, "blonononon", 10 },
- { CKA_LABEL, "yay", 3 },
- { CKA_INVALID }
- };
-
- CK_OBJECT_HANDLE *check;
- CK_OBJECT_HANDLE one;
- CK_OBJECT_HANDLE two;
- CK_OBJECT_HANDLE three;
-
- p11_index_add (test.index, first, 3, &one);
- p11_index_add (test.index, second, 3, &two);
- p11_index_add (test.index, third, 3, &three);
-
- check = p11_index_find_all (test.index, match_3, -1);
- assert (handles_are (check, three, 0UL));
- free (check);
-
- check = p11_index_find_all (test.index, match_none, -1);
- assert (handles_are (check, 0UL));
- free (check);
-
- check = p11_index_find_all (test.index, match_odd, -1);
- assert (handles_are (check, one, three, 0UL));
- free (check);
-
- check = p11_index_find_all (test.index, match_any, -1);
- assert (handles_are (check, one, two, three, 0UL));
- free (check);
-
- check = p11_index_find_all (test.index, match_none, -1);
- assert_ptr_not_null (check);
- assert_num_eq (0, check[0]);
- free (check);
-
- /* A double check of this method */
- one = 0UL;
- check = &one;
- assert (!handles_are (check, 29292929, 0UL));
- assert (!handles_are (NULL, 0UL));
-}
-
-static void
-test_find_realloc (void)
-{
- CK_ATTRIBUTE attrs[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "one", 3 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match[] = {
- { CKA_INVALID }
- };
-
- CK_OBJECT_HANDLE *check;
- int i;
-
- for (i = 0; i < 1000; i++)
- p11_index_add (test.index, attrs, 3, NULL);
-
- check = p11_index_find_all (test.index, match, -1);
- assert_ptr_not_null (check);
-
- for (i = 0; i < 1000; i++)
- assert (check[i] != 0);
- assert_num_eq (0, check[1000]);
-
- free (check);
-}
-
-static void
-test_replace_all (void)
-{
- CK_ATTRIBUTE first[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "one", 3 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE second[] = {
- { CKA_LABEL, "even", 4 },
- { CKA_VALUE, "two", 3 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE third[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "three", 5 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE fifth[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "five", 4 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE eins[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "one", 3 },
- { CKA_APPLICATION, "replace", 7 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE sieben[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "seven", 5 },
- { CKA_APPLICATION, "replace", 7 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE neun[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "nine", 4 },
- { CKA_APPLICATION, "replace", 7 },
- { CKA_INVALID }
- };
-
- CK_OBJECT_HANDLE check;
- CK_OBJECT_HANDLE one;
- CK_OBJECT_HANDLE two;
- CK_OBJECT_HANDLE three;
- CK_OBJECT_HANDLE five;
- p11_array *array;
- CK_RV rv;
-
- p11_index_add (test.index, first, 3, &one);
- assert (one != 0);
- p11_index_add (test.index, second, 3, &two);
- assert (two != 0);
- p11_index_add (test.index, third, 3, &three);
- assert (three != 0);
- p11_index_add (test.index, fifth, 3, &five);
- assert (five != 0);
-
- array = p11_array_new (p11_attrs_free);
- p11_array_push (array, p11_attrs_buildn (NULL, eins, 3));
- p11_array_push (array, p11_attrs_buildn (NULL, sieben, 3));
- p11_array_push (array, p11_attrs_buildn (NULL, neun, 3));
-
- rv = p11_index_replace_all (test.index, match, CKA_VALUE, array);
- assert (rv == CKR_OK);
-
- assert_num_eq (0, array->num);
- p11_array_free (array);
-
- /* eins should have replaced one */
- check = p11_index_find (test.index, eins, -1);
- assert_num_eq (one, check);
-
- /* two should still be around */
- check = p11_index_find (test.index, second, -1);
- assert_num_eq (two, check);
-
- /* three should have been removed */
- check = p11_index_find (test.index, third, -1);
- assert_num_eq (0, check);
-
- /* five should have been removed */
- check = p11_index_find (test.index, fifth, -1);
- assert_num_eq (0, check);
-
- /* sieben should have been added */
- check = p11_index_find (test.index, sieben, -1);
- assert (check != one && check != two && check != three && check != five);
-
- /* neun should have been added */
- check = p11_index_find (test.index, neun, -1);
- assert (check != one && check != two && check != three && check != five);
-
- assert_num_eq (4, p11_index_size (test.index));
-}
-
-static CK_RV
-on_index_build_fail (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- CK_ATTRIBUTE **populate)
-{
- CK_ATTRIBUTE *match = data;
-
- if (p11_attrs_match (merge, match))
- return CKR_FUNCTION_FAILED;
-
- return CKR_OK;
-}
-
-static void
-test_replace_all_build_fails (void)
-{
- CK_ATTRIBUTE replace[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_VALUE, "one", 3 },
- { CKA_APPLICATION, "test", 4 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match[] = {
- { CKA_LABEL, "odd", 3 },
- { CKA_INVALID }
- };
-
- p11_array *array;
- p11_index *index;
- CK_RV rv;
-
- index = p11_index_new (on_index_build_fail, NULL, NULL, NULL, &match);
- assert_ptr_not_null (index);
-
- array = p11_array_new (p11_attrs_free);
- if (!p11_array_push (array, p11_attrs_dup (replace)))
- assert_not_reached ();
-
- rv = p11_index_replace_all (index, NULL, CKA_INVALID, array);
- assert_num_eq (rv, CKR_FUNCTION_FAILED);
-
- p11_array_free (array);
- p11_index_free (index);
-}
-
-
-static CK_RV
-on_build_populate (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- CK_ATTRIBUTE **populate)
-{
- CK_ATTRIBUTE more[] = {
- { CKA_APPLICATION, "vigorous", 8 },
- { CKA_LABEL, "naay", 4 },
- };
-
- assert_str_eq (data, "blah");
- assert_ptr_not_null (index);
- assert_ptr_not_null (merge);
-
- *populate = p11_attrs_buildn (*populate, more, 2);
- return CKR_OK;
-}
-
-static void
-test_build_populate (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
-
- };
-
- CK_ATTRIBUTE after[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_APPLICATION, "vigorous", 8 },
- { CKA_INVALID }
- };
-
- CK_OBJECT_HANDLE handle;
- CK_ATTRIBUTE *check;
- p11_index *index;
- CK_RV rv;
-
- index = p11_index_new (on_build_populate, NULL, NULL, NULL, "blah");
- assert_ptr_not_null (index);
-
- rv = p11_index_add (index, original, 2, &handle);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (index, handle);
- assert_ptr_not_null (check);
-
- test_check_attrs (after, check);
-
- rv = p11_index_set (index, handle, original, 2);
- assert (rv == CKR_OK);
-
- check = p11_index_lookup (index, handle);
- assert_ptr_not_null (check);
-
- test_check_attrs (after, check);
-
- p11_index_free (index);
-}
-
-static CK_RV
-on_build_fail (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- CK_ATTRIBUTE **populate)
-{
- CK_ATTRIBUTE check[] = {
- { CKA_LABEL, "nay", 3 },
- { CKA_INVALID }
- };
-
- assert_str_eq (data, "testo");
- assert_ptr_not_null (merge);
-
- if (p11_attrs_match (merge, check))
- return CKR_DEVICE_ERROR;
-
- return CKR_OK;
-}
-
-
-static void
-test_build_fail (void)
-{
- CK_ATTRIBUTE okay[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE fails[] = {
- { CKA_LABEL, "nay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_OBJECT_HANDLE handle;
- p11_index *index;
- CK_RV rv;
-
- index = p11_index_new (on_build_fail, NULL, NULL, NULL, "testo");
- assert_ptr_not_null (index);
-
- rv = p11_index_add (index, okay, 2, &handle);
- assert (rv == CKR_OK);
-
- rv = p11_index_add (index, fails, 2, NULL);
- assert (rv == CKR_DEVICE_ERROR);
-
- rv = p11_index_set (index, handle, fails, 2);
- assert (rv == CKR_DEVICE_ERROR);
-
- rv = p11_index_set (index, handle, okay, 2);
- assert (rv == CKR_OK);
-
- p11_index_free (index);
-}
-
-static int on_change_called = 0;
-static bool on_change_removing = false;
-static bool on_change_batching = false;
-
-static void
-on_change_check (void *data,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs)
-{
- CK_ATTRIBUTE check[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
-
- };
-
- assert_str_eq (data, "change-check");
- assert_ptr_not_null (index);
- assert_ptr_not_null (attrs);
-
- if (!on_change_batching) {
- if (on_change_removing)
- assert_num_eq (0, handle);
- else
- assert (handle != 0);
- }
-
- test_check_attrs (check, attrs);
- on_change_called++;
-}
-
-static void
-test_change_called (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
-
- };
-
- CK_OBJECT_HANDLE handle;
- p11_index *index;
- CK_RV rv;
-
- index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check");
- assert_ptr_not_null (index);
-
- on_change_removing = false;
- on_change_called = 0;
-
- rv = p11_index_add (index, original, 2, NULL);
- assert (rv == CKR_OK);
-
- assert_num_eq (1, on_change_called);
-
- rv = p11_index_add (index, original, 2, NULL);
- assert (rv == CKR_OK);
-
- assert_num_eq (2, on_change_called);
-
- rv = p11_index_add (index, original, 2, &handle);
- assert (rv == CKR_OK);
-
- assert_num_eq (3, on_change_called);
-
- on_change_removing = true;
-
- rv = p11_index_remove (index, handle);
- assert (rv == CKR_OK);
-
- assert_num_eq (4, on_change_called);
-
- p11_index_free (index);
-}
-
-static void
-test_change_batch (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
-
- };
-
- CK_OBJECT_HANDLE handle;
- p11_index *index;
- CK_RV rv;
-
- index = p11_index_new (NULL, NULL, NULL, on_change_check, "change-check");
- assert_ptr_not_null (index);
-
- on_change_batching = true;
- on_change_called = 0;
-
- p11_index_load (index);
-
- assert (p11_index_loading (index));
-
- rv = p11_index_add (index, original, 2, NULL);
- assert (rv == CKR_OK);
-
- assert_num_eq (0, on_change_called);
-
- rv = p11_index_add (index, original, 2, NULL);
- assert (rv == CKR_OK);
-
- assert_num_eq (0, on_change_called);
-
- rv = p11_index_add (index, original, 2, &handle);
- assert (rv == CKR_OK);
-
- assert_num_eq (0, on_change_called);
-
- /* Nested batch is a noop */
- p11_index_load (index);
-
- rv = p11_index_remove (index, handle);
- assert (rv == CKR_OK);
-
- assert_num_eq (0, on_change_called);
-
- /*
- * Batch finishes when first finish call is called,
- * even when batches are nested
- */
- p11_index_finish (index);
-
- assert (!p11_index_loading (index));
-
- /*
- * Only three calls, because later operations on the
- * same handle override the earlier one.
- */
- assert_num_eq (3, on_change_called);
-
- /* This is a noop */
- p11_index_finish (index);
-
- assert (!p11_index_loading (index));
-
- p11_index_free (index);
-}
-
-static void
-on_change_nested (void *data,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs)
-{
- CK_RV rv;
-
- CK_ATTRIBUTE second[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
-
- };
-
- assert_str_eq (data, "change-nested");
- on_change_called++;
-
- /* A nested call */
- rv = p11_index_add (index, second, 2, NULL);
- assert (rv == CKR_OK);
-}
-
-static void
-test_change_nested (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
-
- };
-
- p11_index *index;
- CK_RV rv;
-
- index = p11_index_new (NULL, NULL, NULL, on_change_nested, "change-nested");
- assert_ptr_not_null (index);
-
- on_change_called = 0;
- rv = p11_index_add (index, original, 2, NULL);
- assert (rv == CKR_OK);
- assert_num_eq (1, on_change_called);
-
-
- on_change_called = 0;
- p11_index_load (index);
- rv = p11_index_add (index, original, 2, NULL);
- assert (rv == CKR_OK);
- p11_index_finish (index);
- assert_num_eq (1, on_change_called);
-
- p11_index_free (index);
-}
-
-static CK_RV
-on_remove_callback (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs)
-{
- int *removed = data;
- assert_ptr_not_null (removed);
- assert_num_eq (*removed, 0);
- *removed = 1;
- return CKR_OK;
-}
-
-static void
-test_remove_callback (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
-
- };
-
- CK_OBJECT_HANDLE handle;
- p11_index *index;
- int removed = 0;
- CK_RV rv;
-
- index = p11_index_new (NULL, NULL, on_remove_callback, NULL, &removed);
- assert_ptr_not_null (index);
-
- rv = p11_index_add (index, original, 2, &handle);
- assert_num_eq (rv, CKR_OK);
-
- assert_ptr_not_null (p11_index_lookup (index, handle));
-
- rv = p11_index_remove (index, handle);
- assert_num_eq (rv, CKR_OK);
-
- assert_num_eq (removed, 1);
- assert_ptr_eq (p11_index_lookup (index, handle), NULL);
-
- p11_index_free (index);
-}
-
-static CK_RV
-on_remove_fail (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs)
-{
- assert_str_eq (data, "remove-fail");
- return CKR_DEVICE_REMOVED;
-}
-
-static void
-test_remove_fail (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
-
- };
-
- CK_OBJECT_HANDLE handle;
- p11_index *index;
- CK_RV rv;
-
- index = p11_index_new (NULL, NULL, on_remove_fail, NULL, "remove-fail");
- assert_ptr_not_null (index);
-
- rv = p11_index_add (index, original, 2, &handle);
- assert (rv == CKR_OK);
-
- assert_ptr_not_null (p11_index_lookup (index, handle));
-
- rv = p11_index_remove (index, handle);
- assert_num_eq (rv, CKR_DEVICE_REMOVED);
-
- assert_ptr_not_null (p11_index_lookup (index, handle));
-
- p11_index_free (index);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_message_quiet ();
-
- p11_fixture (setup, teardown);
- p11_test (test_add_lookup, "/index/add_lookup");
- p11_test (test_take_lookup, "/index/take_lookup");
- p11_test (test_size, "/index/size");
- p11_test (test_remove, "/index/remove");
- p11_test (test_snapshot, "/index/snapshot");
- p11_test (test_snapshot_base, "/index/snapshot_base");
- p11_test (test_set, "/index/set");
- p11_test (test_update, "/index/update");
- p11_test (test_find, "/index/find");
- p11_test (test_find_all, "/index/find_all");
- p11_test (test_find_realloc, "/index/find_realloc");
- p11_test (test_replace_all, "/index/replace_all");
-
- p11_fixture (NULL, NULL);
- p11_test (test_build_populate, "/index/build_populate");
- p11_test (test_build_fail, "/index/build_fail");
- p11_test (test_change_called, "/index/change_called");
- p11_test (test_change_batch, "/index/change_batch");
- p11_test (test_change_nested, "/index/change_nested");
- p11_test (test_replace_all_build_fails, "/index/replace-all-build-fails");
- p11_test (test_remove_callback, "/index/remove-callback");
- p11_test (test_remove_fail, "/index/remove-fail");
-
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-module.c b/trust/test-module.c
deleted file mode 100644
index 1729b41..0000000
--- a/trust/test-module.c
+++ /dev/null
@@ -1,1218 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#define CRYPTOKI_EXPORTS
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "digest.h"
-#include "library.h"
-#include "path.h"
-#include "parser.h"
-#include "pkcs11x.h"
-#include "token.h"
-
-#include <assert.h>
-
-/*
- * This is the number of input paths. Should match the
- * paths below near :
- *
- * paths='%s'
- */
-#define NUM_SLOTS 3
-
-static CK_OBJECT_CLASS data = CKO_DATA;
-static CK_BBOOL vtrue = CK_TRUE;
-static CK_BBOOL vfalse = CK_FALSE;
-
-struct {
- CK_FUNCTION_LIST *module;
- CK_SLOT_ID slots[NUM_SLOTS];
- char *directory;
- p11_asn1_cache *cache;
- p11_parser *parser;
-} test;
-
-static void
-setup (void *unused)
-{
- CK_C_INITIALIZE_ARGS args;
- const char *paths;
- char *arguments;
- CK_ULONG count;
- CK_RV rv;
-
- memset (&test, 0, sizeof (test));
-
- /* This is the entry point of the trust module, linked to this test */
- rv = C_GetFunctionList (&test.module);
- assert (rv == CKR_OK);
-
- memset (&args, 0, sizeof (args));
- paths = SRCDIR "/trust/input" P11_PATH_SEP \
- SRCDIR "/trust/fixtures/self-signed-with-ku.der" P11_PATH_SEP \
- SRCDIR "/trust/fixtures/thawte.pem";
- if (asprintf (&arguments, "paths='%s'", paths) < 0)
- assert (false && "not reached");
- args.pReserved = arguments;
- args.flags = CKF_OS_LOCKING_OK;
-
- rv = test.module->C_Initialize (&args);
- assert (rv == CKR_OK);
-
- free (arguments);
-
- count = NUM_SLOTS;
- rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count);
- assert (rv == CKR_OK);
- assert (count == NUM_SLOTS);
-}
-
-static void
-teardown (void *unused)
-{
- CK_RV rv;
-
- if (test.parser)
- p11_parser_free (test.parser);
- p11_asn1_cache_free (test.cache);
-
- rv = test.module->C_Finalize (NULL);
- assert (rv == CKR_OK);
-
- free (test.directory);
-
- memset (&test, 0, sizeof (test));
-}
-
-static void
-setup_writable (void *unused)
-{
- CK_C_INITIALIZE_ARGS args;
- char *arguments;
- CK_ULONG count;
- CK_RV rv;
-
- memset (&test, 0, sizeof (test));
-
- /* This is the entry point of the trust module, linked to this test */
- rv = C_GetFunctionList (&test.module);
- assert (rv == CKR_OK);
-
- test.directory = p11_test_directory ("test-module");
-
- memset (&args, 0, sizeof (args));
- if (asprintf (&arguments, "paths='%s'", test.directory) < 0)
- assert (false && "not reached");
- args.pReserved = arguments;
- args.flags = CKF_OS_LOCKING_OK;
-
- rv = test.module->C_Initialize (&args);
- assert (rv == CKR_OK);
-
- free (arguments);
-
- count = 1;
- rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count);
- assert_num_eq (rv, CKR_OK);
- assert_num_eq (count, 1);
-
- test.cache = p11_asn1_cache_new ();
- test.parser = p11_parser_new (test.cache);
- p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
-}
-
-static void
-test_get_slot_list (void)
-{
- CK_SLOT_ID slots[NUM_SLOTS];
- CK_ULONG count;
- CK_RV rv;
- int i;
-
- rv = test.module->C_GetSlotList (TRUE, NULL, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (NUM_SLOTS, count);
-
- count = 1;
- rv = test.module->C_GetSlotList (TRUE, slots, &count);
- assert_num_eq (CKR_BUFFER_TOO_SMALL, rv);
- assert_num_eq (NUM_SLOTS, count);
-
- count = NUM_SLOTS;
- memset (slots, 0, sizeof (slots));
- rv = test.module->C_GetSlotList (TRUE, slots, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (NUM_SLOTS, count);
-
- for (i = 0; i < NUM_SLOTS; i++)
- assert (slots[i] != 0);
-}
-
-static void
-test_null_initialize (void)
-{
- CK_FUNCTION_LIST *module;
- CK_RV rv;
-
- /* This is the entry point of the trust module, linked to this test */
- rv = C_GetFunctionList (&module);
- assert_num_eq (rv, CKR_OK);
-
- rv = module->C_Initialize (NULL);
- assert_num_eq (rv, CKR_OK);
-
- rv = module->C_Finalize (NULL);
- assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_multi_initialize (void)
-{
- static CK_C_INITIALIZE_ARGS args =
- { NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, };
- CK_FUNCTION_LIST *module;
- CK_SESSION_HANDLE session;
- CK_SLOT_ID slots[8];
- CK_SESSION_INFO info;
- CK_ULONG count;
- CK_RV rv;
-
- /* This is the entry point of the trust module, linked to this test */
- rv = C_GetFunctionList (&module);
- assert_num_eq (rv, CKR_OK);
-
- args.pReserved = "paths='" SYSCONFDIR "/trust/input'";
- rv = module->C_Initialize (&args);
- assert_num_eq (rv, CKR_OK);
-
- count = 8;
- rv = module->C_GetSlotList (CK_TRUE, slots, &count);
- assert_num_eq (rv, CKR_OK);
- assert_num_cmp (count, ==, 1);
-
- rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert_num_eq (rv, CKR_OK);
-
- rv = module->C_GetSessionInfo (session, &info);
- assert_num_eq (rv, CKR_OK);
- assert_num_eq (info.slotID, slots[0]);
-
- rv = module->C_Initialize (&args);
- assert_num_eq (rv, CKR_OK);
-
- rv = module->C_GetSessionInfo (session, &info);
- assert_num_eq (rv, CKR_OK);
- assert_num_eq (info.slotID, slots[0]);
-
- rv = module->C_Finalize (NULL);
- assert_num_eq (CKR_OK, rv);
-
- rv = module->C_Finalize (NULL);
- assert_num_eq (CKR_OK, rv);
-
- rv = module->C_Finalize (NULL);
- assert_num_eq (CKR_CRYPTOKI_NOT_INITIALIZED, rv);
-}
-
-static void
-test_get_slot_info (void)
-{
- CK_SLOT_ID slots[NUM_SLOTS];
- CK_SLOT_INFO info;
- char description[64];
- CK_ULONG count;
- size_t length;
- CK_RV rv;
- int i;
-
- /* These are the paths passed in in setup() */
- const char *paths[] = {
- SRCDIR "/trust/input",
- SRCDIR "/trust/fixtures/self-signed-with-ku.der",
- SRCDIR "/trust/fixtures/thawte.pem"
- };
-
- count = NUM_SLOTS;
- rv = test.module->C_GetSlotList (TRUE, slots, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (NUM_SLOTS, count);
-
- for (i = 0; i < NUM_SLOTS; i++) {
- rv = test.module->C_GetSlotInfo (slots[i], &info);
- assert_num_eq (CKR_OK, rv);
-
- memset (description, ' ', sizeof (description));
- length = strlen(paths[i]);
- if (length > sizeof (description))
- length = sizeof (description);
- memcpy (description, paths[i], length);
- assert (memcmp (info.slotDescription, description, sizeof (description)) == 0);
- }
-}
-
-static void
-test_get_token_info (void)
-{
- CK_C_INITIALIZE_ARGS args;
- CK_FUNCTION_LIST *module;
- CK_SLOT_ID slots[NUM_SLOTS];
- CK_TOKEN_INFO info;
- char label[32];
- CK_ULONG count;
- CK_RV rv;
- int i;
-
- /* These are the paths passed in in setup() */
- const char *labels[] = {
- "System Trust",
- "Default Trust",
- "the-basename",
- };
-
- /* This is the entry point of the trust module, linked to this test */
- rv = C_GetFunctionList (&module);
- assert (rv == CKR_OK);
-
- memset (&args, 0, sizeof (args));
- args.pReserved = "paths='" \
- SYSCONFDIR "/trust/input" P11_PATH_SEP \
- DATA_DIR "/trust/fixtures/blah" P11_PATH_SEP \
- "/some/other/path/the-basename'";
- args.flags = CKF_OS_LOCKING_OK;
-
- rv = module->C_Initialize (&args);
- assert (rv == CKR_OK);
-
- count = NUM_SLOTS;
- rv = module->C_GetSlotList (CK_TRUE, slots, &count);
- assert (rv == CKR_OK);
- assert (count == NUM_SLOTS);
-
- for (i = 0; i < NUM_SLOTS; i++) {
- rv = module->C_GetTokenInfo (slots[i], &info);
- assert_num_eq (CKR_OK, rv);
-
- memset (label, ' ', sizeof (label));
- memcpy (label, labels[i], strlen (labels[i]));
- assert (memcmp (info.label, label, sizeof (label)) == 0);
- }
-
- rv = module->C_Finalize (NULL);
- assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_get_session_info (void)
-{
- CK_SLOT_ID slots[NUM_SLOTS];
- CK_SESSION_HANDLE sessions[NUM_SLOTS];
- CK_SESSION_INFO info;
- CK_ULONG count;
- CK_RV rv;
- int i;
-
- count = NUM_SLOTS;
- rv = test.module->C_GetSlotList (TRUE, slots, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (NUM_SLOTS, count);
-
- /* Open two sessions with each token */
- for (i = 0; i < NUM_SLOTS; i++) {
- rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i]);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_GetSessionInfo (sessions[i], &info);
- assert_num_eq (CKR_OK, rv);
-
- assert_num_eq (slots[i], info.slotID);
- assert_num_eq (CKF_SERIAL_SESSION, info.flags);
- }
-}
-
-static void
-test_close_all_sessions (void)
-{
- CK_SLOT_ID slots[NUM_SLOTS];
- CK_SESSION_HANDLE sessions[NUM_SLOTS][2];
- CK_SESSION_INFO info;
- CK_ULONG count;
- CK_RV rv;
- int i;
-
- count = NUM_SLOTS;
- rv = test.module->C_GetSlotList (TRUE, slots, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (NUM_SLOTS, count);
-
- /* Open two sessions with each token */
- for (i = 0; i < NUM_SLOTS; i++) {
- rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][0]);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][1]);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
- assert_num_eq (CKR_OK, rv);
- }
-
- /* Close all the sessions on the first token */
- rv = test.module->C_CloseAllSessions (slots[0]);
- assert_num_eq (CKR_OK, rv);
-
- /* Those sessions should be closed */
- rv = test.module->C_GetSessionInfo (sessions[0][0], &info);
- assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv);
- rv = test.module->C_GetSessionInfo (sessions[0][1], &info);
- assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv);
-
- /* Other sessions should still be open */
- for (i = 1; i < NUM_SLOTS; i++) {
- rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
- assert_num_eq (CKR_OK, rv);
- rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
- assert_num_eq (CKR_OK, rv);
- }
-}
-
-static CK_ULONG
-find_objects (CK_ATTRIBUTE *match,
- CK_OBJECT_HANDLE *sessions,
- CK_OBJECT_HANDLE *objects,
- CK_ULONG max_objects)
-{
- CK_SESSION_HANDLE session;
- CK_RV rv;
- CK_ULONG found;
- CK_ULONG count;
- int i, j;
-
- found = 0;
- for (i = 0; i < NUM_SLOTS; i++) {
- rv = test.module->C_OpenSession (test.slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
-
- rv = test.module->C_FindObjectsInit (session, match, p11_attrs_count (match));
- assert (rv == CKR_OK);
- rv = test.module->C_FindObjects (session, objects + found, max_objects - found, &count);
- assert (rv == CKR_OK);
- rv = test.module->C_FindObjectsFinal (session);
- assert (rv == CKR_OK);
-
- for (j = found ; j < found + count; j++)
- sessions[j] = session;
- found += count;
- }
-
- assert (found < max_objects);
- return found;
-}
-
-static void
-check_trust_object_equiv (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE trust,
- CK_ATTRIBUTE *cert)
-{
- unsigned char subject[1024];
- unsigned char issuer[1024];
- unsigned char serial[128];
- CK_BBOOL private;
- CK_BBOOL token;
- CK_RV rv;
-
- /* The following attributes should be equivalent to the certificate */
- CK_ATTRIBUTE equiv[] = {
- { CKA_TOKEN, &token, sizeof (token) },
- { CKA_PRIVATE, &private, sizeof (private) },
- { CKA_ISSUER, issuer, sizeof (issuer) },
- { CKA_SUBJECT, subject, sizeof (subject) },
- { CKA_SERIAL_NUMBER, serial, sizeof (serial) },
- { CKA_INVALID, },
- };
-
- rv = test.module->C_GetAttributeValue (session, trust, equiv, 5);
- assert_num_eq (CKR_OK, rv);
-
- test_check_attrs (equiv, cert);
-}
-
-static void
-check_trust_object_hashes (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE trust,
- CK_ATTRIBUTE *cert)
-{
- unsigned char sha1[P11_DIGEST_SHA1_LEN];
- unsigned char md5[P11_DIGEST_MD5_LEN];
- unsigned char check[128];
- CK_ATTRIBUTE *value;
- CK_RV rv;
-
- CK_ATTRIBUTE hashes[] = {
- { CKA_CERT_SHA1_HASH, sha1, sizeof (sha1) },
- { CKA_CERT_MD5_HASH, md5, sizeof (md5) },
- { CKA_INVALID, },
- };
-
- rv = test.module->C_GetAttributeValue (session, trust, hashes, 2);
- assert (rv == CKR_OK);
-
- value = p11_attrs_find_valid (cert, CKA_VALUE);
- assert_ptr_not_null (value);
-
- p11_digest_md5 (check, value->pValue, value->ulValueLen, NULL);
- assert (memcmp (md5, check, sizeof (md5)) == 0);
-
- p11_digest_sha1 (check, value->pValue, value->ulValueLen, NULL);
- assert (memcmp (sha1, check, sizeof (sha1)) == 0);
-}
-
-static void
-check_has_trust_object (CK_ATTRIBUTE *cert)
-{
- CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
- CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) };
- CK_OBJECT_HANDLE objects[2];
- CK_SESSION_HANDLE sessions[2];
- CK_ATTRIBUTE *match;
- CK_ATTRIBUTE *attr;
- CK_ULONG count;
-
- attr = p11_attrs_find_valid (cert, CKA_ID);
- assert_ptr_not_null (attr);
-
- match = p11_attrs_build (NULL, &klass, attr, NULL);
- count = find_objects (match, sessions, objects, 2);
- assert_num_eq (1, count);
-
- check_trust_object_equiv (sessions[0], objects[0], cert);
- check_trust_object_hashes (sessions[0], objects[0], cert);
-
- p11_attrs_free (match);
-}
-
-static void
-check_certificate (CK_SESSION_HANDLE session,
- CK_OBJECT_HANDLE handle)
-{
- unsigned char label[4096]= { 0, };
- CK_OBJECT_CLASS klass;
- unsigned char value[4096];
- unsigned char subject[1024];
- unsigned char issuer[1024];
- unsigned char serial[128];
- unsigned char id[128];
- CK_CERTIFICATE_TYPE type;
- CK_BYTE check[3];
- CK_DATE start;
- CK_DATE end;
- CK_ULONG category;
- CK_BBOOL private;
- CK_BBOOL token;
- CK_RV rv;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_TOKEN, &token, sizeof (token) },
- { CKA_PRIVATE, &private, sizeof (private) },
- { CKA_VALUE, value, sizeof (value) },
- { CKA_ISSUER, issuer, sizeof (issuer) },
- { CKA_SUBJECT, subject, sizeof (subject) },
- { CKA_CERTIFICATE_TYPE, &type, sizeof (type) },
- { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
- { CKA_START_DATE, &start, sizeof (start) },
- { CKA_END_DATE, &end, sizeof (end) },
- { CKA_SERIAL_NUMBER, serial, sizeof (serial) },
- { CKA_CHECK_VALUE, check, sizeof (check) },
- { CKA_ID, id, sizeof (id) },
- { CKA_LABEL, label, sizeof (label) },
- { CKA_INVALID, },
- };
-
- /* Note that we don't pass the CKA_INVALID attribute in */
- rv = test.module->C_GetAttributeValue (session, handle, attrs, 14);
- assert_num_eq (rv, CKR_OK);
-
- /* If this is the cacert3 certificate, check its values */
- if (memcmp (value, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)) == 0) {
- CK_BBOOL trusted;
- CK_BBOOL vtrue = CK_TRUE;
-
- CK_ATTRIBUTE anchor[] = {
- { CKA_TRUSTED, &trusted, sizeof (trusted) },
- { CKA_INVALID, },
- };
-
- CK_ATTRIBUTE check[] = {
- { CKA_TRUSTED, &vtrue, sizeof (vtrue) },
- { CKA_INVALID, },
- };
-
- test_check_cacert3_ca (attrs, NULL);
-
- /* Get anchor specific attributes */
- rv = test.module->C_GetAttributeValue (session, handle, anchor, 1);
- assert (rv == CKR_OK);
-
- /* It lives in the trusted directory */
- test_check_attrs (check, anchor);
-
- /* Other certificates, we can't check the values */
- } else {
- test_check_object (attrs, CKO_CERTIFICATE, NULL);
- }
-
- check_has_trust_object (attrs);
-}
-
-static void
-test_find_certificates (void)
-{
- CK_OBJECT_CLASS klass = CKO_CERTIFICATE;
-
- CK_ATTRIBUTE match[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_INVALID, }
- };
-
- CK_OBJECT_HANDLE objects[16];
- CK_SESSION_HANDLE sessions[16];
- CK_ULONG count;
- CK_ULONG i;
-
- count = find_objects (match, sessions, objects, 16);
- assert_num_eq (8, count);
-
- for (i = 0; i < count; i++)
- check_certificate (sessions[i], objects[i]);
-}
-
-static void
-test_find_builtin (void)
-{
- CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST;
-
- CK_ATTRIBUTE match[] = {
- { CKA_CLASS, &klass, sizeof (klass) },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_PRIVATE, &vfalse, sizeof (vfalse) },
- { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) },
- { CKA_INVALID, }
- };
-
- CK_OBJECT_HANDLE objects[16];
- CK_SESSION_HANDLE sessions[16];
- CK_ULONG count;
-
- /* One per token */
- count = find_objects (match, sessions, objects, 16);
- assert_num_eq (NUM_SLOTS, count);
-}
-
-static void
-test_session_object (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_ULONG size;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
-
- rv = test.module->C_CreateObject (session, original, 2, &handle);
- assert (rv == CKR_OK);
-
- rv = test.module->C_GetObjectSize (session, handle, &size);
- assert (rv == CKR_OK);
-}
-
-static void
-test_session_find (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_OBJECT_HANDLE check;
- CK_ULONG count;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_CreateObject (session, original, 2, &handle);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_FindObjectsInit (session, original, 2);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_FindObjects (session, &check, 1, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (1, count);
- assert_num_eq (handle, check);
-
- rv = test.module->C_FindObjectsFinal (session);
- assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_session_find_no_attr (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match[] = {
- { CKA_COLOR, "blah", 4 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_OBJECT_HANDLE check;
- CK_ULONG count;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_CreateObject (session, original, 3, &handle);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_FindObjectsInit (session, match, 1);
- assert_num_eq (CKR_OK, rv);
- rv = test.module->C_FindObjects (session, &check, 1, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (0, count);
- rv = test.module->C_FindObjectsFinal (session);
- assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_lookup_invalid (void)
-{
- CK_SESSION_HANDLE session;
- CK_ULONG size;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
-
- rv = test.module->C_GetObjectSize (session, 88888, &size);
- assert (rv == CKR_OBJECT_HANDLE_INVALID);
-}
-
-static void
-test_remove_token (void)
-{
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_ULONG count;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert_num_eq (rv, CKR_OK);
-
- rv = test.module->C_FindObjectsInit (session, NULL, 0);
- assert_num_eq (rv, CKR_OK);
-
- rv = test.module->C_FindObjects (session, &handle, 1, &count);
- assert_num_eq (rv, CKR_OK);
- assert_num_eq (1, count);
-
- rv = test.module->C_DestroyObject (session, handle);
- if (rv != CKR_TOKEN_WRITE_PROTECTED)
- assert_num_eq (rv, CKR_SESSION_READ_ONLY);
-}
-
-static void
-test_setattr_token (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_ULONG count;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert_num_eq (rv, CKR_OK);
-
- rv = test.module->C_FindObjectsInit (session, NULL, 0);
- assert_num_eq (rv, CKR_OK);
-
- rv = test.module->C_FindObjects (session, &handle, 1, &count);
- assert_num_eq (rv, CKR_OK);
- assert_num_eq (1, count);
-
- rv = test.module->C_SetAttributeValue (session, handle, original, 2);
- if (rv != CKR_TOKEN_WRITE_PROTECTED)
- assert_num_eq (rv, CKR_ATTRIBUTE_READ_ONLY);
-}
-
-static void
-test_session_copy (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_OBJECT_HANDLE copy;
- CK_ULONG size;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_CreateObject (session, original, 2, &handle);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_CopyObject (session, handle, original, 2, &copy);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_GetObjectSize (session, copy, &size);
- assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_session_setattr (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
-
- rv = test.module->C_CreateObject (session, original, 2, &handle);
- assert (rv == CKR_OK);
-
- rv = test.module->C_SetAttributeValue (session, handle, original, 2);
- assert (rv == CKR_OK);
-}
-
-static void
-test_session_remove (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
-
- rv = test.module->C_CreateObject (session, original, 2, &handle);
- assert (rv == CKR_OK);
-
- rv = test.module->C_DestroyObject (session, handle);
- assert (rv == CKR_OK);
-
- rv = test.module->C_DestroyObject (session, handle);
- assert (rv == CKR_OBJECT_HANDLE_INVALID);
-}
-
-static void
-test_find_serial_der_decoded (void)
-{
- CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-
- CK_ATTRIBUTE object[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust) },
- { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match_decoded[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust) },
- { CKA_SERIAL_NUMBER, "\x01\x02\x03", 3 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_OBJECT_HANDLE check;
- CK_ULONG count;
- CK_RV rv;
-
- /*
- * WORKAROUND: NSS calls us asking for CKA_SERIAL_NUMBER items that are
- * not DER encoded. It shouldn't be doing this. We never return any certificate
- * serial numbers that are not DER encoded.
- *
- * So work around the issue here while the NSS guys fix this issue.
- * This code should be removed in future versions.
- *
- * See work_around_broken_nss_serial_number_lookups().
- */
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_CreateObject (session, object, 2, &handle);
- assert_num_eq (CKR_OK, rv);
-
- /* Do a standard find for the same object */
- rv = test.module->C_FindObjectsInit (session, object, 2);
- assert_num_eq (CKR_OK, rv);
- rv = test.module->C_FindObjects (session, &check, 1, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (1, count);
- assert_num_eq (handle, check);
- rv = test.module->C_FindObjectsFinal (session);
- assert_num_eq (CKR_OK, rv);
-
- /* Do a find for the serial number decoded */
- rv = test.module->C_FindObjectsInit (session, match_decoded, 2);
- assert_num_eq (CKR_OK, rv);
- rv = test.module->C_FindObjects (session, &check, 1, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (1, count);
- assert_num_eq (handle, check);
- rv = test.module->C_FindObjectsFinal (session);
- assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_find_serial_der_mismatch (void)
-{
- CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-
- CK_ATTRIBUTE object[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust) },
- { CKA_SERIAL_NUMBER, "\x02\x03\x01\x02\x03", 5 },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE match[] = {
- { CKA_SERIAL_NUMBER, NULL, 0 },
- { CKA_CLASS, &nss_trust, sizeof (nss_trust) },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_OBJECT_HANDLE check;
- CK_ULONG count;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert_num_eq (CKR_OK, rv);
-
- rv = test.module->C_CreateObject (session, object, 2, &handle);
- assert_num_eq (CKR_OK, rv);
-
- /* Do a find with a null serial number, no match */
- rv = test.module->C_FindObjectsInit (session, match, 2);
- assert_num_eq (CKR_OK, rv);
- rv = test.module->C_FindObjects (session, &check, 1, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (0, count);
- rv = test.module->C_FindObjectsFinal (session);
- assert_num_eq (CKR_OK, rv);
-
- /* Do a find with a wrong length, no match */
- match[0].pValue = "at";
- match[0].ulValueLen = 2;
- rv = test.module->C_FindObjectsInit (session, match, 2);
- assert_num_eq (CKR_OK, rv);
- rv = test.module->C_FindObjects (session, &check, 1, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (0, count);
- rv = test.module->C_FindObjectsFinal (session);
- assert_num_eq (CKR_OK, rv);
-
- /* Do a find with a right length, wrong value, no match */
- match[0].pValue = "one";
- match[0].ulValueLen = 3;
- rv = test.module->C_FindObjectsInit (session, match, 2);
- assert_num_eq (CKR_OK, rv);
- rv = test.module->C_FindObjects (session, &check, 1, &count);
- assert_num_eq (CKR_OK, rv);
- assert_num_eq (0, count);
- rv = test.module->C_FindObjectsFinal (session);
- assert_num_eq (CKR_OK, rv);
-}
-
-static void
-test_login_logout (void)
-{
- CK_SESSION_HANDLE session;
- CK_RV rv;
-
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
- assert (rv == CKR_OK);
-
- /* Just testing our stubs for now */
-
- rv = test.module->C_Login (session, CKU_USER, NULL, 0);
- assert (rv == CKR_USER_TYPE_INVALID);
-
- rv = test.module->C_Logout (session);
- assert (rv == CKR_USER_NOT_LOGGED_IN);
-}
-
-static void
-test_token_writable (void)
-{
- CK_TOKEN_INFO info;
- CK_RV rv;
-
- rv = test.module->C_GetTokenInfo (test.slots[0], &info);
-
- assert_num_eq (rv, CKR_OK);
- assert_num_eq (info.flags & CKF_WRITE_PROTECTED, 0);
-}
-
-static void
-test_session_read_only_create (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- /* Read-only session */
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION,
- NULL, NULL, &session);
- assert (rv == CKR_OK);
-
- /* Create a token object */
- rv = test.module->C_CreateObject (session, original, 4, &handle);
- assert_num_eq (rv, CKR_SESSION_READ_ONLY);
-}
-
-static void
-test_create_and_write (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "eight", 5 },
- { CKA_APPLICATION, "", 0 },
- { CKA_OBJECT_ID, "", 0 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- p11_array *parsed;
- char *path;
- CK_RV rv;
- int ret;
-
- /* Read-only session */
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION,
- NULL, NULL, &session);
- assert_num_eq (rv, CKR_OK);
-
- /* Create a token object */
- rv = test.module->C_CreateObject (session, original, 4, &handle);
- assert_num_eq (rv, CKR_OK);
-
- /* The expected file name */
- path = p11_path_build (test.directory, "yay.p11-kit", NULL);
- p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
- ret = p11_parse_file (test.parser, path, NULL, 0);
- assert_num_eq (ret, P11_PARSE_SUCCESS);
- free (path);
-
- parsed = p11_parser_parsed (test.parser);
- assert_num_eq (parsed->num, 1);
-
- test_check_attrs (expected, parsed->elem[0]);
-}
-
-static void
-test_modify_and_write (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_VALUE, "eight", 5 },
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_MODIFIABLE, &vtrue, sizeof (vtrue) },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "yay", 3 },
- { CKA_VALUE, "nine", 4 },
- { CKA_APPLICATION, "", 0 },
- { CKA_OBJECT_ID, "", 0 },
- { CKA_INVALID }
- };
-
- CK_SESSION_HANDLE session;
- CK_OBJECT_HANDLE handle;
- p11_array *parsed;
- char *path;
- CK_RV rv;
- int ret;
-
- /* Read-only session */
- rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION | CKF_RW_SESSION,
- NULL, NULL, &session);
- assert_num_eq (rv, CKR_OK);
-
- /* Create a token object */
- rv = test.module->C_CreateObject (session, original, 5, &handle);
- assert_num_eq (rv, CKR_OK);
-
- /* Now modify the object */
- original[0].pValue = "nine";
- original[0].ulValueLen = 4;
-
- rv = test.module->C_SetAttributeValue (session, handle, original, 5);
- assert_num_eq (rv, CKR_OK);
-
- /* The expected file name */
- path = p11_path_build (test.directory, "yay.p11-kit", NULL);
- ret = p11_parse_file (test.parser, path, NULL, 0);
- assert_num_eq (ret, P11_PARSE_SUCCESS);
- free (path);
-
- parsed = p11_parser_parsed (test.parser);
- assert_num_eq (parsed->num, 1);
-
- test_check_attrs (expected, parsed->elem[0]);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_library_init ();
-
- p11_fixture (setup, teardown);
- p11_test (test_get_slot_list, "/module/get_slot_list");
- p11_test (test_get_slot_info, "/module/get_slot_info");
-
- p11_fixture (NULL, NULL);
- p11_test (test_null_initialize, "/module/initialize-null");
- p11_test (test_multi_initialize, "/module/initialize-multi");
- p11_test (test_get_token_info, "/module/get_token_info");
-
- p11_fixture (setup, teardown);
- p11_test (test_get_session_info, "/module/get_session_info");
- p11_test (test_close_all_sessions, "/module/close_all_sessions");
- p11_test (test_find_certificates, "/module/find_certificates");
- p11_test (test_find_builtin, "/module/find_builtin");
- p11_test (test_lookup_invalid, "/module/lookup_invalid");
- p11_test (test_remove_token, "/module/remove_token");
- p11_test (test_setattr_token, "/module/setattr_token");
- p11_test (test_session_object, "/module/session_object");
- p11_test (test_session_find, "/module/session_find");
- p11_test (test_session_find_no_attr, "/module/session_find_no_attr");
- p11_test (test_session_copy, "/module/session_copy");
- p11_test (test_session_remove, "/module/session_remove");
- p11_test (test_session_setattr, "/module/session_setattr");
- p11_test (test_find_serial_der_decoded, "/module/find_serial_der_decoded");
- p11_test (test_find_serial_der_mismatch, "/module/find_serial_der_mismatch");
- p11_test (test_login_logout, "/module/login_logout");
-
- p11_fixture (setup_writable, teardown);
- p11_test (test_token_writable, "/module/token-writable");
- p11_test (test_session_read_only_create, "/module/session-read-only-create");
- p11_test (test_create_and_write, "/module/create-and-write");
- p11_test (test_modify_and_write, "/module/modify-and-write");
-
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-oid.c b/trust/test-oid.c
deleted file mode 100644
index 0635d0a..0000000
--- a/trust/test-oid.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "debug.h"
-#include "oid.h"
-
-#include <libtasn1.h>
-
-#include "pkix.asn.h"
-
-static void
-test_known_oids (void)
-{
- char buffer[128];
- node_asn *definitions = NULL;
- node_asn *node;
- int ret;
- int len;
- int i;
-
- struct {
- const unsigned char *oid;
- size_t length;
- const char *string;
- } known_oids[] = {
- { P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER), P11_OID_SUBJECT_KEY_IDENTIFIER_STR, },
- { P11_OID_KEY_USAGE, sizeof (P11_OID_KEY_USAGE), P11_OID_KEY_USAGE_STR, },
- { P11_OID_BASIC_CONSTRAINTS, sizeof (P11_OID_BASIC_CONSTRAINTS), P11_OID_BASIC_CONSTRAINTS_STR },
- { P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE), P11_OID_EXTENDED_KEY_USAGE_STR },
- { P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT), P11_OID_OPENSSL_REJECT_STR },
- { P11_OID_SERVER_AUTH, sizeof (P11_OID_SERVER_AUTH), P11_OID_SERVER_AUTH_STR },
- { P11_OID_CLIENT_AUTH, sizeof (P11_OID_CLIENT_AUTH), P11_OID_CLIENT_AUTH_STR },
- { P11_OID_CODE_SIGNING, sizeof (P11_OID_CODE_SIGNING), P11_OID_CODE_SIGNING_STR },
- { P11_OID_EMAIL_PROTECTION, sizeof (P11_OID_EMAIL_PROTECTION), P11_OID_EMAIL_PROTECTION_STR },
- { P11_OID_IPSEC_END_SYSTEM, sizeof (P11_OID_IPSEC_END_SYSTEM), P11_OID_IPSEC_END_SYSTEM_STR },
- { P11_OID_IPSEC_TUNNEL, sizeof (P11_OID_IPSEC_TUNNEL), P11_OID_IPSEC_TUNNEL_STR },
- { P11_OID_IPSEC_USER, sizeof (P11_OID_IPSEC_USER), P11_OID_IPSEC_USER_STR },
- { P11_OID_TIME_STAMPING, sizeof (P11_OID_TIME_STAMPING), P11_OID_TIME_STAMPING_STR },
- { P11_OID_RESERVED_PURPOSE, sizeof (P11_OID_RESERVED_PURPOSE), P11_OID_RESERVED_PURPOSE_STR },
- { NULL },
- };
-
- ret = asn1_array2tree (pkix_asn1_tab, &definitions, NULL);
- assert (ret == ASN1_SUCCESS);
-
- for (i = 0; known_oids[i].oid != NULL; i++) {
-
- assert (p11_oid_simple (known_oids[i].oid, known_oids[i].length));
- assert_num_eq (known_oids[i].length, p11_oid_length (known_oids[i].oid));
- assert (p11_oid_equal (known_oids[i].oid, known_oids[i].oid));
-
- if (i > 0)
- assert (!p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid));
-
- /* AttributeType is a OBJECT IDENTIFIER */
- ret = asn1_create_element (definitions, "PKIX1.AttributeType", &node);
- assert (ret == ASN1_SUCCESS);
-
- ret = asn1_der_decoding (&node, known_oids[i].oid, known_oids[i].length, NULL);
- assert (ret == ASN1_SUCCESS);
-
- len = sizeof (buffer);
- ret = asn1_read_value (node, "", buffer, &len);
- assert (ret == ASN1_SUCCESS);
-
- assert_str_eq (known_oids[i].string, buffer);
-
- asn1_delete_structure (&node);
- }
-
- asn1_delete_structure (&definitions);
-}
-
-static void
-test_hash (void)
-{
- assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, 0);
- assert_num_cmp (p11_oid_hash (P11_OID_CN), ==, p11_oid_hash (P11_OID_CN));
- assert_num_cmp (p11_oid_hash (P11_OID_CN), !=, p11_oid_hash (P11_OID_BASIC_CONSTRAINTS));
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_known_oids, "/oids/known");
- p11_test (test_hash, "/oids/hash");
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-openssl.c b/trust/test-openssl.c
deleted file mode 100644
index 3cba1ed..0000000
--- a/trust/test-openssl.c
+++ /dev/null
@@ -1,662 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#define P11_KIT_DISABLE_DEPRECATED
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "buffer.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "extract.h"
-#include "message.h"
-#include "mock.h"
-#include "path.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "oid.h"
-#include "test.h"
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
-
-struct {
- CK_FUNCTION_LIST module;
- p11_enumerate ex;
- char *directory;
-} test;
-
-static void
-setup (void *unused)
-{
- CK_RV rv;
-
- mock_module_reset ();
- memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
- rv = test.module.C_Initialize (NULL);
- assert_num_eq (CKR_OK, rv);
-
- p11_enumerate_init (&test.ex);
-
- test.directory = p11_test_directory ("test-extract");
-}
-
-static void
-teardown (void *unused)
-{
- CK_RV rv;
-
- if (rmdir (test.directory) < 0)
- assert_not_reached ();
- free (test.directory);
-
- p11_enumerate_cleanup (&test.ex);
- p11_kit_iter_free (test.ex.iter);
-
- rv = test.module.C_Finalize (NULL);
- assert_num_eq (CKR_OK, rv);
-}
-
-static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS extension_class = CKO_X_CERTIFICATE_EXTENSION;
-static CK_CERTIFICATE_TYPE x509_type = CKC_X_509;
-static CK_BBOOL vtrue = CK_TRUE;
-
-static CK_ATTRIBUTE cacert3_authority_attrs[] = {
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
- { CKA_LABEL, "Custom Label", 12 },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_TRUSTED, &vtrue, sizeof (vtrue) },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE verisign_v1_attrs[] = {
- { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
- { CKA_LABEL, "Custom Label", 12 },
- { CKA_SUBJECT, (void *)verisign_v1_ca_subject, sizeof (verisign_v1_ca_subject) },
- { CKA_PUBLIC_KEY_INFO, (void *)verisign_v1_ca_public_key, sizeof (verisign_v1_ca_public_key) },
- { CKA_TRUSTED, &vtrue, sizeof (vtrue) },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE extension_eku_server[] = {
- { CKA_CLASS, &extension_class, sizeof (extension_class) },
- { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_VALUE, "\x30\x13\x06\x03\x55\x1d\x25\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 21 },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE extension_reject_email[] = {
- { CKA_CLASS, &extension_class, sizeof (extension_class) },
- { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
- { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_INVALID },
-};
-
-static CK_ATTRIBUTE certificate_filter[] = {
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_INVALID },
-};
-
-static void
-setup_objects (const CK_ATTRIBUTE *attrs,
- ...) GNUC_NULL_TERMINATED;
-
-static void
-setup_objects (const CK_ATTRIBUTE *attrs,
- ...)
-{
- static CK_ULONG id_value = 8888;
-
- CK_ATTRIBUTE id = { CKA_ID, &id_value, sizeof (id_value) };
- CK_ATTRIBUTE *copy;
- va_list va;
-
- va_start (va, attrs);
- while (attrs != NULL) {
- copy = p11_attrs_build (p11_attrs_dup (attrs), &id, NULL);
- assert (copy != NULL);
- mock_module_take_object (MOCK_SLOT_ONE_ID, copy);
- attrs = va_arg (va, const CK_ATTRIBUTE *);
- }
- va_end (va);
-
- id_value++;
-}
-
-static void
-test_file (void)
-{
- char *destination;
- bool ret;
-
- setup_objects (cacert3_authority_attrs,
- extension_eku_server,
- extension_reject_email,
- NULL);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_openssl_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_file (test.directory, "extract.pem",
- SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem");
-
- free (destination);
-}
-
-static void
-test_plain (void)
-{
- char *destination;
- bool ret;
-
- setup_objects (cacert3_authority_attrs, NULL);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_openssl_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_file (test.directory, "extract.pem",
- SRCDIR "/trust/fixtures/cacert3-trusted-alias.pem");
-
- free (destination);
-}
-
-static void
-test_keyid (void)
-{
- char *destination;
- bool ret;
-
- static CK_ATTRIBUTE cacert3_plain[] = {
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_TRUSTED, &vtrue, sizeof (vtrue) },
- { CKA_INVALID },
- };
-
- static CK_ATTRIBUTE extension_subject_key_identifier[] = {
- { CKA_CLASS, &extension_class, sizeof (extension_class) },
- { CKA_OBJECT_ID, (void *)P11_OID_SUBJECT_KEY_IDENTIFIER, sizeof (P11_OID_SUBJECT_KEY_IDENTIFIER) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_VALUE, "\x30\x0e\x06\x03\x55\x1d\x0e\x04\x07\x00\x01\x02\x03\x04\x05\x06", 16 },
- { CKA_INVALID },
- };
-
- setup_objects (cacert3_plain, extension_subject_key_identifier, NULL);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_openssl_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_file (test.directory, "extract.pem",
- SRCDIR "/trust/fixtures/cacert3-trusted-keyid.pem");
-
- free (destination);
-}
-
-static void
-test_not_authority (void)
-{
- char *destination;
- bool ret;
-
- static CK_ATTRIBUTE cacert3_not_trusted[] = {
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_INVALID },
- };
-
- setup_objects (cacert3_not_trusted, NULL);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_openssl_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_file (test.directory, "extract.pem",
- SRCDIR "/trust/fixtures/cacert3-not-trusted.pem");
-
- free (destination);
-}
-
-static void
-test_distrust_all (void)
-{
- char *destination;
- bool ret;
-
- static CK_ATTRIBUTE cacert3_blacklist[] = {
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CLASS, &certificate_class, sizeof (certificate_class) },
- { CKA_CERTIFICATE_TYPE, &x509_type, sizeof (x509_type) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_X_DISTRUSTED, &vtrue, sizeof (vtrue) },
- { CKA_INVALID },
- };
-
- setup_objects (cacert3_blacklist, NULL);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_openssl_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_file (test.directory, "extract.pem",
- SRCDIR "/trust/fixtures/cacert3-distrust-all.pem");
-
- free (destination);
-}
-
-static void
-test_file_multiple (void)
-{
- char *destination;
- bool ret;
-
- setup_objects (cacert3_authority_attrs,
- extension_eku_server,
- extension_reject_email,
- NULL);
-
- setup_objects (verisign_v1_attrs,
- NULL);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_openssl_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_file (test.directory, "extract.pem", SRCDIR "/trust/fixtures/multiple.pem");
- free (destination);
-}
-
-static void
-test_file_without (void)
-{
- char *destination;
- bool ret;
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- if (asprintf (&destination, "%s/%s", test.directory, "extract.pem") < 0)
- assert_not_reached ();
-
- ret = p11_extract_openssl_bundle (&test.ex, destination);
- assert_num_eq (true, ret);
-
- test_check_data (test.directory, "extract.pem", "", 0);
-
- free (destination);
-}
-
-/* From extract-openssl.c */
-void p11_openssl_canon_string (char *str, size_t *len);
-
-static void
-test_canon_string (void)
-{
- struct {
- char *input;
- int input_len;
- char *output;
- int output_len;
- } fixtures[] = {
- { "A test", -1, "a test", -1 },
- { " Strip spaces ", -1, "strip spaces", -1 },
- { " Collapse \n\t spaces", -1, "collapse spaces", -1 },
- { "Ignore non-ASCII \303\204", -1, "ignore non-ascii \303\204", -1 },
- { "no-space", -1, "no-space", -1 },
- };
-
- char *str;
- size_t len;
- size_t out;
- int i;
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- if (fixtures[i].input_len < 0)
- len = strlen (fixtures[i].input);
- else
- len = fixtures[i].input_len;
- str = strndup (fixtures[i].input, len);
-
- p11_openssl_canon_string (str, &len);
-
- if (fixtures[i].output_len < 0)
- out = strlen (fixtures[i].output);
- else
- out = fixtures[i].output_len;
- assert_num_eq (out, len);
- assert_str_eq (fixtures[i].output, str);
-
- free (str);
- }
-}
-
-bool p11_openssl_canon_string_der (p11_buffer *der);
-
-static void
-test_canon_string_der (void)
-{
- struct {
- unsigned char input[100];
- int input_len;
- unsigned char output[100];
- int output_len;
- } fixtures[] = {
- /* UTF8String */
- { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17,
- { 0x0c, 0x0e, 0xc3, 0x84, ' ', 'u', 't', 'f', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', }, 16,
- },
-
- /* NumericString */
- { { 0x12, 0x04, '0', '1', '2', '3', }, 6,
- { 0x0c, 0x04, '0', '1', '2', '3' }, 6,
- },
-
- /* IA5String */
- { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6,
- { 0x0c, 0x02, 'a', 'b', }, 4,
- },
-
- /* TeletexString */
- { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
- { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8,
- },
-
- /* PrintableString */
- { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
- { 0x0c, 0x06, 'a', ' ', 'n', 'i', 'c', 'e' }, 8,
- },
-
- /* No change, not a known string type */
- { { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
- { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9
- },
-
- /* UniversalString */
- { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u',
- 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22,
- { 0x0c, 0x08, 'f', 'u', 'n', ' ', 0xf0, 0x90, 0x8c, 0x99 }, 10,
- },
-
- /* BMPString */
- { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12,
- { 0x0c, 0x06, 'v', 0xc3, 0xb6, 'g', 'e', 'l' }, 8,
- },
- };
-
- p11_buffer buf;
- bool ret;
- int i;
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len),
- fixtures[i].input_len, 0, realloc, free);
-
- ret = p11_openssl_canon_string_der (&buf);
- assert_num_eq (true, ret);
-
- assert_num_eq (fixtures[i].output_len, buf.len);
- assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0);
-
- p11_buffer_uninit (&buf);
- }
-}
-
-bool p11_openssl_canon_name_der (p11_dict *asn1_defs,
- p11_buffer *der);
-
-static void
-test_canon_name_der (void)
-{
- struct {
- unsigned char input[100];
- int input_len;
- unsigned char output[100];
- int output_len;
- } fixtures[] = {
- { { '0', 'T', '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a,
- 0x13, 0x0b, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'I', 'n',
- 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04,
- 0x0b, 0x13, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w',
- 'w', 'w', '.', 'C', 'A', 'c', 'e', 'r', 't', '.', 'o', 'r',
- 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x13,
- 0x13, 'C', 'A', 'c', 'e', 'r', 't', 0x20, 'C', 'l', 'a', 's',
- 's', 0x20, '3', 0x20, 'R', 'o', 'o', 't', }, 86,
- { '1', 0x14, '0', 0x12, 0x06, 0x03, 'U', 0x04, 0x0a,
- 0x0c, 0x0b, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'i', 'n',
- 'c', '.', '1', 0x1e, '0', 0x1c, 0x06, 0x03, 'U', 0x04,
- 0x0b, 0x0c, 0x15, 'h', 't', 't', 'p', ':', '/', '/', 'w',
- 'w', 'w', '.', 'c', 'a', 'c', 'e', 'r', 't', '.', 'o', 'r',
- 'g', '1', 0x1c, '0', 0x1a, 0x06, 0x03, 'U', 0x04, 0x03, 0x0c,
- 0x13, 'c', 'a', 'c', 'e', 'r', 't', 0x20, 'c', 'l', 'a', 's',
- 's', 0x20, '3', 0x20, 'r', 'o', 'o', 't', }, 84,
- },
- { { '0', 0x00, }, 2,
- { }, 0,
- },
- };
-
- p11_buffer buf;
- p11_dict *asn1_defs;
- bool ret;
- int i;
-
- asn1_defs = p11_asn1_defs_load ();
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len),
- fixtures[i].input_len, 0, realloc, free);
-
- ret = p11_openssl_canon_name_der (asn1_defs, &buf);
- assert_num_eq (true, ret);
-
- assert_num_eq (fixtures[i].output_len, buf.len);
- assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0);
-
- p11_buffer_uninit (&buf);
- }
-
- p11_dict_free (asn1_defs);
-}
-
-static void
-test_canon_string_der_fail (void)
-{
- struct {
- unsigned char input[100];
- int input_len;
- } fixtures[] = {
- { { 0x0c, 0x02, 0xc3, 0xc4 /* Invalid UTF-8 */ }, 4 },
- { { 0x1e, 0x01, 0x00 /* Invalid UCS2 */ }, 3 },
- { { 0x1c, 0x02, 0x00, 0x01 /* Invalid UCS4 */ }, 4 },
- };
-
- p11_buffer buf;
- bool ret;
- int i;
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- p11_buffer_init_full (&buf, memdup (fixtures[i].input, fixtures[i].input_len),
- fixtures[i].input_len, 0, realloc, free);
-
- ret = p11_openssl_canon_string_der (&buf);
- assert_num_eq (false, ret);
-
- p11_buffer_uninit (&buf);
- }
-}
-
-static void
-test_directory (void)
-{
- bool ret;
-
- setup_objects (cacert3_authority_attrs,
- extension_eku_server,
- extension_reject_email,
- NULL);
-
- /* Accesses the above objects */
- setup_objects (cacert3_authority_attrs,
- NULL);
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- /* Yes, this is a race, and why you shouldn't build software as root */
- if (rmdir (test.directory) < 0)
- assert_not_reached ();
-
- ret = p11_extract_openssl_directory (&test.ex, test.directory);
- assert_num_eq (true, ret);
-
- test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem",
-#ifdef OS_UNIX
- "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0",
-#endif
- NULL));
- test_check_file (test.directory, "Custom_Label.pem",
- SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem");
- test_check_file (test.directory, "Custom_Label.1.pem",
- SRCDIR "/trust/fixtures/cacert3-trusted-server-alias.pem");
-#ifdef OS_UNIX
- test_check_symlink (test.directory, "e5662767.0", "Custom_Label.pem");
- test_check_symlink (test.directory, "e5662767.1", "Custom_Label.1.pem");
- test_check_symlink (test.directory, "590d426f.0", "Custom_Label.pem");
- test_check_symlink (test.directory, "590d426f.1", "Custom_Label.1.pem");
-#endif
-}
-
-static void
-test_directory_empty (void)
-{
- bool ret;
-
- p11_kit_iter_add_filter (test.ex.iter, certificate_filter, 1);
- p11_kit_iter_begin_with (test.ex.iter, &test.module, 0, 0);
-
- /* Yes, this is a race, and why you shouldn't build software as root */
- if (rmdir (test.directory) < 0)
- assert_not_reached ();
-
- ret = p11_extract_openssl_directory (&test.ex, test.directory);
- assert_num_eq (true, ret);
-
- test_check_directory (test.directory, (NULL, NULL));
-}
-
-int
-main (int argc,
- char *argv[])
-{
- mock_module_init ();
-
- p11_fixture (setup, teardown);
- p11_test (test_file, "/openssl/test_file");
- p11_test (test_plain, "/openssl/test_plain");
- p11_test (test_keyid, "/openssl/test_keyid");
- p11_test (test_not_authority, "/openssl/test_not_authority");
- p11_test (test_distrust_all, "/openssl/test_distrust_all");
- p11_test (test_file_multiple, "/openssl/test_file_multiple");
- p11_test (test_file_without, "/openssl/test_file_without");
-
- p11_fixture (NULL, NULL);
- p11_test (test_canon_string, "/openssl/test_canon_string");
- p11_test (test_canon_string_der, "/openssl/test_canon_string_der");
- p11_test (test_canon_string_der_fail, "/openssl/test_canon_string_der_fail");
- p11_test (test_canon_name_der, "/openssl/test_canon_name_der");
-
- p11_fixture (setup, teardown);
- p11_test (test_directory, "/openssl/test_directory");
- p11_test (test_directory_empty, "/openssl/test_directory_empty");
-
- return p11_test_run (argc, argv);
-}
-
-#include "enumerate.c"
-#include "extract-openssl.c"
-#include "save.c"
diff --git a/trust/test-parser.c b/trust/test-parser.c
deleted file mode 100644
index b5c2525..0000000
--- a/trust/test-parser.c
+++ /dev/null
@@ -1,567 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "array.h"
-#include "attrs.h"
-#include "builder.h"
-#include "debug.h"
-#include "message.h"
-#include "oid.h"
-#include "parser.h"
-#include "pkcs11x.h"
-
-struct {
- p11_parser *parser;
- p11_array *parsed;
- p11_asn1_cache *cache;
-} test;
-
-static void
-setup (void *unused)
-{
- test.cache = p11_asn1_cache_new ();
- test.parser = p11_parser_new (test.cache);
- assert_ptr_not_null (test.parser);
-
- test.parsed = p11_parser_parsed (test.parser);
- assert_ptr_not_null (test.parsed);
-}
-
-static void
-teardown (void *unused)
-{
- p11_parser_free (test.parser);
- p11_asn1_cache_free (test.cache);
- memset (&test, 0, sizeof (test));
-}
-
-static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION;
-static CK_BBOOL falsev = CK_FALSE;
-static CK_BBOOL truev = CK_TRUE;
-static CK_CERTIFICATE_TYPE x509 = CKC_X_509;
-
-static CK_ATTRIBUTE certificate_match[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_INVALID, },
-};
-
-static CK_ATTRIBUTE *
-parsed_attrs (CK_ATTRIBUTE *match,
- int length)
-{
- int i;
-
- if (length < 0)
- length = p11_attrs_count (match);
- for (i = 0; i < test.parsed->num; i++) {
- if (p11_attrs_matchn (test.parsed->elem[i], match, length))
- return test.parsed->elem[i];
- }
-
- return NULL;
-}
-
-static void
-test_parse_der_certificate (void)
-{
- CK_ATTRIBUTE *cert;
- int ret;
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
- ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL,
- P11_PARSE_FLAG_NONE);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- /* Should have gotten certificate */
- assert_num_eq (1, test.parsed->num);
-
- cert = parsed_attrs (certificate_match, -1);
- test_check_attrs (expected, cert);
-}
-
-static void
-test_parse_pem_certificate (void)
-{
- CK_ATTRIBUTE *cert;
- int ret;
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
- ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.pem", NULL,
- P11_PARSE_FLAG_NONE);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- /* Should have gotten certificate */
- assert_num_eq (1, test.parsed->num);
-
- cert = parsed_attrs (certificate_match, -1);
- test_check_attrs (expected, cert);
-}
-
-static void
-test_parse_p11_kit_persist (void)
-{
- CK_ATTRIBUTE *cert;
- int ret;
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- p11_parser_formats (test.parser, p11_parser_format_persist, NULL);
- ret = p11_parse_file (test.parser, SRCDIR "/trust/input/verisign-v1.p11-kit", NULL,
- P11_PARSE_FLAG_NONE);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- /* Should have gotten certificate */
- assert_num_eq (1, test.parsed->num);
-
- cert = parsed_attrs (certificate_match, -1);
- test_check_attrs (expected, cert);
-}
-
-static void
-test_parse_openssl_trusted (void)
-{
- CK_ATTRIBUTE cacert3[] = {
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE eku_extension[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
- { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_VALUE, "\x30\x16\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x01", 24 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE reject_extension[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
- { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
- { CKA_PUBLIC_KEY_INFO, (void *)test_cacert3_ca_public_key, sizeof (test_cacert3_ca_public_key) },
- { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x04", 28 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *expected[] = {
- cacert3,
- eku_extension,
- reject_extension,
- NULL
- };
-
- CK_ATTRIBUTE *cert;
- CK_ATTRIBUTE *object;
- int ret;
- int i;
-
- p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
- ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3-trusted.pem", NULL,
- P11_PARSE_FLAG_ANCHOR);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- /*
- * Should have gotten:
- * - 1 certificate
- * - 2 attached extensions
- */
- assert_num_eq (3, test.parsed->num);
-
- /* The certificate */
- cert = parsed_attrs (certificate_match, -1);
- test_check_attrs (expected[0], cert);
-
- /* The other objects */
- for (i = 1; expected[i]; i++) {
- object = parsed_attrs (expected[i], 2);
- assert_ptr_not_null (object);
-
- test_check_attrs (expected[i], object);
- }
-}
-
-static void
-test_parse_openssl_distrusted (void)
-{
- static const char distrust_public_key[] = {
- 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xdf, 0xc7, 0x0d,
- 0x61, 0xa2, 0x2f, 0xc0, 0x5a, 0xad, 0x45, 0x83, 0x22, 0x33, 0x42, 0xea, 0xec, 0x42, 0x5e, 0xa6,
- 0x0d, 0x42, 0x4c, 0x1c, 0x9a, 0x12, 0x0b, 0x5f, 0xe7, 0x25, 0xf9, 0x8b, 0x83, 0x0c, 0x0a, 0xc5,
- 0x2f, 0x5a, 0x58, 0x56, 0xb8, 0xad, 0x87, 0x6d, 0xbc, 0x80, 0x5d, 0xdd, 0x49, 0x45, 0x39, 0x5f,
- 0xb9, 0x08, 0x3a, 0x63, 0xe4, 0x92, 0x33, 0x61, 0x79, 0x19, 0x1b, 0x9d, 0xab, 0x3a, 0xd5, 0x7f,
- 0xa7, 0x8b, 0x7f, 0x8a, 0x5a, 0xf6, 0xd7, 0xde, 0xaf, 0xa1, 0xe5, 0x53, 0x31, 0x29, 0x7d, 0x9c,
- 0x03, 0x55, 0x3e, 0x47, 0x78, 0xcb, 0xb9, 0x7a, 0x98, 0x8c, 0x5f, 0x8d, 0xda, 0x09, 0x0f, 0xc8,
- 0xfb, 0xf1, 0x7a, 0x80, 0xee, 0x12, 0x77, 0x0a, 0x00, 0x8b, 0x70, 0xfa, 0x62, 0xbf, 0xaf, 0xee,
- 0x0b, 0x58, 0x16, 0xf9, 0x9c, 0x5c, 0xde, 0x93, 0xb8, 0x4f, 0xdf, 0x4d, 0x7b, 0x02, 0x03, 0x01,
- 0x00, 0x01,
- };
-
- CK_ATTRIBUTE distrust_cert[] = {
- { CKA_CLASS, &certificate, sizeof (certificate), },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE eku_extension[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
- { CKA_OBJECT_ID, (void *)P11_OID_EXTENDED_KEY_USAGE, sizeof (P11_OID_EXTENDED_KEY_USAGE) },
- { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) },
- { CKA_VALUE, "\x30\x18\x06\x03\x55\x1d\x25\x01\x01\xff\x04\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x10", 26 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE reject_extension[] = {
- { CKA_CLASS, &certificate_extension, sizeof (certificate_extension), },
- { CKA_OBJECT_ID, (void *)P11_OID_OPENSSL_REJECT, sizeof (P11_OID_OPENSSL_REJECT) },
- { CKA_PUBLIC_KEY_INFO, (void *)distrust_public_key, sizeof (distrust_public_key) },
- { CKA_VALUE, "\x30\x1a\x06\x0a\x2b\x06\x01\x04\x01\x99\x77\x06\x0a\x01\x04\x0c\x30\x0a\x06\x08\x2b\x06\x01\x05\x05\x07\x03\x02", 28 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *expected[] = {
- distrust_cert,
- eku_extension,
- reject_extension,
- NULL
- };
-
- CK_ATTRIBUTE *cert;
- CK_ATTRIBUTE *object;
- int ret;
- int i;
-
- /*
- * OpenSSL style is to litter the blacklist in with the anchors,
- * so we parse this as an anchor, but expect it to be blacklisted
- */
- p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
- ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/distrusted.pem", NULL,
- P11_PARSE_FLAG_ANCHOR);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- /*
- * Should have gotten:
- * - 1 certificate
- * - 2 attached extensions
- */
- assert_num_eq (3, test.parsed->num);
- cert = parsed_attrs (certificate_match, -1);
- test_check_attrs (expected[0], cert);
-
- /* The other objects */
- for (i = 1; expected[i]; i++) {
- object = parsed_attrs (expected[i], 2);
- assert_ptr_not_null (object);
-
- test_check_attrs (expected[i], object);
- }
-}
-
-static void
-test_openssl_trusted_no_trust (void)
-{
- CK_ATTRIBUTE *cert;
- int ret;
-
- char expected_value[] = {
- 0x30, 0x82, 0x04, 0x99, 0x30, 0x82, 0x03, 0x81, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5d,
- 0x20, 0x61, 0x8e, 0x8c, 0x0e, 0xb9, 0x34, 0x40, 0x93, 0xb9, 0xb1, 0xd8, 0x63, 0x95, 0xb6, 0x30,
- 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6f,
- 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x53, 0x45, 0x31, 0x14, 0x30,
- 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74,
- 0x20, 0x41, 0x42, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x1d, 0x41, 0x64,
- 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20,
- 0x54, 0x54, 0x50, 0x20, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x22, 0x30, 0x20, 0x06,
- 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x45,
- 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x20, 0x43, 0x41, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30,
- 0x1e, 0x17, 0x0d, 0x31, 0x34, 0x30, 0x38, 0x30, 0x35, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a,
- 0x17, 0x0d, 0x31, 0x35, 0x31, 0x31, 0x30, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30,
- 0x7f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0b,
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x02, 0x55, 0x54, 0x31, 0x17, 0x30, 0x15, 0x06,
- 0x03, 0x55, 0x04, 0x07, 0x13, 0x0e, 0x53, 0x61, 0x6c, 0x74, 0x20, 0x4c, 0x61, 0x6b, 0x65, 0x20,
- 0x43, 0x69, 0x74, 0x79, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x15, 0x54,
- 0x68, 0x65, 0x20, 0x55, 0x53, 0x45, 0x52, 0x54, 0x52, 0x55, 0x53, 0x54, 0x20, 0x4e, 0x65, 0x74,
- 0x77, 0x6f, 0x72, 0x6b, 0x31, 0x2a, 0x30, 0x28, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x21, 0x55,
- 0x53, 0x45, 0x52, 0x54, 0x72, 0x75, 0x73, 0x74, 0x20, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x20,
- 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x41,
- 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
- 0x00, 0xd9, 0x4d, 0x20, 0x3a, 0xe6, 0x29, 0x30, 0x86, 0xf2, 0xe9, 0x86, 0x89, 0x76, 0x34, 0x4e,
- 0x68, 0x1f, 0x96, 0x44, 0xf7, 0xd1, 0xf9, 0xd6, 0x82, 0x4e, 0xa6, 0x38, 0x9e, 0xee, 0xcb, 0x5b,
- 0xe1, 0x8e, 0x2e, 0xbd, 0xf2, 0x57, 0x80, 0xfd, 0xc9, 0x3f, 0xfc, 0x90, 0x73, 0x44, 0xbc, 0x8f,
- 0xbb, 0x57, 0x5b, 0xe5, 0x2d, 0x1f, 0x14, 0x30, 0x75, 0x36, 0xf5, 0x7f, 0xbc, 0xcf, 0x56, 0xf4,
- 0x7f, 0x81, 0xff, 0xae, 0x91, 0xcd, 0xd8, 0xd2, 0x6a, 0xcb, 0x97, 0xf9, 0xf7, 0xcd, 0x90, 0x6a,
- 0x45, 0x2d, 0xc4, 0xbb, 0xa4, 0x85, 0x13, 0x68, 0x57, 0x5f, 0xef, 0x29, 0xba, 0x2a, 0xca, 0xea,
- 0xf5, 0xcc, 0xa4, 0x04, 0x9b, 0x63, 0xcd, 0x00, 0xeb, 0xfd, 0xed, 0x8d, 0xdd, 0x23, 0xc6, 0x7b,
- 0x1e, 0x57, 0x1d, 0x36, 0x7f, 0x1f, 0x08, 0x9a, 0x0d, 0x61, 0xdb, 0x5a, 0x6c, 0x71, 0x02, 0x53,
- 0x28, 0xc2, 0xfa, 0x8d, 0xfd, 0xab, 0xbb, 0xb3, 0xf1, 0x8d, 0x74, 0x4b, 0xdf, 0xbd, 0xbd, 0xcc,
- 0x06, 0x93, 0x63, 0x09, 0x95, 0xc2, 0x10, 0x7a, 0x9d, 0x25, 0x90, 0x32, 0x9d, 0x01, 0xc2, 0x39,
- 0x53, 0xb0, 0xe0, 0x15, 0x6b, 0xc7, 0xd7, 0x74, 0xe5, 0xa4, 0x22, 0x9b, 0xe4, 0x94, 0xff, 0x84,
- 0x91, 0xfb, 0x2d, 0xb3, 0x19, 0x43, 0x2d, 0x93, 0x0f, 0x9c, 0x12, 0x09, 0xe4, 0x67, 0xb9, 0x27,
- 0x7a, 0x32, 0xad, 0x7a, 0x2a, 0xcc, 0x41, 0x58, 0xc0, 0x6e, 0x59, 0x5f, 0xee, 0x38, 0x2b, 0x17,
- 0x22, 0x9c, 0x89, 0xfa, 0x6e, 0xe7, 0xe5, 0x57, 0x35, 0xf4, 0x5a, 0xed, 0x92, 0x95, 0x93, 0x2d,
- 0xf9, 0xcc, 0x24, 0x3f, 0xa5, 0x1c, 0x3d, 0x27, 0xbd, 0x22, 0x03, 0x73, 0xcc, 0xf5, 0xca, 0xf3,
- 0xa9, 0xf4, 0xdc, 0xfe, 0xcf, 0xe9, 0xd0, 0x5c, 0xd0, 0x0f, 0xab, 0x87, 0xfc, 0x83, 0xfd, 0xc8,
- 0xa9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x1f, 0x30, 0x82, 0x01, 0x1b, 0x30, 0x1f,
- 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xad, 0xbd, 0x98, 0x7a, 0x34,
- 0xb4, 0x26, 0xf7, 0xfa, 0xc4, 0x26, 0x54, 0xef, 0x03, 0xbd, 0xe0, 0x24, 0xcb, 0x54, 0x1a, 0x30,
- 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xaf, 0xa4, 0x40, 0xaf, 0x9f, 0x16,
- 0xfe, 0xab, 0x31, 0xfd, 0xfb, 0xd5, 0x97, 0x8b, 0xf5, 0x91, 0xa3, 0x24, 0x86, 0x16, 0x30, 0x0e,
- 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x12,
- 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02,
- 0x01, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b,
- 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03,
- 0x02, 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x12, 0x30, 0x10, 0x30, 0x0e, 0x06, 0x0c,
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0xb2, 0x31, 0x01, 0x02, 0x01, 0x03, 0x04, 0x30, 0x44, 0x06, 0x03,
- 0x55, 0x1d, 0x1f, 0x04, 0x3d, 0x30, 0x3b, 0x30, 0x39, 0xa0, 0x37, 0xa0, 0x35, 0x86, 0x33, 0x68,
- 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x72, 0x6c, 0x2e, 0x75, 0x73, 0x65, 0x72, 0x74, 0x72,
- 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x41, 0x64, 0x64, 0x54, 0x72, 0x75, 0x73, 0x74,
- 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x43, 0x41, 0x52, 0x6f, 0x6f, 0x74, 0x2e, 0x63,
- 0x72, 0x6c, 0x30, 0x35, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x29,
- 0x30, 0x27, 0x30, 0x25, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x19,
- 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x75, 0x73, 0x65, 0x72,
- 0x74, 0x72, 0x75, 0x73, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
- 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x84, 0xae, 0x2d,
- 0x68, 0x38, 0x11, 0x6c, 0x83, 0x51, 0x62, 0xc0, 0x91, 0xc2, 0x98, 0xbc, 0xc6, 0x3b, 0xfa, 0xa5,
- 0xc5, 0xbd, 0x3b, 0x09, 0xe6, 0x6e, 0x60, 0x6f, 0x30, 0x03, 0x86, 0x22, 0x1a, 0xb2, 0x8b, 0xf3,
- 0xc6, 0xce, 0x1e, 0xbb, 0x1b, 0x79, 0xe0, 0x16, 0x14, 0x4d, 0xd2, 0x9a, 0x05, 0x4b, 0xff, 0x8f,
- 0xec, 0xf0, 0x28, 0x29, 0xea, 0x2a, 0x04, 0x1d, 0x3d, 0xaf, 0x11, 0x12, 0xd5, 0x49, 0x98, 0x50,
- 0x42, 0x9f, 0x61, 0x66, 0x3a, 0xb6, 0x40, 0x99, 0x04, 0x0c, 0x6b, 0x10, 0x32, 0xe9, 0xf7, 0xcf,
- 0x86, 0x58, 0x4f, 0x2d, 0xcd, 0xd3, 0xac, 0x7e, 0xe8, 0x5b, 0x6a, 0x83, 0x7c, 0x0d, 0xa0, 0x9c,
- 0x5c, 0x50, 0x36, 0x75, 0x0d, 0x6d, 0x7e, 0x42, 0xb7, 0xdf, 0xa6, 0xdc, 0x90, 0x5c, 0x6f, 0x23,
- 0x4e, 0x97, 0x1d, 0xf3, 0x22, 0x75, 0xbf, 0x03, 0x35, 0xe6, 0x5d, 0x7f, 0xc7, 0xf9, 0x9b, 0x2c,
- 0x87, 0xf6, 0x8e, 0xd6, 0x25, 0x96, 0x59, 0x9d, 0xcf, 0xea, 0x10, 0x1e, 0xef, 0x6e, 0xea, 0x5a,
- 0x9b, 0x77, 0x18, 0x34, 0xcc, 0x81, 0x77, 0xaf, 0x9a, 0x87, 0xc2, 0x0a, 0xe5, 0xe5, 0x9e, 0x13,
- 0x95, 0x53, 0xbd, 0xbd, 0x49, 0x1a, 0xa5, 0x76, 0x12, 0xf6, 0xdc, 0xf2, 0x91, 0xb7, 0xe9, 0x1a,
- 0xe1, 0xbc, 0x4d, 0x3d, 0x95, 0x71, 0x7d, 0xf8, 0x8d, 0x7c, 0x3e, 0x03, 0x4f, 0x53, 0xed, 0xfe,
- 0x52, 0xfd, 0xca, 0x5f, 0x93, 0xe1, 0x1a, 0x01, 0x1b, 0x02, 0xb7, 0x73, 0x4e, 0xba, 0x66, 0xe9,
- 0x78, 0x8b, 0x50, 0xfe, 0x11, 0xcb, 0xd1, 0x67, 0xd0, 0x22, 0x4f, 0x77, 0xea, 0xcd, 0x14, 0x15,
- 0x40, 0xae, 0x66, 0x5d, 0xe8, 0x2e, 0x7f, 0x1e, 0x88, 0x6f, 0x55, 0x79, 0xd6, 0xb9, 0x7e, 0xe3,
- 0xb5, 0xfd, 0x91, 0xa0, 0xc0, 0xf2, 0x26, 0x87, 0x4b, 0x2f, 0x9d, 0xf5, 0xa0,
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_VALUE, expected_value, sizeof (expected_value) },
- { CKA_INVALID },
- };
-
- p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
- ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/openssl-trust-no-trust.pem", NULL,
- P11_PARSE_FLAG_NONE);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- /* Should have gotten certificate */
- assert_num_eq (1, test.parsed->num);
-
- cert = parsed_attrs (certificate_match, -1);
- test_check_attrs (expected, cert);
-}
-
-static void
-test_parse_anchor (void)
-{
- CK_ATTRIBUTE cacert3[] = {
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *cert;
- int ret;
-
- p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
- ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/cacert3.der", NULL,
- P11_PARSE_FLAG_ANCHOR);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- /*
- * Should have gotten:
- * - 1 certificate
- */
- assert_num_eq (1, test.parsed->num);
-
- cert = parsed_attrs (certificate_match, -1);
- test_check_attrs (cacert3, cert);
-}
-
-static void
-test_parse_thawte (void)
-{
- CK_ATTRIBUTE *cert;
- int ret;
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- p11_parser_formats (test.parser, p11_parser_format_pem, NULL);
- ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/thawte.pem", NULL,
- P11_PARSE_FLAG_NONE);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- /* Should have gotten certificate */
- assert_num_eq (1, test.parsed->num);
-
- cert = parsed_attrs (certificate_match, -1);
- test_check_attrs (expected, cert);
-}
-
-/* TODO: A certificate that uses generalTime needs testing */
-
-static void
-test_parse_invalid_file (void)
-{
- int ret;
-
- p11_message_quiet ();
-
- p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
- ret = p11_parse_file (test.parser, "/nonexistant", NULL,
- P11_PARSE_FLAG_NONE);
- assert_num_eq (P11_PARSE_FAILURE, ret);
-
- p11_message_loud ();
-}
-
-static void
-test_parse_unrecognized (void)
-{
- int ret;
-
- p11_message_quiet ();
-
- p11_parser_formats (test.parser, p11_parser_format_x509, NULL);
- ret = p11_parse_file (test.parser, SRCDIR "/trust/fixtures/unrecognized-file.txt", NULL,
- P11_PARSE_FLAG_NONE);
- assert_num_eq (P11_PARSE_UNRECOGNIZED, ret);
-
- p11_message_loud ();
-}
-
-static void
-test_parse_no_asn1_cache (void)
-{
- p11_parser *parser;
- int ret;
-
- parser = p11_parser_new (NULL);
- assert_ptr_not_null (parser);
-
- p11_parser_formats (parser, p11_parser_format_x509, NULL);
- ret = p11_parse_file (parser, SRCDIR "/trust/fixtures/cacert3.der", NULL, P11_PARSE_FLAG_NONE);
- assert_num_eq (P11_PARSE_SUCCESS, ret);
-
- /* Should have gotten certificate */
- assert_num_eq (1, p11_parser_parsed (parser)->num);
-
- p11_parser_free (parser);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_fixture (setup, teardown);
- p11_test (test_parse_der_certificate, "/parser/parse_der_certificate");
- p11_test (test_parse_pem_certificate, "/parser/parse_pem_certificate");
- p11_test (test_parse_p11_kit_persist, "/parser/parse_p11_kit_persist");
- p11_test (test_parse_openssl_trusted, "/parser/parse_openssl_trusted");
- p11_test (test_parse_openssl_distrusted, "/parser/parse_openssl_distrusted");
- p11_test (test_openssl_trusted_no_trust, "/parser/openssl-trusted-no-trust");
- p11_test (test_parse_anchor, "/parser/parse_anchor");
- p11_test (test_parse_thawte, "/parser/parse_thawte");
- p11_test (test_parse_invalid_file, "/parser/parse_invalid_file");
- p11_test (test_parse_unrecognized, "/parser/parse_unrecognized");
-
- p11_fixture (NULL, NULL);
- p11_test (test_parse_no_asn1_cache, "/parser/null-asn1-cache");
-
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-pem.c b/trust/test-pem.c
deleted file mode 100644
index 0c7d60a..0000000
--- a/trust/test-pem.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "compat.h"
-#include "pem.h"
-
-struct {
- const char *input;
- struct {
- const char *type;
- const char *data;
- unsigned int length;
- } output[8];
-} success_fixtures[] = {
- {
- /* one block */
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----",
- {
- {
- "BLOCK1",
- "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
- "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a",
- 30,
- },
- {
- NULL,
- }
- }
- },
-
- {
- /* one block, with header */
- "-----BEGIN BLOCK1-----\n"
- "Header1: value1 \n"
- " Header2: value2\n"
- "\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----",
- {
- {
- "BLOCK1",
- "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
- "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a",
- 30,
- },
- {
- NULL,
- }
- }
- },
-
- {
- /* two blocks, junk data */
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----\n"
- "blah blah\n"
- "-----BEGIN TWO-----\n"
- "oy5L157C671HyJMCf9FiK9prvPZfSch6V4EoUfylFoI1Bq6SbL53kg==\n"
- "-----END TWO-----\n"
- "trailing data",
- {
- {
- "BLOCK1",
- "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
- "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a",
- 30,
- },
- {
- "TWO",
- "\xa3\x2e\x4b\xd7\x9e\xc2\xeb\xbd\x47\xc8\x93\x02\x7f\xd1\x62\x2b"
- "\xda\x6b\xbc\xf6\x5f\x49\xc8\x7a\x57\x81\x28\x51\xfc\xa5\x16\x82"
- "\x35\x06\xae\x92\x6c\xbe\x77\x92",
- 40
- },
- {
- NULL,
- }
- }
- },
-
- {
- NULL,
- }
-};
-
-typedef struct {
- int input_index;
- int output_index;
- int parsed;
-} Closure;
-
-static void
-on_parse_pem_success (const char *type,
- const unsigned char *contents,
- size_t length,
- void *user_data)
-{
- Closure *cl = user_data;
-
- assert_num_eq (success_fixtures[cl->input_index].output[cl->output_index].length, length);
- assert (memcmp (success_fixtures[cl->input_index].output[cl->output_index].data, contents,
- success_fixtures[cl->input_index].output[cl->output_index].length) == 0);
-
- cl->output_index++;
- cl->parsed++;
-}
-
-static void
-test_pem_success (void)
-{
- Closure cl;
- int ret;
- int i;
- int j;
-
- for (i = 0; success_fixtures[i].input != NULL; i++) {
- cl.input_index = i;
- cl.output_index = 0;
- cl.parsed = 0;
-
- ret = p11_pem_parse (success_fixtures[i].input, strlen (success_fixtures[i].input),
- on_parse_pem_success, &cl);
-
- assert (success_fixtures[i].output[cl.output_index].type == NULL);
-
- /* Count number of outputs, return from p11_pem_parse() should match */
- for (j = 0; success_fixtures[i].output[j].type != NULL; j++);
- assert_num_eq (j, ret);
- assert_num_eq (ret, cl.parsed);
- }
-}
-
-const char *failure_fixtures[] = {
- /* too short at end of opening line */
- "-----BEGIN BLOCK1---\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----",
-
- /* truncated */
- "-----BEGIN BLOCK1---",
-
- /* no ending */
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n",
-
- /* wrong ending */
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK2-----",
-
- /* wrong ending */
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END INVALID-----",
-
- /* too short at end of ending line */
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1---",
-
- /* invalid base64 data */
- "-----BEGIN BLOCK1-----\n"
- "!!!!NNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----",
-
- NULL,
-};
-
-static void
-on_parse_pem_failure (const char *type,
- const unsigned char *contents,
- size_t length,
- void *user_data)
-{
- assert (false && "not reached");
-}
-
-static void
-test_pem_failure (void)
-{
- int ret;
- int i;
-
- for (i = 0; failure_fixtures[i] != NULL; i++) {
- ret = p11_pem_parse (failure_fixtures[i], strlen (failure_fixtures[i]),
- on_parse_pem_failure, NULL);
- assert_num_eq (0, ret);
- }
-}
-
-typedef struct {
- const char *input;
- size_t length;
- const char *type;
- const char *output;
-} WriteFixture;
-
-static WriteFixture write_fixtures[] = {
- {
- "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
- "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf\x1e\x1a",
- 30, "BLOCK1",
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----\n",
- },
- {
- "\x50\x31\x31\x2d\x4b\x49\x54\x0a\x0a\x50\x72\x6f\x76\x69\x64\x65"
- "\x73\x20\x61\x20\x77\x61\x79\x20\x74\x6f\x20\x6c\x6f\x61\x64\x20"
- "\x61\x6e\x64\x20\x65\x6e\x75\x6d\x65\x72\x61\x74\x65\x20\x50\x4b"
- "\x43\x53\x23\x31\x31\x20\x6d\x6f\x64\x75\x6c\x65\x73\x2e\x20\x50"
- "\x72\x6f\x76\x69\x64\x65\x73\x20\x61\x20\x73\x74\x61\x6e\x64\x61"
- "\x72\x64\x0a\x63\x6f\x6e\x66\x69\x67\x75\x72\x61\x74\x69\x6f\x6e"
- "\x20\x73\x65\x74\x75\x70\x20\x66\x6f\x72\x20\x69\x6e\x73\x74\x61"
- "\x6c\x6c\x69\x6e\x67\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x6d\x6f"
- "\x64\x75\x6c\x65\x73\x20\x69\x6e\x20\x73\x75\x63\x68\x20\x61\x20"
- "\x77\x61\x79\x20\x74\x68\x61\x74\x20\x74\x68\x65\x79\x27\x72\x65"
- "\x0a\x64\x69\x73\x63\x6f\x76\x65\x72\x61\x62\x6c\x65\x2e\x0a\x0a"
- "\x41\x6c\x73\x6f\x20\x73\x6f\x6c\x76\x65\x73\x20\x70\x72\x6f\x62"
- "\x6c\x65\x6d\x73\x20\x77\x69\x74\x68\x20\x63\x6f\x6f\x72\x64\x69"
- "\x6e\x61\x74\x69\x6e\x67\x20\x74\x68\x65\x20\x75\x73\x65\x20\x6f"
- "\x66\x20\x50\x4b\x43\x53\x23\x31\x31\x20\x62\x79\x20\x64\x69\x66"
- "\x66\x65\x72\x65\x6e\x74\x0a\x63\x6f\x6d\x70\x6f\x6e\x65\x6e\x74"
- "\x73\x20\x6f\x72\x20\x6c\x69\x62\x72\x61\x72\x69\x65\x73\x20\x6c"
- "\x69\x76\x69\x6e\x67\x20\x69\x6e\x20\x74\x68\x65\x20\x73\x61\x6d"
- "\x65\x20\x70\x72\x6f\x63\x65\x73\x73\x2e\x0a",
- 299, "LONG TYPE WITH SPACES",
- "-----BEGIN LONG TYPE WITH SPACES-----\n"
- "UDExLUtJVAoKUHJvdmlkZXMgYSB3YXkgdG8gbG9hZCBhbmQgZW51bWVyYXRlIFBL\n"
- "Q1MjMTEgbW9kdWxlcy4gUHJvdmlkZXMgYSBzdGFuZGFyZApjb25maWd1cmF0aW9u\n"
- "IHNldHVwIGZvciBpbnN0YWxsaW5nIFBLQ1MjMTEgbW9kdWxlcyBpbiBzdWNoIGEg\n"
- "d2F5IHRoYXQgdGhleSdyZQpkaXNjb3ZlcmFibGUuCgpBbHNvIHNvbHZlcyBwcm9i\n"
- "bGVtcyB3aXRoIGNvb3JkaW5hdGluZyB0aGUgdXNlIG9mIFBLQ1MjMTEgYnkgZGlm\n"
- "ZmVyZW50CmNvbXBvbmVudHMgb3IgbGlicmFyaWVzIGxpdmluZyBpbiB0aGUgc2Ft\n"
- "ZSBwcm9jZXNzLgo=\n"
- "-----END LONG TYPE WITH SPACES-----\n"
- },
- {
- "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87"
- "\x71\x94\xcd\xdf\xf2\x9f\x82\xd8\x21\x58\x10\xaf",
- 28, "BLOCK1",
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrw==\n"
- "-----END BLOCK1-----\n",
- },
- {
- NULL,
- }
-};
-
-static void
-on_parse_written (const char *type,
- const unsigned char *contents,
- size_t length,
- void *user_data)
-{
- WriteFixture *fixture = user_data;
-
- assert_str_eq (fixture->type, type);
- assert_num_eq (fixture->length, length);
- assert (memcmp (contents, fixture->input, length) == 0);
-}
-
-static void
-test_pem_write (void)
-{
- WriteFixture *fixture;
- p11_buffer buf;
- unsigned int count;
- int i;
-
- for (i = 0; write_fixtures[i].input != NULL; i++) {
- fixture = write_fixtures + i;
-
- if (!p11_buffer_init_null (&buf, 0))
- assert_not_reached ();
-
- if (!p11_pem_write ((unsigned char *)fixture->input,
- fixture->length,
- fixture->type, &buf))
- assert_not_reached ();
- assert_str_eq (fixture->output, buf.data);
- assert_num_eq (strlen (fixture->output), buf.len);
-
- count = p11_pem_parse (buf.data, buf.len, on_parse_written, fixture);
- assert_num_eq (1, count);
-
- p11_buffer_uninit (&buf);
- }
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_pem_success, "/pem/success");
- p11_test (test_pem_failure, "/pem/failure");
- p11_test (test_pem_write, "/pem/write");
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-persist.c b/trust/test-persist.c
deleted file mode 100644
index 238a3c4..0000000
--- a/trust/test-persist.c
+++ /dev/null
@@ -1,635 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "array.h"
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "message.h"
-#include "persist.h"
-#include "pkcs11.h"
-#include "pkcs11i.h"
-#include "pkcs11x.h"
-
-static void
-test_magic (void)
-{
- const char *input = "[p11-kit-object-v1]\n"
- "class: data\n"
- "value: \"blah\"\n"
- "application: \"test-persist\"\n";
-
- const char *other = " "
- "\n\n[p11-kit-object-v1]\n"
- "class: data\n"
- "value: \"blah\"\n"
- "application: \"test-persist\"\n";
-
- assert (p11_persist_magic ((unsigned char *)input, strlen (input)));
- assert (!p11_persist_magic ((unsigned char *)input, 5));
- assert (p11_persist_magic ((unsigned char *)other, strlen (other)));
- assert (!p11_persist_magic ((unsigned char *)"blah", 4));
-}
-
-static p11_array *
-args_to_array (void *arg,
- ...) GNUC_NULL_TERMINATED;
-
-static p11_array *
-args_to_array (void *arg,
- ...)
-{
- p11_array *array = p11_array_new (NULL);
-
- va_list (va);
- va_start (va, arg);
-
- while (arg != NULL) {
- p11_array_push (array, arg);
- arg = va_arg (va, void *);
- }
-
- va_end (va);
-
- return array;
-}
-
-static void
-check_read_msg (const char *file,
- int line,
- const char *function,
- const char *input,
- p11_array *expected)
-{
- p11_array *objects;
- p11_persist *persist;
- int i;
-
- persist = p11_persist_new ();
- objects = p11_array_new (p11_attrs_free);
-
- if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) {
- if (expected == NULL)
- p11_test_fail (file, line, function, "decoding should have failed");
- for (i = 0; i < expected->num; i++) {
- if (i >= objects->num)
- p11_test_fail (file, line, function, "too few objects read");
- test_check_attrs_msg (file, line, function, expected->elem[i], objects->elem[i]);
- }
- if (i != objects->num)
- p11_test_fail (file, line, function, "too many objects read");
- } else {
- if (expected != NULL)
- p11_test_fail (file, line, function, "decoding failed");
- }
-
- p11_array_free (objects);
- p11_persist_free (persist);
- p11_array_free (expected);
-}
-
-static void
-check_write_msg (const char *file,
- int line,
- const char *function,
- const char *expected,
- p11_array *input)
-{
- p11_persist *persist;
- p11_buffer buf;
- int i;
-
- persist = p11_persist_new ();
- p11_buffer_init_null (&buf, 0);
-
- for (i = 0; i < input->num; i++) {
- if (!p11_persist_write (persist, input->elem[i], &buf))
- p11_test_fail (file, line, function, "persist write failed");
- }
-
- if (strcmp (buf.data, expected) != 0) {
- p11_test_fail (file, line, function, "persist doesn't match: (\n%s----\n%s\n)", \
- expected, (char *)buf.data);
- }
-
- p11_buffer_uninit (&buf);
- p11_array_free (input);
- p11_persist_free (persist);
-}
-
-#define check_read_success(input, objs) \
- check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, args_to_array objs)
-
-#define check_read_failure(input) \
- check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, NULL)
-
-#define check_write_success(expected, inputs) \
- check_write_msg (__FILE__, __LINE__, __FUNCTION__, expected, args_to_array inputs)
-
-static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
-static CK_CERTIFICATE_TYPE x509 = CKC_X_509;
-static CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
-static CK_OBJECT_CLASS data = CKO_DATA;
-static CK_BBOOL truev = CK_TRUE;
-static CK_BBOOL falsev = CK_FALSE;
-
-static void
-test_simple (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "class: data\n"
- "value: \"blah\"\n"
- "application: \"test-persist\"\n\n";
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_VALUE, "blah", 4 },
- { CKA_APPLICATION, "test-persist", 12 },
- { CKA_INVALID },
- };
-
- check_read_success (output, (attrs, NULL));
- check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_number (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "class: data\n"
- "value-len: 29202390\n"
- "application: \"test-persist\"\n\n";
-
- CK_ULONG value = 29202390;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_VALUE_LEN, &value, sizeof (value) },
- { CKA_APPLICATION, "test-persist", 12 },
- { CKA_INVALID },
- };
-
- check_read_success (output, (attrs, NULL));
- check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_bool (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "class: data\n"
- "private: true\n"
- "modifiable: false\n"
- "application: \"test-persist\"\n\n";
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_PRIVATE, &truev, sizeof (truev) },
- { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
- { CKA_APPLICATION, "test-persist", 12 },
- { CKA_INVALID },
- };
-
- check_read_success (output, (attrs, NULL));
- check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_oid (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "class: data\n"
- "object-id: 1.2.3.4\n\n";
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 },
- { CKA_INVALID },
- };
-
- check_read_success (output, (attrs, NULL));
- check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_constant (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "class: data\n"
- "certificate-type: x-509-attr-cert\n"
- "key-type: rsa\n"
- "x-assertion-type: x-pinned-certificate\n"
- "certificate-category: authority\n"
- "mechanism-type: rsa-pkcs-key-pair-gen\n"
- "trust-server-auth: nss-trust-unknown\n\n";
-
- CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN;
- CK_CERTIFICATE_TYPE type = CKC_X_509_ATTR_CERT;
- CK_X_ASSERTION_TYPE ass = CKT_X_PINNED_CERTIFICATE;
- CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_KEY_PAIR_GEN;
- CK_ULONG category = 2;
- CK_KEY_TYPE key = CKK_RSA;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_CERTIFICATE_TYPE, &type, sizeof (type) },
- { CKA_KEY_TYPE, &key, sizeof (key) },
- { CKA_X_ASSERTION_TYPE, &ass, sizeof (ass) },
- { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
- { CKA_MECHANISM_TYPE, &mech, sizeof (mech) },
- { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) },
- { CKA_INVALID },
- };
-
- check_read_success (output, (attrs, NULL));
- check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_unknown (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "class: data\n"
- "38383838: \"the-value-here\"\n\n";
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { 38383838, "the-value-here", 14 },
- { CKA_INVALID },
- };
-
- check_read_success (output, (attrs, NULL));
- check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_multiple (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "class: data\n"
- "object-id: 1.2.3.4\n\n"
- "[p11-kit-object-v1]\n"
- "class: nss-trust\n"
- "trust-server-auth: nss-trust-unknown\n\n";
-
- CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN;
-
- CK_ATTRIBUTE attrs1[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_OBJECT_ID, "\x06\x03*\x03\x04", 5 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE attrs2[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust) },
- { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) },
- { CKA_INVALID },
- };
-
- check_read_success (output, (attrs1, attrs2, NULL));
- check_write_success (output, (attrs1, attrs2, NULL));
-}
-
-static void
-test_pem_block (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "id: \"292c92\"\n"
- "trusted: true\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n"
- "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
- "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
- "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
- "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n"
- "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
- "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n"
- "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n"
- "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n"
- "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n"
- "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n"
- "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n"
- "-----END CERTIFICATE-----\n"
- "\n";
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_ID, "292c92", 6, },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_VALUE, (unsigned char *)&verisign_v1_ca, sizeof (verisign_v1_ca) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_INVALID },
- };
-
- check_read_success (output, (attrs, NULL));
- check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_pem_middle (void)
-{
- const char *input = "[p11-kit-object-v1]\n"
- "class: certificate\n"
- "id: \"292c92\"\n"
- "-----BEGIN CERTIFICATE-----\n"
- "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n"
- "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
- "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
- "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
- "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n"
- "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
- "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n"
- "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n"
- "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n"
- "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n"
- "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n"
- "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n"
- "-----END CERTIFICATE-----\n"
- "\n"
- "trusted: true";
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_VALUE, (unsigned char *)&verisign_v1_ca, sizeof (verisign_v1_ca) },
- { CKA_INVALID },
- };
-
- check_read_success (input, (expected, NULL));
-}
-
-static void
-test_pem_public_key (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "id: \"292c92\"\n"
- "-----BEGIN PUBLIC KEY-----\n"
- "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryQICCl6NZ5gDKrnSztO\n"
- "3Hy8PEUcuyvg/ikC+VcIo2SFFSf18a3IMYldIugqqqZCs4/4uVW3sbdLs/6PfgdX\n"
- "7O9D22ZiFWHPYA2k2N744MNiCD1UE+tJyllUhSblK48bn+v1oZHCM0nYQ2NqUkvS\n"
- "j+hwUU3RiWl7x3D2s9wSdNt7XUtW05a/FXehsPSiJfKvHJJnGOX0BgTvkLnkAOTd\n"
- "OrUZ/wK69Dzu4IvrN4vs9Nes8vbwPa/ddZEzGR0cQMt0JBkhk9kU/qwqUseP1QRJ\n"
- "5I1jR4g8aYPL/ke9K35PxZWuDp3U0UPAZ3PjFAh+5T+fc7gzCs9dPzSHloruU+gl\n"
- "FQIDAQAB\n"
- "-----END PUBLIC KEY-----\n\n";
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_ID, "292c92", 6, },
- { CKA_PUBLIC_KEY_INFO, (unsigned char *)&example_public_key, sizeof (example_public_key) },
- { CKA_INVALID },
- };
-
- check_read_success (output, (attrs, NULL));
- check_write_success (output, (attrs, NULL));
-}
-
-
-static void
-test_pem_invalid (void)
-{
- const char *input = "[p11-kit-object-v1]\n"
- "class: certificate\n"
- "-----BEGIN CERT-----\n"
- "MIICPDCCAaUCED9pHoGc8JpK83P/uUii5N0wDQYJKoZIhvcNAQEFBQAwXzELMAkG\n"
- "A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
- "cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
- "MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
- "BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt\n"
- "YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
- "ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f\n"
- "zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi\n"
- "TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G\n"
- "CSqGSIb3DQEBBQUAA4GBAFgVKTk8d6PaXCUDfGD67gmZPCcQcMgMCeazh88K4hiW\n"
- "NWLMv5sneYlfycQJ9M61Hd8qveXbhpxoJeUwfLaJFf5n0a3hUKw8fGJLj7qE1xIV\n"
- "Gx/KXQ/BUpQqEZnae88MNhPVNdwQGVnqlMEAv3WP2fr9dgTbYruQagPZRjXZ+Hxb\n"
- "-----END CERTIFICATEXXX-----\n";
-
- p11_message_quiet ();
-
- check_read_failure (input);
-
- p11_message_loud ();
-}
-
-static void
-test_pem_unsupported (void)
-{
- const char *input = "[p11-kit-object-v1]\n"
- "class: certificate\n"
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----\n";
-
- p11_message_quiet ();
-
- check_read_failure (input);
-
- p11_message_loud ();
-}
-
-static void
-test_pem_first (void)
-{
- const char *input = "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----\n"
- "[p11-kit-object-v1]\n"
- "class: certificate\n";
-
- p11_message_quiet ();
-
- check_read_failure (input);
-
- p11_message_loud ();
-}
-
-static void
-test_skip_unknown (void)
-{
- const char *input = "[version-2]\n"
- "class: data\n"
- "object-id: 1.2.3.4\n"
- "-----BEGIN BLOCK1-----\n"
- "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
- "-----END BLOCK1-----\n"
- "[p11-kit-object-v1]\n"
- "class: nss-trust\n"
- "trust-server-auth: nss-trust-unknown";
-
- CK_TRUST trust = CKT_NSS_TRUST_UNKNOWN;
-
- CK_ATTRIBUTE expected2[] = {
- { CKA_CLASS, &nss_trust, sizeof (nss_trust) },
- { CKA_TRUST_SERVER_AUTH, &trust, sizeof (trust) },
- { CKA_INVALID },
- };
-
- p11_message_quiet ();
-
- check_read_success (input, (expected2, NULL));
-
- p11_message_loud ();
-}
-
-static void
-test_bad_value (void)
-{
- const char *input = "[p11-kit-object-v1]\n"
- "class: data\n"
- "value: \"%38%\"\n";
-
- p11_message_quiet ();
-
- check_read_failure (input);
-
- p11_message_loud ();
-}
-
-static void
-test_bad_oid (void)
-{
- const char *input = "[p11-kit-object-v1]\n"
- "class: data\n"
- "object-id: 1.2";
-
- p11_message_quiet ();
-
- check_read_failure (input);
-
- p11_message_loud ();
-}
-
-static void
-test_bad_field (void)
-{
- const char *input = "[p11-kit-object-v1]\n"
- "class: data\n"
- "invalid-field: true";
-
- p11_message_quiet ();
-
- check_read_failure (input);
-
- p11_message_loud ();
-}
-
-static void
-test_attribute_first (void)
-{
- const char *input = "class: data\n"
- "[p11-kit-object-v1]\n"
- "invalid-field: true";
-
- p11_message_quiet ();
-
- check_read_failure (input);
-
- p11_message_loud ();
-}
-
-static void
-test_not_boolean (void)
-{
- const char *output = "[p11-kit-object-v1]\n"
- "private: \"x\"\n\n";
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_PRIVATE, "x", 1 },
- { CKA_INVALID },
- };
-
- check_write_success (output, (attrs, NULL));
-}
-
-static void
-test_not_ulong (void)
-{
- char buffer[sizeof (CK_ULONG) + 1];
- char *output;
-
- CK_ATTRIBUTE attrs[] = {
- { CKA_BITS_PER_PIXEL, "xx", 2 },
- { CKA_VALUE, buffer, sizeof (CK_ULONG) },
- { CKA_INVALID },
- };
-
- memset (buffer, 'x', sizeof (buffer));
- buffer[sizeof (CK_ULONG)] = 0;
-
- if (asprintf (&output, "[p11-kit-object-v1]\n"
- "bits-per-pixel: \"xx\"\n"
- "value: \"%s\"\n\n", buffer) < 0)
- assert_not_reached ();
-
- check_write_success (output, (attrs, NULL));
- free (output);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_magic, "/persist/magic");
- p11_test (test_simple, "/persist/simple");
- p11_test (test_number, "/persist/number");
- p11_test (test_bool, "/persist/bool");
- p11_test (test_oid, "/persist/oid");
- p11_test (test_constant, "/persist/constant");
- p11_test (test_unknown, "/persist/unknown");
- p11_test (test_multiple, "/persist/multiple");
- p11_test (test_pem_block, "/persist/pem_block");
- p11_test (test_pem_middle, "/persist/pem-middle");
- p11_test (test_pem_public_key, "/persist/pem-public-key");
- p11_test (test_pem_invalid, "/persist/pem_invalid");
- p11_test (test_pem_unsupported, "/persist/pem_unsupported");
- p11_test (test_pem_first, "/persist/pem_first");
- p11_test (test_bad_value, "/persist/bad_value");
- p11_test (test_bad_oid, "/persist/bad_oid");
- p11_test (test_bad_field, "/persist/bad_field");
- p11_test (test_skip_unknown, "/persist/skip_unknown");
- p11_test (test_attribute_first, "/persist/attribute_first");
- p11_test (test_not_boolean, "/persist/not-boolean");
- p11_test (test_not_ulong, "/persist/not-ulong");
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-save.c b/trust/test-save.c
deleted file mode 100644
index 1de798d..0000000
--- a/trust/test-save.c
+++ /dev/null
@@ -1,595 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "test-trust.h"
-
-#include "attrs.h"
-#include "compat.h"
-#include "debug.h"
-#include "dict.h"
-#include "message.h"
-#include "path.h"
-#include "save.h"
-#include "test.h"
-
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-struct {
- char *directory;
-} test;
-
-static void
-setup (void *unused)
-{
- test.directory = p11_test_directory ("test-extract");
-}
-
-static void
-teardown (void *unused)
-{
- if (rmdir (test.directory) < 0)
- assert_fail ("rmdir() failed", strerror (errno));
- free (test.directory);
-}
-
-static void
-write_zero_file (const char *directory,
- const char *name)
-{
- char *filename;
- int res;
- int fd;
-
- if (asprintf (&filename, "%s/%s", directory, name) < 0)
- assert_not_reached ();
-
- fd = open (filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
- assert (fd != -1);
- res = close (fd);
- assert (res >= 0);
-
- free (filename);
-}
-
-static void
-test_file_write (void)
-{
- p11_save_file *file;
- char *filename;
- bool ret;
-
- if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
- assert_not_reached ();
-
- file = p11_save_open_file (filename, NULL, 0);
- assert_ptr_not_null (file);
-
- ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
- assert_num_eq (true, ret);
- free (filename);
-
- test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/cacert3.der");
-}
-
-static void
-test_file_exists (void)
-{
- p11_save_file *file;
- char *filename;
-
- if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
- assert_not_reached ();
-
- write_zero_file (test.directory, "extract-file");
-
- p11_message_quiet ();
-
- file = p11_save_open_file (filename, NULL, 0);
- assert (file != NULL);
-
- if (p11_save_finish_file (file, NULL, true))
- assert_not_reached ();
-
- p11_message_loud ();
-
- unlink (filename);
- free (filename);
-}
-
-static void
-test_file_bad_directory (void)
-{
- p11_save_file *file;
- char *filename;
-
- if (asprintf (&filename, "/non-existent/%s/%s", test.directory, "extract-file") < 0)
- assert_not_reached ();
-
- p11_message_quiet ();
-
- file = p11_save_open_file (filename, NULL, 0);
- assert (file == NULL);
-
- p11_message_loud ();
-
- free (filename);
-}
-
-static void
-test_file_overwrite (void)
-{
- p11_save_file *file;
- char *filename;
- bool ret;
-
- if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
- assert_not_reached ();
-
- write_zero_file (test.directory, "extract-file");
-
- file = p11_save_open_file (filename, NULL, P11_SAVE_OVERWRITE);
- assert_ptr_not_null (file);
-
- ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
- assert_num_eq (true, ret);
- free (filename);
-
- test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/cacert3.der");
-}
-
-static void
-test_file_unique (void)
-{
- p11_save_file *file;
- char *filename;
- bool ret;
-
- if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
- assert_not_reached ();
-
- write_zero_file (test.directory, "extract-file");
-
- file = p11_save_open_file (filename, NULL, P11_SAVE_UNIQUE);
- assert_ptr_not_null (file);
-
- ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
- assert_num_eq (true, ret);
- free (filename);
-
- test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/empty-file");
- test_check_file (test.directory, "extract-file.1", SRCDIR "/trust/fixtures/cacert3.der");
-}
-
-static void
-test_file_auto_empty (void)
-{
- p11_save_file *file;
- char *filename;
- bool ret;
-
- if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
- assert_not_reached ();
-
- file = p11_save_open_file (filename, NULL, 0);
- assert_ptr_not_null (file);
-
- ret = p11_save_write_and_finish (file, NULL, -1);
- assert_num_eq (true, ret);
- free (filename);
-
- test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/empty-file");
-}
-
-static void
-test_file_auto_length (void)
-{
- p11_save_file *file;
- char *filename;
- bool ret;
-
- if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
- assert_not_reached ();
-
- file = p11_save_open_file (filename, NULL, 0);
- assert_ptr_not_null (file);
-
- ret = p11_save_write_and_finish (file, "The simple string is hairy", -1);
- assert_num_eq (true, ret);
- free (filename);
-
- test_check_file (test.directory, "extract-file", SRCDIR "/trust/fixtures/simple-string");
-}
-
-static void
-test_write_with_null (void)
-{
- bool ret;
-
- ret = p11_save_write (NULL, "test", 4);
- assert_num_eq (false, ret);
-}
-
-static void
-test_write_and_finish_with_null (void)
-{
- bool ret;
-
- ret = p11_save_write_and_finish (NULL, "test", 4);
- assert_num_eq (false, ret);
-}
-
-static void
-test_file_abort (void)
-{
- struct stat st;
- p11_save_file *file;
- char *filename;
- char *path;
- bool ret;
-
- if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
- assert_not_reached ();
-
- file = p11_save_open_file (filename, NULL, 0);
- assert_ptr_not_null (file);
-
- path = NULL;
- ret = p11_save_finish_file (file, &path, false);
- assert_num_eq (true, ret);
- assert (path == NULL);
-
- if (stat (filename, &st) >= 0 || errno != ENOENT)
- assert_fail ("file should not exist", filename);
-
- free (filename);
-}
-
-
-static void
-test_directory_empty (void)
-{
- p11_save_dir *dir;
- char *subdir;
- bool ret;
-
- if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
- assert_not_reached ();
-
- dir = p11_save_open_directory (subdir, 0);
- assert_ptr_not_null (dir);
-
- ret = p11_save_finish_directory (dir, true);
- assert_num_eq (true, ret);
-
- test_check_directory (subdir, (NULL, NULL));
-
- assert (rmdir (subdir) >= 0);
- free (subdir);
-}
-
-static void
-test_directory_files (void)
-{
- char *path;
- char *check;
- p11_save_file *file;
- p11_save_dir *dir;
- char *subdir;
- bool ret;
-
- if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
- assert_not_reached ();
-
- dir = p11_save_open_directory (subdir, 0);
- assert_ptr_not_null (dir);
-
- file = p11_save_open_file_in (dir, "blah", ".cer");
- assert_ptr_not_null (file);
- ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
- assert_num_eq (true, ret);
- ret = p11_save_finish_file (file, &path, true);
- assert_num_eq (true, ret);
- if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0)
- assert_not_reached ();
- assert_str_eq (check, path);
- free (check);
- free (path);
-
- file = p11_save_open_file_in (dir, "file", ".txt");
- assert_ptr_not_null (file);
- ret = p11_save_write (file, test_text, strlen (test_text));
- assert_num_eq (true, ret);
- ret = p11_save_finish_file (file, &path, true);
- assert_num_eq (true, ret);
- if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0)
- assert_not_reached ();
- assert_str_eq (check, path);
- free (check);
- free (path);
-
-#ifdef OS_UNIX
- ret = p11_save_symlink_in (dir, "link", ".ext", "/the/destination");
- assert_num_eq (true, ret);
-#endif
-
- ret = p11_save_finish_directory (dir, true);
- assert_num_eq (true, ret);
-
- test_check_directory (subdir, ("blah.cer", "file.txt",
-#ifdef OS_UNIX
- "link.ext",
-#endif
- NULL));
- test_check_file (subdir, "blah.cer", SRCDIR "/trust/fixtures/cacert3.der");
- test_check_data (subdir, "file.txt", test_text, strlen (test_text));
-#ifdef OS_UNIX
- test_check_symlink (subdir, "link.ext", "/the/destination");
-#endif
-
- assert (rmdir (subdir) >= 0);
- free (subdir);
-}
-
-static void
-test_directory_dups (void)
-{
- char *path;
- char *check;
- p11_save_file *file;
- p11_save_dir *dir;
- char *subdir;
- bool ret;
-
- if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
- assert_not_reached ();
-
- dir = p11_save_open_directory (subdir, 0);
- assert_ptr_not_null (dir);
-
- file = p11_save_open_file_in (dir, "file", ".txt");
- assert_ptr_not_null (file);
- ret = p11_save_write (file, test_text, 5);
- assert_num_eq (true, ret);
- ret = p11_save_finish_file (file, &path, true);
- assert_num_eq (true, ret);
- if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0)
- assert_not_reached ();
- assert_str_eq (check, path);
- free (check);
- free (path);
-
- file = p11_save_open_file_in (dir, "file", ".txt");
- assert_ptr_not_null (file);
- ret = p11_save_write (file, test_text, 10);
- assert_num_eq (true, ret);
- ret = p11_save_finish_file (file, &path, true);
- assert_num_eq (true, ret);
- if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0)
- assert_not_reached ();
- assert_str_eq (check, path);
- free (check);
- free (path);
-
- ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"),
- test_text, 15);
- assert_num_eq (true, ret);
-
- ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL),
- test_text, 8);
- assert_num_eq (true, ret);
-
- ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL),
- test_text, 16);
- assert_num_eq (true, ret);
-
- ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"),
- test_text, 14);
- assert_num_eq (true, ret);
-
- ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0"),
- test_text, 15);
- assert_num_eq (true, ret);
-
-#ifdef OS_UNIX
- ret = p11_save_symlink_in (dir, "link", ".0", "/destination1");
- assert_num_eq (true, ret);
-
- ret = p11_save_symlink_in (dir, "link", ".0", "/destination2");
- assert_num_eq (true, ret);
-#endif
-
- ret = p11_save_finish_directory (dir, true);
- assert_num_eq (true, ret);
-
- test_check_directory (subdir, ("file.txt", "file.1.txt", "file.2.txt",
- "no-ext", "no-ext.1",
- "with-num.0", "with-num.1",
-#ifdef OS_UNIX
- "link.0", "link.1",
-#endif
- NULL));
- test_check_data (subdir, "file.txt", test_text, 5);
- test_check_data (subdir, "file.1.txt", test_text, 10);
- test_check_data (subdir, "file.2.txt", test_text, 15);
- test_check_data (subdir, "no-ext", test_text, 8);
- test_check_data (subdir, "no-ext.1", test_text, 16);
- test_check_data (subdir, "with-num.0", test_text, 14);
- test_check_data (subdir, "with-num.1", test_text, 15);
-#ifdef OS_UNIX
- test_check_symlink (subdir, "link.0", "/destination1");
- test_check_symlink (subdir, "link.1", "/destination2");
-#endif
-
- assert (rmdir (subdir) >= 0);
- free (subdir);
-}
-
-static void
-test_directory_exists (void)
-{
- p11_save_dir *dir;
- char *subdir;
-
- if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
- assert_not_reached ();
-
-#ifdef OS_UNIX
- if (mkdir (subdir, S_IRWXU) < 0)
-#else
- if (mkdir (subdir) < 0)
-#endif
- assert_fail ("mkdir() failed", subdir);
-
- p11_message_quiet ();
-
- dir = p11_save_open_directory (subdir, 0);
- assert_ptr_eq (NULL, dir);
-
- p11_message_loud ();
-
- rmdir (subdir);
- free (subdir);
-}
-
-static void
-test_directory_overwrite (void)
-{
- char *path;
- char *check;
- p11_save_file *file;
- p11_save_dir *dir;
- char *subdir;
- bool ret;
-
- if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
- assert_not_reached ();
-
- /* Some initial files into this directory, which get overwritten */
- dir = p11_save_open_directory (subdir, 0);
- ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt"), "", 0) &&
- p11_save_write_and_finish (p11_save_open_file_in (dir, "another-file", NULL), "", 0) &&
- p11_save_write_and_finish (p11_save_open_file_in (dir, "third-file", NULL), "", 0) &&
- p11_save_finish_directory (dir, true);
- assert (ret && dir);
-
- /* Now the actual test, using the same directory */
- dir = p11_save_open_directory (subdir, P11_SAVE_OVERWRITE);
- assert_ptr_not_null (dir);
-
- file = p11_save_open_file_in (dir, "blah", ".cer");
- assert_ptr_not_null (file);
- ret = p11_save_write (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
- assert_num_eq (true, ret);
- ret = p11_save_finish_file (file, &path, true);
- assert_num_eq (true, ret);
- if (asprintf (&check, "%s/%s", subdir, "blah.cer") < 0)
- assert_not_reached ();
- assert_str_eq (check, path);
- free (check);
- free (path);
-
- file = p11_save_open_file_in (dir, "file", ".txt");
- assert_ptr_not_null (file);
- ret = p11_save_write (file, test_text, strlen (test_text));
- assert_num_eq (true, ret);
- ret = p11_save_finish_file (file, &path, true);
- assert_num_eq (true, ret);
- if (asprintf (&check, "%s/%s", subdir, "file.txt") < 0)
- assert_not_reached ();
- assert_str_eq (check, path);
- free (check);
- free (path);
-
- file = p11_save_open_file_in (dir, "file", ".txt");
- assert_ptr_not_null (file);
- ret = p11_save_write (file, test_text, 10);
- assert_num_eq (true, ret);
- ret = p11_save_finish_file (file, &path, true);
- assert_num_eq (true, ret);
- if (asprintf (&check, "%s/%s", subdir, "file.1.txt") < 0)
- assert_not_reached ();
- assert_str_eq (check, path);
- free (check);
- free (path);
-
- ret = p11_save_finish_directory (dir, true);
- assert_num_eq (true, ret);
-
- test_check_directory (subdir, ("blah.cer", "file.txt", "file.1.txt", NULL));
- test_check_data (subdir, "blah.cer", test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
- test_check_data (subdir, "file.txt", test_text, strlen (test_text));
- test_check_data (subdir, "file.1.txt", test_text, 10);
-
- assert (rmdir (subdir) >= 0);
- free (subdir);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_fixture (setup, teardown);
- p11_test (test_file_write, "/save/test_file_write");
- p11_test (test_file_exists, "/save/test_file_exists");
- p11_test (test_file_bad_directory, "/save/test_file_bad_directory");
- p11_test (test_file_overwrite, "/save/test_file_overwrite");
- p11_test (test_file_unique, "/save/file-unique");
- p11_test (test_file_auto_empty, "/save/test_file_auto_empty");
- p11_test (test_file_auto_length, "/save/test_file_auto_length");
-
- p11_fixture (NULL, NULL);
- p11_test (test_write_with_null, "/save/test_write_with_null");
- p11_test (test_write_and_finish_with_null, "/save/test_write_and_finish_with_null");
-
- p11_fixture (setup, teardown);
- p11_test (test_file_abort, "/save/test_file_abort");
-
- p11_test (test_directory_empty, "/save/test_directory_empty");
- p11_test (test_directory_files, "/save/test_directory_files");
- p11_test (test_directory_dups, "/save/test_directory_dups");
- p11_test (test_directory_exists, "/save/test_directory_exists");
- p11_test (test_directory_overwrite, "/save/test_directory_overwrite");
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-token.c b/trust/test-token.c
deleted file mode 100644
index d4c89ce..0000000
--- a/trust/test-token.c
+++ /dev/null
@@ -1,793 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-#include "test-trust.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "attrs.h"
-#include "debug.h"
-#include "parser.h"
-#include "path.h"
-#include "pkcs11x.h"
-#include "message.h"
-#include "token.h"
-
-static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
-static CK_OBJECT_CLASS data = CKO_DATA;
-static CK_BBOOL falsev = CK_FALSE;
-static CK_BBOOL truev = CK_TRUE;
-
-struct {
- p11_token *token;
- p11_index *index;
- p11_parser *parser;
- char *directory;
-} test;
-
-static void
-setup (void *path)
-{
- test.token = p11_token_new (333, path, "Label");
- assert_ptr_not_null (test.token);
-
- test.index = p11_token_index (test.token);
- assert_ptr_not_null (test.token);
-
- test.parser = p11_token_parser (test.token);
- assert_ptr_not_null (test.parser);
-}
-
-static void
-setup_temp (void *unused)
-{
- test.directory = p11_test_directory ("test-module");
- setup (test.directory);
-}
-
-static void
-teardown (void *path)
-{
- p11_token_free (test.token);
- memset (&test, 0, sizeof (test));
-}
-
-static void
-teardown_temp (void *unused)
-{
- p11_test_directory_delete (test.directory);
- teardown (test.directory);
- free (test.directory);
-}
-
-static void
-test_token_load (void *path)
-{
- p11_index *index;
- int count;
-
- count = p11_token_load (test.token);
- assert_num_eq (6, count);
-
- /* A certificate and trust object for each parsed object */
- index = p11_token_index (test.token);
- assert (((count - 1) * 2) + 1 <= p11_index_size (index));
-}
-
-static void
-test_token_flags (void *path)
-{
- /*
- * blacklist comes from the input/distrust.pem file. It is not in the blacklist
- * directory, but is an OpenSSL trusted certificate file, and is marked
- * in the blacklist style for OpenSSL.
- */
-
- CK_ATTRIBUTE blacklist[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_LABEL, "Red Hat Is the CA", 17 },
- { CKA_SERIAL_NUMBER, "\x02\x01\x01", 3 },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
- { CKA_INVALID },
- };
-
- /*
- * blacklist2 comes from the input/blacklist/self-server.der file. It is
- * explicitly put on the blacklist, even though it containts no trust
- * policy information.
- */
-
- const unsigned char self_server_subject[] = {
- 0x30, 0x4b, 0x31, 0x13, 0x30, 0x11, 0x06, 0x0a, 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64,
- 0x01, 0x19, 0x16, 0x03, 0x43, 0x4f, 0x4d, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0a, 0x09, 0x92, 0x26,
- 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01, 0x19, 0x16, 0x07, 0x45, 0x58, 0x41, 0x4d, 0x50, 0x4c, 0x45,
- 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x12, 0x73, 0x65, 0x72, 0x76, 0x65,
- 0x72, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d,
- };
-
- CK_ATTRIBUTE blacklist2[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)self_server_subject, sizeof (self_server_subject) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &truev, sizeof (truev) },
- { CKA_INVALID },
- };
-
- /*
- * anchor comes from the input/anchors/cacert3.der file. It is
- * explicitly marked as an anchor, even though it containts no trust
- * policy information.
- */
-
- CK_ATTRIBUTE anchor[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_TRUSTED, &truev, sizeof (truev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- const unsigned char cacert_root_subject[] = {
- 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f,
- 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68,
- 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74,
- 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43,
- 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86,
- 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74,
- 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67,
- };
-
- /*
- * notrust comes from the input/cacert-ca.der file. It contains no
- * trust information, and is not explicitly marked as an anchor, so
- * it's neither trusted or distrusted.
- */
-
- CK_ATTRIBUTE notrust[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)cacert_root_subject, sizeof (cacert_root_subject) },
- { CKA_TRUSTED, &falsev, sizeof (falsev) },
- { CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *expected[] = {
- anchor,
- blacklist,
- blacklist2,
- notrust,
- NULL,
- };
-
- CK_OBJECT_HANDLE handle;
- CK_ATTRIBUTE *object;
- int i;
-
- if (p11_token_load (test.token) < 0)
- assert_not_reached ();
-
- /* The other objects */
- for (i = 0; expected[i]; i++) {
- handle = p11_index_find (p11_token_index (test.token), expected[i], 2);
- assert (handle != 0);
-
- object = p11_index_lookup (p11_token_index (test.token), handle);
- assert_ptr_not_null (object);
-
- test_check_attrs (expected[i], object);
- }
-}
-
-static void
-test_token_path (void *path)
-{
- assert_str_eq (path, p11_token_get_path (test.token));
-}
-
-static void
-test_token_label (void *path)
-{
- assert_str_eq ("Label", p11_token_get_label (test.token));
-}
-
-static void
-test_token_slot (void *path)
-{
- assert_num_eq (333, p11_token_get_slot (test.token));
-}
-
-static void
-test_not_writable (void)
-{
- p11_token *token;
-
-#ifdef OS_UNIX
- if (getuid () != 0) {
-#endif
- token = p11_token_new (333, "/", "Label");
- assert (!p11_token_is_writable (token));
- p11_token_free (token);
-#ifdef OS_UNIX
- }
-#endif
-
- token = p11_token_new (333, "", "Label");
- assert (!p11_token_is_writable (token));
- p11_token_free (token);
-
- token = p11_token_new (333, "/non-existant", "Label");
- assert (!p11_token_is_writable (token));
- p11_token_free (token);
-}
-
-static void
-test_writable_exists (void)
-{
- /* A writable directory since we created it */
- assert (p11_token_is_writable (test.token));
-}
-
-static void
-test_writable_no_exist (void)
-{
- char *directory;
- p11_token *token;
- char *path;
-
- directory = p11_test_directory ("test-module");
-
- path = p11_path_build (directory, "subdir", NULL);
- assert (path != NULL);
-
- token = p11_token_new (333, path, "Label");
- free (path);
-
- /* A writable directory since parent is writable */
- assert (p11_token_is_writable (token));
-
- p11_token_free (token);
-
- if (rmdir (directory) < 0)
- assert_not_reached ();
-
- free (directory);
-}
-
-static void
-test_load_already (void)
-{
- CK_ATTRIBUTE cert[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_INVALID },
- };
-
- CK_OBJECT_HANDLE handle;
- int ret;
-
- p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
- sizeof (test_cacert3_ca_der));
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 1);
- handle = p11_index_find (test.index, cert, -1);
- assert (handle != 0);
-
- /* Have to wait to make sure changes are detected */
- p11_sleep_ms (1100);
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 0);
- assert_num_eq (p11_index_find (test.index, cert, -1), handle);
-}
-
-static void
-test_load_unreadable (void)
-{
- CK_ATTRIBUTE cert[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_INVALID },
- };
-
- int ret;
-
- p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
- sizeof (test_cacert3_ca_der));
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 1);
- assert (p11_index_find (test.index, cert, -1) != 0);
-
- p11_test_file_write (test.directory, "test.cer", "", 0);
-
- /* Have to wait to make sure changes are detected */
- p11_sleep_ms (1100);
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 0);
- assert (p11_index_find (test.index, cert, -1) == 0);
-}
-
-static void
-test_load_gone (void)
-{
- CK_ATTRIBUTE cert[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_INVALID },
- };
-
- int ret;
-
- p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
- sizeof (test_cacert3_ca_der));
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 1);
- assert (p11_index_find (test.index, cert, -1) != 0);
-
- p11_test_file_delete (test.directory, "test.cer");
-
- /* Have to wait to make sure changes are detected */
- p11_sleep_ms (1100);
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 0);
- assert (p11_index_find (test.index, cert, -1) == 0);
-}
-
-static void
-test_load_found (void)
-{
- CK_ATTRIBUTE cert[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_INVALID },
- };
-
- int ret;
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 0);
- assert (p11_index_find (test.index, cert, -1) == 0);
-
- /* Have to wait to make sure changes are detected */
- p11_sleep_ms (1100);
-
- p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
- sizeof (test_cacert3_ca_der));
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 1);
- assert (p11_index_find (test.index, cert, -1) != 0);
-}
-
-static void
-test_reload_changed (void)
-{
- CK_ATTRIBUTE cacert3[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE verisign[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_OBJECT_HANDLE handle;
- int ret;
-
- /* Just one file */
- p11_test_file_write (test.directory, "test.cer", test_cacert3_ca_der,
- sizeof (test_cacert3_ca_der));
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 1);
- handle = p11_index_find (test.index, cacert3, -1);
- assert (handle != 0);
-
- /* Replace the file with verisign */
- p11_test_file_write (test.directory, "test.cer", verisign_v1_ca,
- sizeof (verisign_v1_ca));
-
- /* Add another file with cacert3, but not reloaded */
- p11_test_file_write (test.directory, "another.cer", test_cacert3_ca_der,
- sizeof (test_cacert3_ca_der));
-
- attrs = p11_index_lookup (test.index, handle);
- assert_ptr_not_null (attrs);
- if (!p11_token_reload (test.token, attrs))
- assert_not_reached ();
-
- assert (p11_index_find (test.index, cacert3, -1) == 0);
- assert (p11_index_find (test.index, verisign, -1) != 0);
-}
-
-static void
-test_reload_gone (void)
-{
- CK_ATTRIBUTE cacert3[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE verisign[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE *attrs;
- CK_OBJECT_HANDLE handle;
- int ret;
-
- /* Just one file */
- p11_test_file_write (test.directory, "cacert3.cer", test_cacert3_ca_der,
- sizeof (test_cacert3_ca_der));
- p11_test_file_write (test.directory, "verisign.cer", verisign_v1_ca,
- sizeof (verisign_v1_ca));
-
- ret = p11_token_load (test.token);
- assert_num_eq (ret, 2);
- handle = p11_index_find (test.index, cacert3, -1);
- assert (handle != 0);
- assert (p11_index_find (test.index, verisign, -1) != 0);
-
- p11_test_file_delete (test.directory, "cacert3.cer");
- p11_test_file_delete (test.directory, "verisign.cer");
-
- attrs = p11_index_lookup (test.index, handle);
- assert_ptr_not_null (attrs);
- if (p11_token_reload (test.token, attrs))
- assert_not_reached ();
-
- assert (p11_index_find (test.index, cacert3, -1) == 0);
- assert (p11_index_find (test.index, verisign, -1) != 0);
-}
-
-static void
-test_reload_no_origin (void)
-{
- CK_ATTRIBUTE cacert3[] = {
- { CKA_CLASS, &certificate, sizeof (certificate) },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_INVALID },
- };
-
- if (p11_token_reload (test.token, cacert3))
- assert_not_reached ();
-}
-
-static void
-test_write_new (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "Yay!", 4 },
- { CKA_VALUE, "eight", 5 },
- { CKA_TOKEN, &truev, sizeof (truev) },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "Yay!", 4 },
- { CKA_VALUE, "eight", 5 },
- { CKA_APPLICATION, "", 0 },
- { CKA_OBJECT_ID, "", 0 },
- { CKA_INVALID }
- };
-
- CK_OBJECT_HANDLE handle;
- p11_array *parsed;
- char *path;
- CK_RV rv;
- int ret;
-
- rv = p11_index_add (test.index, original, 4, &handle);
- assert_num_eq (rv, CKR_OK);
-
- /* The expected file name */
- path = p11_path_build (test.directory, "Yay_.p11-kit", NULL);
- ret = p11_parse_file (test.parser, path, NULL, 0);
- assert_num_eq (ret, P11_PARSE_SUCCESS);
- free (path);
-
- parsed = p11_parser_parsed (test.parser);
- assert_num_eq (parsed->num, 1);
-
- test_check_attrs (expected, parsed->elem[0]);
-}
-
-static void
-test_write_no_label (void)
-{
- CK_ATTRIBUTE original[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_VALUE, "eight", 5 },
- { CKA_TOKEN, &truev, sizeof (truev) },
- { CKA_INVALID }
- };
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "", 0 },
- { CKA_VALUE, "eight", 5 },
- { CKA_APPLICATION, "", 0 },
- { CKA_OBJECT_ID, "", 0 },
- { CKA_INVALID }
- };
-
- CK_OBJECT_HANDLE handle;
- p11_array *parsed;
- char *path;
- CK_RV rv;
- int ret;
-
- rv = p11_index_add (test.index, original, 4, &handle);
- assert_num_eq (rv, CKR_OK);
-
- /* The expected file name */
- path = p11_path_build (test.directory, "data.p11-kit", NULL);
- ret = p11_parse_file (test.parser, path, NULL, 0);
- assert_num_eq (ret, P11_PARSE_SUCCESS);
- free (path);
-
- parsed = p11_parser_parsed (test.parser);
- assert_num_eq (parsed->num, 1);
-
- test_check_attrs (expected, parsed->elem[0]);
-}
-
-static void
-test_modify_multiple (void)
-{
- const char *test_data =
- "[p11-kit-object-v1]\n"
- "class: data\n"
- "label: \"first\"\n"
- "value: \"1\"\n"
- "\n"
- "[p11-kit-object-v1]\n"
- "class: data\n"
- "label: \"second\"\n"
- "value: \"2\"\n"
- "\n"
- "[p11-kit-object-v1]\n"
- "class: data\n"
- "label: \"third\"\n"
- "value: \"3\"\n";
-
- CK_ATTRIBUTE first[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "first", 5 },
- { CKA_VALUE, "1", 1 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE second[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "zwei", 4 },
- { CKA_VALUE, "2", 2 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE third[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "third", 5 },
- { CKA_VALUE, "3", 1 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 };
-
- CK_OBJECT_HANDLE handle;
- p11_array *parsed;
- char *path;
- int ret;
- CK_RV rv;
-
- p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data));
-
- /* Reload now that we have this new file */
- p11_token_load (test.token);
-
- handle = p11_index_find (test.index, &match, 1);
-
- rv = p11_index_update (test.index, handle, p11_attrs_dup (second));
- assert_num_eq (rv, CKR_OK);
-
- /* Now read in the file and make sure it has all the objects */
- path = p11_path_build (test.directory, "Test.p11-kit", NULL);
- ret = p11_parse_file (test.parser, path, NULL, 0);
- assert_num_eq (ret, P11_PARSE_SUCCESS);
- free (path);
-
- parsed = p11_parser_parsed (test.parser);
- assert_num_eq (parsed->num, 3);
-
- /* The modified one will be first */
- test_check_attrs (second, parsed->elem[0]);
- test_check_attrs (first, parsed->elem[1]);
- test_check_attrs (third, parsed->elem[2]);
-}
-
-static void
-test_remove_one (void)
-{
- const char *test_data =
- "[p11-kit-object-v1]\n"
- "class: data\n"
- "label: \"first\"\n"
- "value: \"1\"\n"
- "\n";
-
- CK_ATTRIBUTE match = { CKA_LABEL, "first", 5 };
-
- CK_OBJECT_HANDLE handle;
- CK_RV rv;
-
- p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data));
- test_check_directory (test.directory, ("Test.p11-kit", NULL));
-
- /* Reload now that we have this new file */
- p11_token_load (test.token);
-
- handle = p11_index_find (test.index, &match, 1);
- assert_num_cmp (handle, !=, 0);
-
- rv = p11_index_remove (test.index, handle);
- assert_num_eq (rv, CKR_OK);
-
- /* No other files in the test directory, all files gone */
- test_check_directory (test.directory, (NULL, NULL));
-}
-
-static void
-test_remove_multiple (void)
-{
- const char *test_data =
- "[p11-kit-object-v1]\n"
- "class: data\n"
- "label: \"first\"\n"
- "value: \"1\"\n"
- "\n"
- "[p11-kit-object-v1]\n"
- "class: data\n"
- "label: \"second\"\n"
- "value: \"2\"\n"
- "\n"
- "[p11-kit-object-v1]\n"
- "class: data\n"
- "label: \"third\"\n"
- "value: \"3\"\n";
-
- CK_ATTRIBUTE first[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "first", 5 },
- { CKA_VALUE, "1", 1 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE third[] = {
- { CKA_CLASS, &data, sizeof (data) },
- { CKA_LABEL, "third", 5 },
- { CKA_VALUE, "3", 1 },
- { CKA_INVALID },
- };
-
- CK_ATTRIBUTE match = { CKA_LABEL, "second", 6 };
-
- CK_OBJECT_HANDLE handle;
- p11_array *parsed;
- char *path;
- int ret;
- CK_RV rv;
-
- p11_test_file_write (test.directory, "Test.p11-kit", test_data, strlen (test_data));
-
- /* Reload now that we have this new file */
- p11_token_load (test.token);
-
- handle = p11_index_find (test.index, &match, 1);
- assert_num_cmp (handle, !=, 0);
-
- rv = p11_index_remove (test.index, handle);
- assert_num_eq (rv, CKR_OK);
-
- /* Now read in the file and make sure it has all the objects */
- path = p11_path_build (test.directory, "Test.p11-kit", NULL);
- ret = p11_parse_file (test.parser, path, NULL, 0);
- assert_num_eq (ret, P11_PARSE_SUCCESS);
- free (path);
-
- parsed = p11_parser_parsed (test.parser);
- assert_num_eq (parsed->num, 2);
-
- /* The modified one will be first */
- test_check_attrs (first, parsed->elem[0]);
- test_check_attrs (third, parsed->elem[1]);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_fixture (setup, teardown);
- p11_testx (test_token_load, SRCDIR "/trust/input", "/token/load");
- p11_testx (test_token_flags, SRCDIR "/trust/input", "/token/flags");
- p11_testx (test_token_path, "/wheee", "/token/path");
- p11_testx (test_token_label, "/wheee", "/token/label");
- p11_testx (test_token_slot, "/unneeded", "/token/slot");
-
- p11_fixture (NULL, NULL);
- p11_test (test_not_writable, "/token/not-writable");
- p11_test (test_writable_no_exist, "/token/writable-no-exist");
-
- p11_fixture (setup_temp, teardown_temp);
- p11_test (test_writable_exists, "/token/writable-exists");
- p11_test (test_load_found, "/token/load-found");
- p11_test (test_load_already, "/token/load-already");
- p11_test (test_load_unreadable, "/token/load-unreadable");
- p11_test (test_load_gone, "/token/load-gone");
- p11_test (test_reload_changed, "/token/reload-changed");
- p11_test (test_reload_gone, "/token/reload-gone");
- p11_test (test_reload_no_origin, "/token/reload-no-origin");
- p11_test (test_write_new, "/token/write-new");
- p11_test (test_write_no_label, "/token/write-no-label");
- p11_test (test_modify_multiple, "/token/modify-multiple");
- p11_test (test_remove_one, "/token/remove-one");
- p11_test (test_remove_multiple, "/token/remove-multiple");
-
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-trust.c b/trust/test-trust.c
deleted file mode 100644
index 802007d..0000000
--- a/trust/test-trust.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-
-#include "attrs.h"
-#include "debug.h"
-#include "message.h"
-#include "path.h"
-#include "test.h"
-
-#include "test-trust.h"
-
-#include <sys/stat.h>
-
-#include <assert.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-
-#ifdef OS_UNIX
-#include <paths.h>
-#endif
-
-void
-test_check_object_msg (const char *file,
- int line,
- const char *function,
- CK_ATTRIBUTE *attrs,
- CK_OBJECT_CLASS klass,
- const char *label)
-{
- CK_BBOOL vfalse = CK_FALSE;
-
- CK_ATTRIBUTE expected[] = {
- { CKA_PRIVATE, &vfalse, sizeof (vfalse) },
- { CKA_CLASS, &klass, sizeof (klass) },
- { label ? CKA_LABEL : CKA_INVALID, (void *)label, label ? strlen (label) : 0 },
- { CKA_INVALID },
- };
-
- test_check_attrs_msg (file, line, function, expected, attrs);
-}
-
-void
-test_check_cacert3_ca_msg (const char *file,
- int line,
- const char *function,
- CK_ATTRIBUTE *attrs,
- const char *label)
-{
- CK_CERTIFICATE_TYPE x509 = CKC_X_509;
- CK_ULONG category = 2; /* authority */
-
- CK_ATTRIBUTE expected[] = {
- { CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
- { CKA_CERTIFICATE_CATEGORY, &category, sizeof (category) },
- { CKA_VALUE, (void *)test_cacert3_ca_der, sizeof (test_cacert3_ca_der) },
- { CKA_CHECK_VALUE, "\xad\x7c\x3f", 3 },
- { CKA_START_DATE, "20110523", 8 },
- { CKA_END_DATE, "20210520", 8, },
- { CKA_SUBJECT, (void *)test_cacert3_ca_subject, sizeof (test_cacert3_ca_subject) },
- { CKA_ISSUER, (void *)test_cacert3_ca_issuer, sizeof (test_cacert3_ca_issuer) },
- { CKA_SERIAL_NUMBER, (void *)test_cacert3_ca_serial, sizeof (test_cacert3_ca_serial) },
- { CKA_INVALID },
- };
-
- test_check_object_msg (file, line, function, attrs, CKO_CERTIFICATE, label);
- test_check_attrs_msg (file, line, function, expected, attrs);
-}
-
-void
-test_check_id_msg (const char *file,
- int line,
- const char *function,
- CK_ATTRIBUTE *expected,
- CK_ATTRIBUTE *attr)
-{
- CK_ATTRIBUTE *one;
- CK_ATTRIBUTE *two;
-
- one = p11_attrs_find (expected, CKA_ID);
- two = p11_attrs_find (attr, CKA_ID);
-
- test_check_attr_msg (file, line, function, CKA_INVALID, one, two);
-}
-
-void
-test_check_attrs_msg (const char *file,
- int line,
- const char *function,
- CK_ATTRIBUTE *expected,
- CK_ATTRIBUTE *attrs)
-{
- CK_OBJECT_CLASS klass;
- CK_ATTRIBUTE *attr;
-
- assert (expected != NULL);
-
- if (!p11_attrs_find_ulong (expected, CKA_CLASS, &klass))
- klass = CKA_INVALID;
-
- while (!p11_attrs_terminator (expected)) {
- attr = p11_attrs_find (attrs, expected->type);
- test_check_attr_msg (file, line, function, klass, expected, attr);
- expected++;
- }
-}
-
-void
-test_check_attr_msg (const char *file,
- int line,
- const char *function,
- CK_OBJECT_CLASS klass,
- CK_ATTRIBUTE *expected,
- CK_ATTRIBUTE *attr)
-{
- assert (expected != NULL);
-
- if (attr == NULL) {
- p11_test_fail (file, line, function,
- "attribute does not match: (expected %s but found NULL)",
- p11_attr_to_string (expected, klass));
- }
-
- if (!p11_attr_equal (attr, expected)) {
- p11_test_fail (file, line, function,
- "attribute does not match: (expected %s but found %s)",
- p11_attr_to_string (expected, klass),
- attr ? p11_attr_to_string (attr, klass) : "(null)");
- }
-}
-
-static char *
-read_file (const char *file,
- int line,
- const char *function,
- const char *filename,
- long *len)
-{
- struct stat sb;
- FILE *f = NULL;
- char *data;
-
- f = fopen (filename, "rb");
- if (f == NULL)
- p11_test_fail (file, line, function, "Couldn't open file: %s", filename);
-
- /* Figure out size */
- if (stat (filename, &sb) < 0)
- p11_test_fail (file, line, function, "Couldn't stat file: %s", filename);
-
- *len = sb.st_size;
- data = malloc (*len ? *len : 1);
- assert (data != NULL);
-
- /* And read in one block */
- if (fread (data, 1, *len, f) != *len)
- p11_test_fail (file, line, function, "Couldn't read file: %s", filename);
-
- fclose (f);
-
- return data;
-}
-
-void
-test_check_file_msg (const char *file,
- int line,
- const char *function,
- const char *directory,
- const char *name,
- const char *reference)
-{
- char *refdata;
- long reflen;
-
- refdata = read_file (file, line, function, reference, &reflen);
- test_check_data_msg (file, line, function, directory, name, refdata, reflen);
- free (refdata);
-}
-
-void
-test_check_data_msg (const char *file,
- int line,
- const char *function,
- const char *directory,
- const char *name,
- const void *refdata,
- long reflen)
-{
- char *filedata;
- char *filename;
- long filelen;
-
- if (asprintf (&filename, "%s/%s", directory, name) < 0)
- assert_not_reached ();
-
- filedata = read_file (file, line, function, filename, &filelen);
-
- if (filelen != reflen || memcmp (filedata, refdata, reflen) != 0)
- p11_test_fail (file, line, function, "File contents not as expected: %s", filename);
-
- if (unlink (filename) < 0)
- p11_test_fail (file, line, function, "Couldn't remove file: %s", filename);
- free (filename);
- free (filedata);
-}
-
-#ifdef OS_UNIX
-
-void
-test_check_symlink_msg (const char *file,
- int line,
- const char *function,
- const char *directory,
- const char *name,
- const char *destination)
-{
- char buf[1024] = { 0, };
- char *filename;
-
- if (asprintf (&filename, "%s/%s", directory, name) < 0)
- assert_not_reached ();
-
- if (readlink (filename, buf, sizeof (buf)) < 0)
- p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename);
-
- if (strcmp (destination, buf) != 0)
- p11_test_fail (file, line, function, "Symlink contents wrong: %s != %s", destination, buf);
-
- if (unlink (filename) < 0)
- p11_test_fail (file, line, function, "Couldn't remove symlink: %s", filename);
- free (filename);
-}
-
-#endif /* OS_UNIX */
-
-p11_dict *
-test_check_directory_files (const char *file,
- ...)
-{
- p11_dict *files;
- va_list va;
-
- files = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
-
- va_start (va, file);
-
- while (file != NULL) {
- if (!p11_dict_set (files, (void *)file, (void *)file))
- return_val_if_reached (NULL);
- file = va_arg (va, const char *);
- }
-
- va_end (va);
-
- return files;
-}
-
-void
-test_check_directory_msg (const char *file,
- int line,
- const char *function,
- const char *directory,
- p11_dict *files)
-{
- p11_dictiter iter;
- struct dirent *dp;
- const char *name;
- DIR *dir;
-
- dir = opendir (directory);
- if (dir == NULL)
- p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory);
-
- while ((dp = readdir (dir)) != NULL) {
- if (strcmp (dp->d_name, ".") == 0 ||
- strcmp (dp->d_name, "..") == 0)
- continue;
-
- if (!p11_dict_remove (files, dp->d_name))
- p11_test_fail (file, line, function, "Unexpected file in directory: %s", dp->d_name);
- }
-
- closedir (dir);
-
-#ifdef OS_UNIX
- if (chmod (directory, S_IRWXU) < 0)
- p11_test_fail (file, line, function, "couldn't chown directory: %s: %s", directory, strerror (errno));
-#endif
-
- p11_dict_iterate (files, &iter);
- while (p11_dict_next (&iter, (void **)&name, NULL))
- p11_test_fail (file, line, function, "Couldn't find file in directory: %s", name);
-
- p11_dict_free (files);
-}
diff --git a/trust/test-trust.h b/trust/test-trust.h
deleted file mode 100644
index 81c779c..0000000
--- a/trust/test-trust.h
+++ /dev/null
@@ -1,431 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "dict.h"
-#include "pkcs11.h"
-#include "test.h"
-
-#include <sys/types.h>
-#include <stdlib.h>
-
-#ifndef TEST_DATA_H_
-#define TEST_DATA_H_
-
-#define test_check_object(attrs, klass, label) \
- test_check_object_msg (__FILE__, __LINE__, __FUNCTION__, attrs, klass, label)
-
-void test_check_object_msg (const char *file,
- int line,
- const char *function,
- CK_ATTRIBUTE *attrs,
- CK_OBJECT_CLASS klass,
- const char *label);
-
-#define test_check_cacert3_ca(attrs, label) \
- test_check_cacert3_ca_msg (__FILE__, __LINE__, __FUNCTION__, attrs, label)
-
-void test_check_cacert3_ca_msg (const char *file,
- int line,
- const char *function,
- CK_ATTRIBUTE *attrs,
- const char *label);
-
-#define test_check_attrs(expected, attrs) \
- test_check_attrs_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs)
-
-void test_check_attrs_msg (const char *file,
- int line,
- const char *function,
- CK_ATTRIBUTE *expected,
- CK_ATTRIBUTE *attrs);
-
-#define test_check_attr(expected, attr) \
- test_check_attr_msg (__FILE__, __LINE__, __FUNCTION__, CKA_INVALID, expected, attr)
-
-void test_check_attr_msg (const char *file,
- int line,
- const char *function,
- CK_OBJECT_CLASS klass,
- CK_ATTRIBUTE *expected,
- CK_ATTRIBUTE *attr);
-
-#define test_check_id(expected, attrs) \
- test_check_id_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs)
-
-void test_check_id_msg (const char *file,
- int line,
- const char *function,
- CK_ATTRIBUTE *expected,
- CK_ATTRIBUTE *attr);
-
-static const unsigned char test_cacert3_ca_der[] = {
- 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a,
- 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
- 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f,
- 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15,
- 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72,
- 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19,
- 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20,
- 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a,
- 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72,
- 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d,
- 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32,
- 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14,
- 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20,
- 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68,
- 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74,
- 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43,
- 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f,
- 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82,
- 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43,
- 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda,
- 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24,
- 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe,
- 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5,
- 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8,
- 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c,
- 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82,
- 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2,
- 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60,
- 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a,
- 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21,
- 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a,
- 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74,
- 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f,
- 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3,
- 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed,
- 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc,
- 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54,
- 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b,
- 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29,
- 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8,
- 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba,
- 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41,
- 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70,
- 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9,
- 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c,
- 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9,
- 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f,
- 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac,
- 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66,
- 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40,
- 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09,
- 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c,
- 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30,
- 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16,
- 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2,
- 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
- 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06,
- 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
- 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06,
- 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69,
- 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31,
- 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12,
- 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f,
- 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
- 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
- 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
- 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e,
- 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b,
- 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
- 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63,
- 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41,
- 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31,
- 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70,
- 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72,
- 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31,
- 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27,
- 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63,
- 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68,
- 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86,
- 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79,
- 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
- 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f,
- 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43,
- 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
- 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85,
- 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c,
- 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04,
- 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72,
- 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47,
- 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe,
- 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c,
- 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8,
- 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33,
- 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7,
- 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7,
- 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac,
- 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e,
- 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a,
- 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39,
- 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18,
- 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56,
- 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0,
- 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00,
- 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed,
- 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58,
- 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06,
- 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3,
- 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b,
- 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7,
- 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7,
- 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9,
- 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38,
- 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3,
- 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d,
- 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f,
- 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4,
- 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a,
-};
-
-static const char test_cacert3_ca_subject[] = {
- 0x30, 0x54, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63,
- 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04,
- 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41,
- 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04,
- 0x03, 0x13, 0x13, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20,
- 0x33, 0x20, 0x52, 0x6f, 0x6f, 0x74,
-};
-
-static const char test_cacert3_ca_issuer[] = {
- 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f,
- 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68,
- 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74,
- 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43,
- 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86,
- 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74,
- 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67,
-};
-
-static const char test_cacert3_ca_serial[] = {
- 0x02, 0x03, 0x0a, 0x41, 0x8a,
-};
-
-static const char test_cacert3_ca_public_key[] = {
- 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01,
- 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43, 0xa9, 0xdd,
- 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda, 0x89, 0x7d,
- 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24, 0x99, 0x73,
- 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe, 0x7f, 0x64,
- 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5, 0x69, 0x01,
- 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8, 0xc5, 0x79,
- 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c, 0x9f, 0xcb,
- 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82, 0x8d, 0x09,
- 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2, 0xe3, 0xeb,
- 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60, 0x33, 0xbf,
- 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a, 0xa4, 0xd9,
- 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21, 0xec, 0x85,
- 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a, 0xd5, 0x3b,
- 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74, 0x15, 0x71,
- 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f, 0x8c, 0xf9,
- 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3, 0x64, 0x27,
- 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed, 0x5d, 0xaa,
- 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc, 0x0e, 0x42,
- 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54, 0x62, 0x34,
- 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b, 0xa0, 0x5b,
- 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29, 0xb7, 0xa2,
- 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8, 0x6c, 0x5f,
- 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba, 0x47, 0xd5,
- 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41, 0x03, 0x68,
- 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70, 0x3a, 0x98,
- 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9, 0xae, 0x60,
- 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c, 0x56, 0xe7,
- 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9, 0xa1, 0xd1,
- 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f, 0x2c, 0x86,
- 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac, 0x9d, 0xaf,
- 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66, 0x42, 0x74,
- 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40, 0x05, 0xfb,
- 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01,
-};
-
-static const unsigned char verisign_v1_ca[] = {
- 0x30, 0x82, 0x02, 0x3c, 0x30, 0x82, 0x01, 0xa5, 0x02, 0x10, 0x3f, 0x69, 0x1e, 0x81, 0x9c, 0xf0,
- 0x9a, 0x4a, 0xf3, 0x73, 0xff, 0xb9, 0x48, 0xa2, 0xe4, 0xdd, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86,
- 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06,
- 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04,
- 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63,
- 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73,
- 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61,
- 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e,
- 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x39, 0x36,
- 0x30, 0x31, 0x32, 0x39, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30,
- 0x38, 0x30, 0x32, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09,
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55,
- 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69, 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e,
- 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61,
- 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d,
- 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
- 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, 0x81, 0x9f, 0x30, 0x0d,
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d,
- 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf, 0x6d, 0xa3, 0x56, 0x61, 0x2d,
- 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e, 0x86, 0x80, 0x0a, 0x91, 0x0e,
- 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0, 0x9b, 0x24, 0x5d, 0x0d, 0x1f,
- 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a, 0x06, 0x9b, 0x10, 0xa1, 0x73,
- 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8, 0xa8, 0x3f, 0xaa, 0x12, 0x06,
- 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88, 0x09, 0xcd, 0x14, 0x11, 0xe2,
- 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47, 0x91, 0x29, 0xbb, 0x36, 0xc9,
- 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32, 0xb0, 0x7b, 0x30, 0xba, 0x2a,
- 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06,
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00,
- 0x58, 0x15, 0x29, 0x39, 0x3c, 0x77, 0xa3, 0xda, 0x5c, 0x25, 0x03, 0x7c, 0x60, 0xfa, 0xee, 0x09,
- 0x99, 0x3c, 0x27, 0x10, 0x70, 0xc8, 0x0c, 0x09, 0xe6, 0xb3, 0x87, 0xcf, 0x0a, 0xe2, 0x18, 0x96,
- 0x35, 0x62, 0xcc, 0xbf, 0x9b, 0x27, 0x79, 0x89, 0x5f, 0xc9, 0xc4, 0x09, 0xf4, 0xce, 0xb5, 0x1d,
- 0xdf, 0x2a, 0xbd, 0xe5, 0xdb, 0x86, 0x9c, 0x68, 0x25, 0xe5, 0x30, 0x7c, 0xb6, 0x89, 0x15, 0xfe,
- 0x67, 0xd1, 0xad, 0xe1, 0x50, 0xac, 0x3c, 0x7c, 0x62, 0x4b, 0x8f, 0xba, 0x84, 0xd7, 0x12, 0x15,
- 0x1b, 0x1f, 0xca, 0x5d, 0x0f, 0xc1, 0x52, 0x94, 0x2a, 0x11, 0x99, 0xda, 0x7b, 0xcf, 0x0c, 0x36,
- 0x13, 0xd5, 0x35, 0xdc, 0x10, 0x19, 0x59, 0xea, 0x94, 0xc1, 0x00, 0xbf, 0x75, 0x8f, 0xd9, 0xfa,
- 0xfd, 0x76, 0x04, 0xdb, 0x62, 0xbb, 0x90, 0x6a, 0x03, 0xd9, 0x46, 0x35, 0xd9, 0xf8, 0x7c, 0x5b,
-};
-
-static const unsigned char verisign_v1_ca_subject[] = {
- 0x30, 0x5f, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
- 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0e, 0x56, 0x65, 0x72, 0x69, 0x53, 0x69,
- 0x67, 0x6e, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x37, 0x30, 0x35, 0x06, 0x03, 0x55, 0x04,
- 0x0b, 0x13, 0x2e, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x31, 0x20, 0x50, 0x75, 0x62, 0x6c, 0x69,
- 0x63, 0x20, 0x50, 0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
- 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
- 0x79,
-};
-
-static const unsigned char verisign_v1_ca_public_key[] = {
- 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
- 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xe5, 0x19, 0xbf,
- 0x6d, 0xa3, 0x56, 0x61, 0x2d, 0x99, 0x48, 0x71, 0xf6, 0x67, 0xde, 0xb9, 0x8d, 0xeb, 0xb7, 0x9e,
- 0x86, 0x80, 0x0a, 0x91, 0x0e, 0xfa, 0x38, 0x25, 0xaf, 0x46, 0x88, 0x82, 0xe5, 0x73, 0xa8, 0xa0,
- 0x9b, 0x24, 0x5d, 0x0d, 0x1f, 0xcc, 0x65, 0x6e, 0x0c, 0xb0, 0xd0, 0x56, 0x84, 0x18, 0x87, 0x9a,
- 0x06, 0x9b, 0x10, 0xa1, 0x73, 0xdf, 0xb4, 0x58, 0x39, 0x6b, 0x6e, 0xc1, 0xf6, 0x15, 0xd5, 0xa8,
- 0xa8, 0x3f, 0xaa, 0x12, 0x06, 0x8d, 0x31, 0xac, 0x7f, 0xb0, 0x34, 0xd7, 0x8f, 0x34, 0x67, 0x88,
- 0x09, 0xcd, 0x14, 0x11, 0xe2, 0x4e, 0x45, 0x56, 0x69, 0x1f, 0x78, 0x02, 0x80, 0xda, 0xdc, 0x47,
- 0x91, 0x29, 0xbb, 0x36, 0xc9, 0x63, 0x5c, 0xc5, 0xe0, 0xd7, 0x2d, 0x87, 0x7b, 0xa1, 0xb7, 0x32,
- 0xb0, 0x7b, 0x30, 0xba, 0x2a, 0x2f, 0x31, 0xaa, 0xee, 0xa3, 0x67, 0xda, 0xdb, 0x02, 0x03, 0x01,
- 0x00, 0x01,
-};
-
-static const unsigned char example_public_key[] = {
- 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
- 0x00, 0xaf, 0x24, 0x08, 0x08, 0x29, 0x7a, 0x35, 0x9e, 0x60, 0x0c, 0xaa, 0xe7, 0x4b, 0x3b, 0x4e,
- 0xdc, 0x7c, 0xbc, 0x3c, 0x45, 0x1c, 0xbb, 0x2b, 0xe0, 0xfe, 0x29, 0x02, 0xf9, 0x57, 0x08, 0xa3,
- 0x64, 0x85, 0x15, 0x27, 0xf5, 0xf1, 0xad, 0xc8, 0x31, 0x89, 0x5d, 0x22, 0xe8, 0x2a, 0xaa, 0xa6,
- 0x42, 0xb3, 0x8f, 0xf8, 0xb9, 0x55, 0xb7, 0xb1, 0xb7, 0x4b, 0xb3, 0xfe, 0x8f, 0x7e, 0x07, 0x57,
- 0xec, 0xef, 0x43, 0xdb, 0x66, 0x62, 0x15, 0x61, 0xcf, 0x60, 0x0d, 0xa4, 0xd8, 0xde, 0xf8, 0xe0,
- 0xc3, 0x62, 0x08, 0x3d, 0x54, 0x13, 0xeb, 0x49, 0xca, 0x59, 0x54, 0x85, 0x26, 0xe5, 0x2b, 0x8f,
- 0x1b, 0x9f, 0xeb, 0xf5, 0xa1, 0x91, 0xc2, 0x33, 0x49, 0xd8, 0x43, 0x63, 0x6a, 0x52, 0x4b, 0xd2,
- 0x8f, 0xe8, 0x70, 0x51, 0x4d, 0xd1, 0x89, 0x69, 0x7b, 0xc7, 0x70, 0xf6, 0xb3, 0xdc, 0x12, 0x74,
- 0xdb, 0x7b, 0x5d, 0x4b, 0x56, 0xd3, 0x96, 0xbf, 0x15, 0x77, 0xa1, 0xb0, 0xf4, 0xa2, 0x25, 0xf2,
- 0xaf, 0x1c, 0x92, 0x67, 0x18, 0xe5, 0xf4, 0x06, 0x04, 0xef, 0x90, 0xb9, 0xe4, 0x00, 0xe4, 0xdd,
- 0x3a, 0xb5, 0x19, 0xff, 0x02, 0xba, 0xf4, 0x3c, 0xee, 0xe0, 0x8b, 0xeb, 0x37, 0x8b, 0xec, 0xf4,
- 0xd7, 0xac, 0xf2, 0xf6, 0xf0, 0x3d, 0xaf, 0xdd, 0x75, 0x91, 0x33, 0x19, 0x1d, 0x1c, 0x40, 0xcb,
- 0x74, 0x24, 0x19, 0x21, 0x93, 0xd9, 0x14, 0xfe, 0xac, 0x2a, 0x52, 0xc7, 0x8f, 0xd5, 0x04, 0x49,
- 0xe4, 0x8d, 0x63, 0x47, 0x88, 0x3c, 0x69, 0x83, 0xcb, 0xfe, 0x47, 0xbd, 0x2b, 0x7e, 0x4f, 0xc5,
- 0x95, 0xae, 0x0e, 0x9d, 0xd4, 0xd1, 0x43, 0xc0, 0x67, 0x73, 0xe3, 0x14, 0x08, 0x7e, 0xe5, 0x3f,
- 0x9f, 0x73, 0xb8, 0x33, 0x0a, 0xcf, 0x5d, 0x3f, 0x34, 0x87, 0x96, 0x8a, 0xee, 0x53, 0xe8, 0x25,
- 0x15, 0x02, 0x03, 0x01, 0x00, 0x01
-};
-
-static const char test_text[] = "This is the file text";
-
-static const char test_eku_server_and_client[] = {
- 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
- 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
-};
-
-static const char test_eku_server[] = {
- 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
-};
-
-static const char test_eku_email[] = {
- 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x04
-};
-
-static const char test_eku_none[] = {
- 0x30, 0x00,
-};
-
-void test_check_file_msg (const char *file,
- int line,
- const char *function,
- const char *directory,
- const char *filename,
- const char *reference);
-
-void test_check_data_msg (const char *file,
- int line,
- const char *function,
- const char *directory,
- const char *filename,
- const void *refdata,
- long reflen);
-
-#ifdef OS_UNIX
-
-void test_check_symlink_msg (const char *file,
- int line,
- const char *function,
- const char *directory,
- const char *name,
- const char *destination);
-
-#endif /* OS_UNIX */
-
-p11_dict * test_check_directory_files (const char *file,
- ...) GNUC_NULL_TERMINATED;
-
-void test_check_directory_msg (const char *file,
- int line,
- const char *function,
- const char *directory,
- p11_dict *files);
-
-#define test_check_file(directory, name, reference) \
- (test_check_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, reference))
-
-#define test_check_data(directory, name, data, length) \
- (test_check_data_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, data, length))
-
-#ifdef OS_UNIX
-
-#define test_check_symlink(directory, name, destination) \
- (test_check_symlink_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, destination))
-
-#endif /* OS_UNIX */
-
-#define test_check_directory(directory, files) \
- (test_check_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory, \
- test_check_directory_files files))
-
-#endif /* TEST_DATA_H_ */
diff --git a/trust/test-utf8.c b/trust/test-utf8.c
deleted file mode 100644
index 9b2c3d5..0000000
--- a/trust/test-utf8.c
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "utf8.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
-
-static void
-test_ucs2be (void)
-{
- char *output;
- size_t length;
- int i;
-
- struct {
- const char *output;
- size_t output_len;
- const unsigned char input[100];
- size_t input_len;
- } fixtures[] = {
- { "This is a test", 14,
- { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, 's', 0x00, ' ', 0x00, 'i', 0x00, 's', 0x00, ' ',
- 0x00, 'a', 0x00, ' ', 0x00, 't', 0x00, 'e', 0x00, 's', 0x00, 't' }, 28,
- },
- { "V\303\266gel", 6,
- { 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 10,
- },
- { "M\303\244nwich \340\264\205", 12,
- { 0x00, 'M', 0x00, 0xE4, 0x00, 'n', 0x00, 'w', 0x00, 'i', 0x00, 'c', 0x00, 'h',
- 0x00, ' ', 0x0D, 0x05 }, 18,
- }
- };
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- output = p11_utf8_for_ucs2be (fixtures[i].input,
- fixtures[i].input_len,
- &length);
-
- assert_num_eq (fixtures[i].output_len, length);
- assert_str_eq (fixtures[i].output, output);
- free (output);
- }
-}
-
-static void
-test_ucs2be_fail (void)
-{
- char *output;
- size_t length;
- int i;
-
- struct {
- const unsigned char input[100];
- size_t input_len;
- } fixtures[] = {
- { { 0x00, 'T', 0x00, 'h', 0x00, 'i', 0x00, }, 7 /* truncated */ }
- };
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- output = p11_utf8_for_ucs2be (fixtures[i].input,
- fixtures[i].input_len,
- &length);
- assert_ptr_eq (NULL, output);
- }
-}
-
-static void
-test_ucs4be (void)
-{
- char *output;
- size_t length;
- int i;
-
- struct {
- const char *output;
- size_t output_len;
- const unsigned char input[100];
- size_t input_len;
- } fixtures[] = {
- { "This is a test", 14,
- { 0x00, 0x00, 0x00, 'T',
- 0x00, 0x00, 0x00, 'h',
- 0x00, 0x00, 0x00, 'i',
- 0x00, 0x00, 0x00, 's',
- 0x00, 0x00, 0x00, ' ',
- 0x00, 0x00, 0x00, 'i',
- 0x00, 0x00, 0x00, 's',
- 0x00, 0x00, 0x00, ' ',
- 0x00, 0x00, 0x00, 'a',
- 0x00, 0x00, 0x00, ' ',
- 0x00, 0x00, 0x00, 't',
- 0x00, 0x00, 0x00, 'e',
- 0x00, 0x00, 0x00, 's',
- 0x00, 0x00, 0x00, 't',
- }, 56,
- },
- { "Fun \360\220\214\231", 8,
- { 0x00, 0x00, 0x00, 'F',
- 0x00, 0x00, 0x00, 'u',
- 0x00, 0x00, 0x00, 'n',
- 0x00, 0x00, 0x00, ' ',
- 0x00, 0x01, 0x03, 0x19, /* U+10319: looks like an antenna */
- }, 20,
- }
- };
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- output = p11_utf8_for_ucs4be (fixtures[i].input,
- fixtures[i].input_len,
- &length);
-
- assert_num_eq (fixtures[i].output_len, length);
- assert_str_eq (fixtures[i].output, output);
-
- free (output);
- }
-}
-
-static void
-test_ucs4be_fail (void)
-{
- char *output;
- size_t length;
- int i;
-
- struct {
- const unsigned char input[100];
- size_t input_len;
- } fixtures[] = {
- { { 0x00, 0x00, 'T',
- }, 7 /* truncated */ },
- { { 0x00, 0x00, 0x00, 'F',
- 0x00, 0x00, 0x00, 'u',
- 0x00, 0x00, 0x00, 'n',
- 0x00, 0x00, 0x00, ' ',
- 0xD8, 0x00, 0xDF, 0x19,
- }, 20,
- }
- };
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- output = p11_utf8_for_ucs4be (fixtures[i].input,
- fixtures[i].input_len,
- &length);
- assert_ptr_eq (NULL, output);
- }
-}
-
-static void
-test_utf8 (void)
-{
- bool ret;
- int i;
-
- struct {
- const char *input;
- size_t input_len;
- } fixtures[] = {
- { "This is a test", 14 },
- { "Good news everyone", -1 },
- { "Fun \360\220\214\231", -1 },
- { "Fun invalid here: \xfe", 4 }, /* but limited length */
- { "V\303\266gel", 6, },
- };
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- ret = p11_utf8_validate (fixtures[i].input,
- fixtures[i].input_len);
- assert_num_eq (true, ret);
- }
-}
-
-static void
-test_utf8_fail (void)
-{
- bool ret;
- int i;
-
- struct {
- const char *input;
- size_t input_len;
- } fixtures[] = {
- { "This is a test\x80", 15 },
- { "Good news everyone\x88", -1 },
- { "Bad \xe0v following chars should be |0x80", -1 },
- { "Truncated \xe0", -1 },
- };
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- ret = p11_utf8_validate (fixtures[i].input,
- fixtures[i].input_len);
- assert_num_eq (false, ret);
- }
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_test (test_ucs2be, "/utf8/ucs2be");
- p11_test (test_ucs2be_fail, "/utf8/ucs2be_fail");
- p11_test (test_ucs4be, "/utf8/ucs4be");
- p11_test (test_ucs4be_fail, "/utf8/ucs4be_fail");
- p11_test (test_utf8, "/utf8/utf8");
- p11_test (test_utf8_fail, "/utf8/utf8_fail");
- return p11_test_run (argc, argv);
-}
diff --git a/trust/test-x509.c b/trust/test-x509.c
deleted file mode 100644
index 9f7d258..0000000
--- a/trust/test-x509.c
+++ /dev/null
@@ -1,416 +0,0 @@
-/*
- * Copyright (c) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@gnome.org>
- */
-
-#include "config.h"
-#include "test.h"
-
-#include "asn1.h"
-#include "debug.h"
-#include "oid.h"
-#include "x509.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#define ELEMS(x) (sizeof (x) / sizeof (x[0]))
-
-struct {
- p11_dict *asn1_defs;
-} test;
-
-static void
-setup (void *unused)
-{
- test.asn1_defs = p11_asn1_defs_load ();
- assert_ptr_not_null (test.asn1_defs);
-}
-
-static void
-teardown (void *unused)
-{
- p11_dict_free (test.asn1_defs);
- memset (&test, 0, sizeof (test));
-}
-
-static const char test_ku_ds_and_np[] = {
- 0x03, 0x03, 0x07, 0xc0, 0x00,
-};
-
-static const char test_ku_none[] = {
- 0x03, 0x03, 0x07, 0x00, 0x00,
-};
-
-static const char test_ku_cert_crl_sign[] = {
- 0x03, 0x03, 0x07, 0x06, 0x00,
-};
-
-static const char test_eku_server_and_client[] = {
- 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06,
- 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
-};
-
-static const char test_eku_none[] = {
- 0x30, 0x00,
-};
-
-static const char test_eku_client_email_and_timestamp[] = {
- 0x30, 0x1e, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x06, 0x08, 0x2b, 0x06,
- 0x01, 0x05, 0x05, 0x07, 0x03, 0x04, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x08,
-};
-
-static const unsigned char test_cacert3_ca_der[] = {
- 0x30, 0x82, 0x07, 0x59, 0x30, 0x82, 0x05, 0x41, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x0a,
- 0x41, 0x8a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05,
- 0x00, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f,
- 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15,
- 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72,
- 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19,
- 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20,
- 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a,
- 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12, 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72,
- 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x1e, 0x17, 0x0d,
- 0x31, 0x31, 0x30, 0x35, 0x32, 0x33, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x17, 0x0d, 0x32,
- 0x31, 0x30, 0x35, 0x32, 0x30, 0x31, 0x37, 0x34, 0x38, 0x30, 0x32, 0x5a, 0x30, 0x54, 0x31, 0x14,
- 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0b, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x20,
- 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x1e, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68,
- 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74,
- 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x43,
- 0x41, 0x63, 0x65, 0x72, 0x74, 0x20, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x33, 0x20, 0x52, 0x6f,
- 0x6f, 0x74, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
- 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82,
- 0x02, 0x01, 0x00, 0xab, 0x49, 0x35, 0x11, 0x48, 0x7c, 0xd2, 0x26, 0x7e, 0x53, 0x94, 0xcf, 0x43,
- 0xa9, 0xdd, 0x28, 0xd7, 0x42, 0x2a, 0x8b, 0xf3, 0x87, 0x78, 0x19, 0x58, 0x7c, 0x0f, 0x9e, 0xda,
- 0x89, 0x7d, 0xe1, 0xfb, 0xeb, 0x72, 0x90, 0x0d, 0x74, 0xa1, 0x96, 0x64, 0xab, 0x9f, 0xa0, 0x24,
- 0x99, 0x73, 0xda, 0xe2, 0x55, 0x76, 0xc7, 0x17, 0x7b, 0xf5, 0x04, 0xac, 0x46, 0xb8, 0xc3, 0xbe,
- 0x7f, 0x64, 0x8d, 0x10, 0x6c, 0x24, 0xf3, 0x61, 0x9c, 0xc0, 0xf2, 0x90, 0xfa, 0x51, 0xe6, 0xf5,
- 0x69, 0x01, 0x63, 0xc3, 0x0f, 0x56, 0xe2, 0x4a, 0x42, 0xcf, 0xe2, 0x44, 0x8c, 0x25, 0x28, 0xa8,
- 0xc5, 0x79, 0x09, 0x7d, 0x46, 0xb9, 0x8a, 0xf3, 0xe9, 0xf3, 0x34, 0x29, 0x08, 0x45, 0xe4, 0x1c,
- 0x9f, 0xcb, 0x94, 0x04, 0x1c, 0x81, 0xa8, 0x14, 0xb3, 0x98, 0x65, 0xc4, 0x43, 0xec, 0x4e, 0x82,
- 0x8d, 0x09, 0xd1, 0xbd, 0xaa, 0x5b, 0x8d, 0x92, 0xd0, 0xec, 0xde, 0x90, 0xc5, 0x7f, 0x0a, 0xc2,
- 0xe3, 0xeb, 0xe6, 0x31, 0x5a, 0x5e, 0x74, 0x3e, 0x97, 0x33, 0x59, 0xe8, 0xc3, 0x03, 0x3d, 0x60,
- 0x33, 0xbf, 0xf7, 0xd1, 0x6f, 0x47, 0xc4, 0xcd, 0xee, 0x62, 0x83, 0x52, 0x6e, 0x2e, 0x08, 0x9a,
- 0xa4, 0xd9, 0x15, 0x18, 0x91, 0xa6, 0x85, 0x92, 0x47, 0xb0, 0xae, 0x48, 0xeb, 0x6d, 0xb7, 0x21,
- 0xec, 0x85, 0x1a, 0x68, 0x72, 0x35, 0xab, 0xff, 0xf0, 0x10, 0x5d, 0xc0, 0xf4, 0x94, 0xa7, 0x6a,
- 0xd5, 0x3b, 0x92, 0x7e, 0x4c, 0x90, 0x05, 0x7e, 0x93, 0xc1, 0x2c, 0x8b, 0xa4, 0x8e, 0x62, 0x74,
- 0x15, 0x71, 0x6e, 0x0b, 0x71, 0x03, 0xea, 0xaf, 0x15, 0x38, 0x9a, 0xd4, 0xd2, 0x05, 0x72, 0x6f,
- 0x8c, 0xf9, 0x2b, 0xeb, 0x5a, 0x72, 0x25, 0xf9, 0x39, 0x46, 0xe3, 0x72, 0x1b, 0x3e, 0x04, 0xc3,
- 0x64, 0x27, 0x22, 0x10, 0x2a, 0x8a, 0x4f, 0x58, 0xa7, 0x03, 0xad, 0xbe, 0xb4, 0x2e, 0x13, 0xed,
- 0x5d, 0xaa, 0x48, 0xd7, 0xd5, 0x7d, 0xd4, 0x2a, 0x7b, 0x5c, 0xfa, 0x46, 0x04, 0x50, 0xe4, 0xcc,
- 0x0e, 0x42, 0x5b, 0x8c, 0xed, 0xdb, 0xf2, 0xcf, 0xfc, 0x96, 0x93, 0xe0, 0xdb, 0x11, 0x36, 0x54,
- 0x62, 0x34, 0x38, 0x8f, 0x0c, 0x60, 0x9b, 0x3b, 0x97, 0x56, 0x38, 0xad, 0xf3, 0xd2, 0x5b, 0x8b,
- 0xa0, 0x5b, 0xea, 0x4e, 0x96, 0xb8, 0x7c, 0xd7, 0xd5, 0xa0, 0x86, 0x70, 0x40, 0xd3, 0x91, 0x29,
- 0xb7, 0xa2, 0x3c, 0xad, 0xf5, 0x8c, 0xbb, 0xcf, 0x1a, 0x92, 0x8a, 0xe4, 0x34, 0x7b, 0xc0, 0xd8,
- 0x6c, 0x5f, 0xe9, 0x0a, 0xc2, 0xc3, 0xa7, 0x20, 0x9a, 0x5a, 0xdf, 0x2c, 0x5d, 0x52, 0x5c, 0xba,
- 0x47, 0xd5, 0x9b, 0xef, 0x24, 0x28, 0x70, 0x38, 0x20, 0x2f, 0xd5, 0x7f, 0x29, 0xc0, 0xb2, 0x41,
- 0x03, 0x68, 0x92, 0xcc, 0xe0, 0x9c, 0xcc, 0x97, 0x4b, 0x45, 0xef, 0x3a, 0x10, 0x0a, 0xab, 0x70,
- 0x3a, 0x98, 0x95, 0x70, 0xad, 0x35, 0xb1, 0xea, 0x85, 0x2b, 0xa4, 0x1c, 0x80, 0x21, 0x31, 0xa9,
- 0xae, 0x60, 0x7a, 0x80, 0x26, 0x48, 0x00, 0xb8, 0x01, 0xc0, 0x93, 0x63, 0x55, 0x22, 0x91, 0x3c,
- 0x56, 0xe7, 0xaf, 0xdb, 0x3a, 0x25, 0xf3, 0x8f, 0x31, 0x54, 0xea, 0x26, 0x8b, 0x81, 0x59, 0xf9,
- 0xa1, 0xd1, 0x53, 0x11, 0xc5, 0x7b, 0x9d, 0x03, 0xf6, 0x74, 0x11, 0xe0, 0x6d, 0xb1, 0x2c, 0x3f,
- 0x2c, 0x86, 0x91, 0x99, 0x71, 0x9a, 0xa6, 0x77, 0x8b, 0x34, 0x60, 0xd1, 0x14, 0xb4, 0x2c, 0xac,
- 0x9d, 0xaf, 0x8c, 0x10, 0xd3, 0x9f, 0xc4, 0x6a, 0xf8, 0x6f, 0x13, 0xfc, 0x73, 0x59, 0xf7, 0x66,
- 0x42, 0x74, 0x1e, 0x8a, 0xe3, 0xf8, 0xdc, 0xd2, 0x6f, 0x98, 0x9c, 0xcb, 0x47, 0x98, 0x95, 0x40,
- 0x05, 0xfb, 0xe9, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x02, 0x0d, 0x30, 0x82, 0x02, 0x09,
- 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x75, 0xa8, 0x71, 0x60, 0x4c,
- 0x88, 0x13, 0xf0, 0x78, 0xd9, 0x89, 0x77, 0xb5, 0x6d, 0xc5, 0x89, 0xdf, 0xbc, 0xb1, 0x7a, 0x30,
- 0x81, 0xa3, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0x9b, 0x30, 0x81, 0x98, 0x80, 0x14, 0x16,
- 0xb5, 0x32, 0x1b, 0xd4, 0xc7, 0xf3, 0xe0, 0xe6, 0x8e, 0xf3, 0xbd, 0xd2, 0xb0, 0x3a, 0xee, 0xb2,
- 0x39, 0x18, 0xd1, 0xa1, 0x7d, 0xa4, 0x7b, 0x30, 0x79, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
- 0x04, 0x0a, 0x13, 0x07, 0x52, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1e, 0x30, 0x1c, 0x06,
- 0x03, 0x55, 0x04, 0x0b, 0x13, 0x15, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77,
- 0x2e, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x31, 0x22, 0x30, 0x20, 0x06,
- 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x43, 0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x53, 0x69,
- 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31,
- 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x12,
- 0x73, 0x75, 0x70, 0x70, 0x6f, 0x72, 0x74, 0x40, 0x63, 0x61, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f,
- 0x72, 0x67, 0x82, 0x01, 0x00, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04,
- 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x5d, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
- 0x01, 0x01, 0x04, 0x51, 0x30, 0x4f, 0x30, 0x23, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07,
- 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e,
- 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x30, 0x28, 0x06, 0x08, 0x2b,
- 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x1c, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
- 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x63,
- 0x61, 0x2e, 0x63, 0x72, 0x74, 0x30, 0x4a, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x43, 0x30, 0x41,
- 0x30, 0x3f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x90, 0x4a, 0x30, 0x33, 0x30, 0x31,
- 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x25, 0x68, 0x74, 0x74, 0x70,
- 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72,
- 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68, 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31,
- 0x30, 0x30, 0x34, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x01, 0x08, 0x04, 0x27,
- 0x16, 0x25, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43, 0x41, 0x63,
- 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x2e, 0x70, 0x68,
- 0x70, 0x3f, 0x69, 0x64, 0x3d, 0x31, 0x30, 0x30, 0x50, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86,
- 0xf8, 0x42, 0x01, 0x0d, 0x04, 0x43, 0x16, 0x41, 0x54, 0x6f, 0x20, 0x67, 0x65, 0x74, 0x20, 0x79,
- 0x6f, 0x75, 0x72, 0x20, 0x6f, 0x77, 0x6e, 0x20, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
- 0x61, 0x74, 0x65, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x46, 0x52, 0x45, 0x45, 0x2c, 0x20, 0x67, 0x6f,
- 0x20, 0x74, 0x6f, 0x20, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x43,
- 0x41, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48,
- 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x29, 0x28, 0x85,
- 0xae, 0x44, 0xa9, 0xb9, 0xaf, 0xa4, 0x79, 0x13, 0xf0, 0xa8, 0xa3, 0x2b, 0x97, 0x60, 0xf3, 0x5c,
- 0xee, 0xe3, 0x2f, 0xc1, 0xf6, 0xe2, 0x66, 0xa0, 0x11, 0xae, 0x36, 0x37, 0x3a, 0x76, 0x15, 0x04,
- 0x53, 0xea, 0x42, 0xf5, 0xf9, 0xea, 0xc0, 0x15, 0xd8, 0xa6, 0x82, 0xd9, 0xe4, 0x61, 0xae, 0x72,
- 0x0b, 0x29, 0x5c, 0x90, 0x43, 0xe8, 0x41, 0xb2, 0xe1, 0x77, 0xdb, 0x02, 0x13, 0x44, 0x78, 0x47,
- 0x55, 0xaf, 0x58, 0xfc, 0xcc, 0x98, 0xf6, 0x45, 0xb9, 0xd1, 0x20, 0xf8, 0xd8, 0x21, 0x07, 0xfe,
- 0x6d, 0xaa, 0x73, 0xd4, 0xb3, 0xc6, 0x07, 0xe9, 0x09, 0x85, 0xcc, 0x3b, 0xf2, 0xb6, 0xbe, 0x2c,
- 0x1c, 0x25, 0xd5, 0x71, 0x8c, 0x39, 0xb5, 0x2e, 0xea, 0xbe, 0x18, 0x81, 0xba, 0xb0, 0x93, 0xb8,
- 0x0f, 0xe3, 0xe6, 0xd7, 0x26, 0x8c, 0x31, 0x5a, 0x72, 0x03, 0x84, 0x52, 0xe6, 0xa6, 0xf5, 0x33,
- 0x22, 0x45, 0x0a, 0xc8, 0x0b, 0x0d, 0x8a, 0xb8, 0x36, 0x6f, 0x90, 0x09, 0xa1, 0xab, 0xbd, 0xd7,
- 0xd5, 0x4e, 0x2e, 0x71, 0xa2, 0xd4, 0xae, 0xfa, 0xa7, 0x54, 0x2b, 0xeb, 0x35, 0x8d, 0x5a, 0xb7,
- 0x54, 0x88, 0x2f, 0xee, 0x74, 0x9f, 0xed, 0x48, 0x16, 0xca, 0x0d, 0x48, 0xd0, 0x94, 0xd3, 0xac,
- 0xa4, 0xa2, 0xf6, 0x24, 0xdf, 0x92, 0xe3, 0xbd, 0xeb, 0x43, 0x40, 0x91, 0x6e, 0x1c, 0x18, 0x8e,
- 0x56, 0xb4, 0x82, 0x12, 0xf3, 0xa9, 0x93, 0x9f, 0xd4, 0xbc, 0x9c, 0xad, 0x9c, 0x75, 0xee, 0x5a,
- 0x97, 0x1b, 0x95, 0xe7, 0x74, 0x2d, 0x1c, 0x0f, 0xb0, 0x2c, 0x97, 0x9f, 0xfb, 0xa9, 0x33, 0x39,
- 0x7a, 0xe7, 0x03, 0x3a, 0x92, 0x8e, 0x22, 0xf6, 0x8c, 0x0d, 0xe4, 0xd9, 0x7e, 0x0d, 0x76, 0x18,
- 0xf7, 0x01, 0xf9, 0xef, 0x96, 0x96, 0xa2, 0x55, 0x73, 0xc0, 0x3c, 0x71, 0xb4, 0x1d, 0x1a, 0x56,
- 0x43, 0xb7, 0xc3, 0x0a, 0x8d, 0x72, 0xfc, 0xe2, 0x10, 0x09, 0x0b, 0x41, 0xce, 0x8c, 0x94, 0xa0,
- 0xf9, 0x03, 0xfd, 0x71, 0x73, 0x4b, 0x8a, 0x57, 0x33, 0xe5, 0x8e, 0x74, 0x7e, 0x15, 0x01, 0x00,
- 0xe6, 0xcc, 0x4a, 0x1c, 0xe7, 0x7f, 0x95, 0x19, 0x2d, 0xc5, 0xa5, 0x0c, 0x8b, 0xbb, 0xb5, 0xed,
- 0x85, 0xb3, 0x5c, 0xd3, 0xdf, 0xb8, 0xb9, 0xf2, 0xca, 0xc7, 0x0d, 0x01, 0x14, 0xac, 0x70, 0x58,
- 0xc5, 0x8c, 0x8d, 0x33, 0xd4, 0x9d, 0x66, 0xa3, 0x1a, 0x50, 0x95, 0x23, 0xfc, 0x48, 0xe0, 0x06,
- 0x43, 0x12, 0xd9, 0xcd, 0xa7, 0x86, 0x39, 0x2f, 0x36, 0x72, 0xa3, 0x80, 0x10, 0xe4, 0xe1, 0xf3,
- 0xd1, 0xcb, 0x5b, 0x1a, 0xc0, 0xe4, 0x80, 0x9a, 0x7c, 0x13, 0x73, 0x06, 0x4f, 0xdb, 0xa3, 0x6b,
- 0x24, 0x0a, 0xba, 0xb3, 0x1c, 0xbc, 0x4a, 0x78, 0xbb, 0xe5, 0xe3, 0x75, 0x38, 0xa5, 0x48, 0xa7,
- 0xa2, 0x1e, 0xaf, 0x76, 0xd4, 0x5e, 0xf7, 0x38, 0x86, 0x56, 0x5a, 0x89, 0xce, 0xd6, 0xc3, 0xa7,
- 0x79, 0xb2, 0x52, 0xa0, 0xc6, 0xf1, 0x85, 0xb4, 0x25, 0x8c, 0xf2, 0x3f, 0x96, 0xb3, 0x10, 0xd9,
- 0x8d, 0x6c, 0x57, 0x3b, 0x9f, 0x6f, 0x86, 0x3a, 0x18, 0x82, 0x22, 0x36, 0xc8, 0xb0, 0x91, 0x38,
- 0xdb, 0x2a, 0xa1, 0x93, 0xaa, 0x84, 0x3f, 0xf5, 0x27, 0x65, 0xae, 0x73, 0xd5, 0xc8, 0xd5, 0xd3,
- 0x77, 0xea, 0x4b, 0x9d, 0xc7, 0x41, 0xbb, 0xc7, 0xc0, 0xe3, 0xa0, 0x3f, 0xe4, 0x7d, 0xa4, 0x8d,
- 0x73, 0xe6, 0x12, 0x4b, 0xdf, 0xa1, 0x73, 0x73, 0x73, 0x3a, 0x80, 0xe8, 0xd5, 0xcb, 0x8e, 0x2f,
- 0xcb, 0xea, 0x13, 0xa7, 0xd6, 0x41, 0x8b, 0xac, 0xfa, 0x3c, 0x89, 0xd7, 0x24, 0xf5, 0x4e, 0xb4,
- 0xe0, 0x61, 0x92, 0xb7, 0xf3, 0x37, 0x98, 0xc4, 0xbe, 0x96, 0xa3, 0xb7, 0x8a,
-};
-
-struct {
- const char *eku;
- size_t length;
- const char *expected[16];
-} extended_key_usage_fixtures[] = {
- { test_eku_server_and_client, sizeof (test_eku_server_and_client),
- { P11_OID_SERVER_AUTH_STR, P11_OID_CLIENT_AUTH_STR, NULL }, },
- { test_eku_none, sizeof (test_eku_none),
- { NULL, }, },
- { test_eku_client_email_and_timestamp, sizeof (test_eku_client_email_and_timestamp),
- { P11_OID_CLIENT_AUTH_STR, P11_OID_EMAIL_PROTECTION_STR, P11_OID_TIME_STAMPING_STR }, },
- { NULL },
-};
-
-static void
-test_parse_extended_key_usage (void)
-{
- p11_array *ekus;
- int i, j, count;
-
- for (i = 0; extended_key_usage_fixtures[i].eku != NULL; i++) {
- ekus = p11_x509_parse_extended_key_usage (test.asn1_defs,
- (const unsigned char *)extended_key_usage_fixtures[i].eku,
- extended_key_usage_fixtures[i].length);
- assert_ptr_not_null (ekus);
-
- for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++);
-
- assert_num_eq (count, ekus->num);
- for (j = 0; j < count; j++)
- assert_str_eq (ekus->elem[j], extended_key_usage_fixtures[i].expected[j]);
-
- p11_array_free (ekus);
- }
-}
-
-struct {
- const char *ku;
- size_t length;
- unsigned int expected;
-} key_usage_fixtures[] = {
- { test_ku_ds_and_np, sizeof (test_ku_ds_and_np), P11_KU_DIGITAL_SIGNATURE | P11_KU_NON_REPUDIATION },
- { test_ku_none, sizeof (test_ku_none), 0 },
- { test_ku_cert_crl_sign, sizeof (test_ku_cert_crl_sign), P11_KU_KEY_CERT_SIGN | P11_KU_CRL_SIGN },
- { NULL },
-};
-
-static void
-test_parse_key_usage (void)
-{
- unsigned int ku;
- int i;
- bool ret;
-
- for (i = 0; key_usage_fixtures[i].ku != NULL; i++) {
- ku = 0;
-
- ret = p11_x509_parse_key_usage (test.asn1_defs,
- (const unsigned char *)key_usage_fixtures[i].ku,
- key_usage_fixtures[i].length, &ku);
- assert_num_eq (true, ret);
-
- assert_num_eq (key_usage_fixtures[i].expected, ku);
- }
-}
-
-static void
-test_parse_extension (void)
-{
- node_asn *cert;
- unsigned char *ext;
- size_t length;
- bool is_ca;
-
- cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate",
- test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
- assert_ptr_not_null (cert);
-
- ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS,
- test_cacert3_ca_der, sizeof (test_cacert3_ca_der),
- &length);
- assert_ptr_not_null (ext);
- assert (length > 0);
-
- asn1_delete_structure (&cert);
-
- if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca))
- assert_fail ("failed to parse message", "basic constraints");
-
- free (ext);
-}
-static void
-test_parse_extension_not_found (void)
-{
- node_asn *cert;
- unsigned char *ext;
- size_t length;
-
- cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate",
- test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
- assert_ptr_not_null (cert);
-
- ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT,
- test_cacert3_ca_der, sizeof (test_cacert3_ca_der),
- &length);
- assert_ptr_eq (NULL, ext);
-
- asn1_delete_structure (&cert);
-}
-
-static void
-test_directory_string (void)
-{
- struct {
- unsigned char input[100];
- int input_len;
- char *output;
- int output_len;
- } fixtures[] = {
- /* UTF8String */
- { { 0x0c, 0x0f, 0xc3, 0x84, ' ', 'U', 'T', 'F', '8', ' ', 's', 't', 'r', 'i', 'n', 'g', ' ', }, 17,
- "\xc3\x84 UTF8 string ", 15,
- },
-
- /* NumericString */
- { { 0x12, 0x04, '0', '1', '2', '3', }, 6,
- "0123", 4,
- },
-
- /* IA5String */
- { { 0x16, 0x04, ' ', 'A', 'B', ' ', }, 6,
- " AB ", 4
- },
-
- /* TeletexString */
- { { 0x14, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
- "A nice", 7
- },
-
- /* PrintableString */
- { { 0x13, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }, 9,
- "A nice", 7,
- },
-
- /* UniversalString */
- { { 0x1c, 0x14, 0x00, 0x00, 0x00, 'F', 0x00, 0x00, 0x00, 'u',
- 0x00, 0x00, 0x00, 'n', 0x00, 0x00, 0x00, ' ', 0x00, 0x01, 0x03, 0x19, }, 22,
- "Fun \xf0\x90\x8c\x99", 8
- },
-
- /* BMPString */
- { { 0x1e, 0x0a, 0x00, 'V', 0x00, 0xF6, 0x00, 'g', 0x00, 'e', 0x00, 'l' }, 12,
- "V\xc3\xb6gel", 6
- },
- };
-
- char *string;
- bool unknown;
- size_t length;
- int i;
-
- for (i = 0; i < ELEMS (fixtures); i++) {
- string = p11_x509_parse_directory_string (fixtures[i].input,
- fixtures[i].input_len,
- &unknown, &length);
- assert_ptr_not_null (string);
- assert_num_eq (false, unknown);
-
- assert_num_eq (fixtures[i].output_len, length);
- assert_str_eq (fixtures[i].output, string);
- free (string);
- }
-}
-
-static void
-test_directory_string_unknown (void)
-{
- /* Not a valid choice in DirectoryString */
- unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' };
- char *string;
- bool unknown = false;
- size_t length;
-
- string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length);
- assert_ptr_eq (NULL, string);
- assert_num_eq (true, unknown);
-}
-
-int
-main (int argc,
- char *argv[])
-{
- p11_fixture (setup, teardown);
- p11_test (test_parse_extended_key_usage, "/x509/parse-extended-key-usage");
- p11_test (test_parse_key_usage, "/x509/parse-key-usage");
- p11_test (test_parse_extension, "/x509/parse-extension");
- p11_test (test_parse_extension_not_found, "/x509/parse-extension-not-found");
-
- p11_fixture (NULL, NULL);
- p11_test (test_directory_string, "/x509/directory-string");
- p11_test (test_directory_string_unknown, "/x509/directory-string-unknown");
- return p11_test_run (argc, argv);
-}
diff --git a/trust/token.c b/trust/token.c
deleted file mode 100644
index 47b80d8..0000000
--- a/trust/token.c
+++ /dev/null
@@ -1,909 +0,0 @@
-/*
- * Copyright (C) 2012-2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "asn1.h"
-#include "attrs.h"
-#include "builder.h"
-#include "compat.h"
-#include "constants.h"
-#define P11_DEBUG_FLAG P11_DEBUG_TRUST
-#include "debug.h"
-#include "errno.h"
-#include "message.h"
-#include "module.h"
-#include "parser.h"
-#include "path.h"
-#include "persist.h"
-#include "pkcs11.h"
-#include "pkcs11x.h"
-#include "save.h"
-#include "token.h"
-
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include <assert.h>
-#include <dirent.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-struct _p11_token {
- p11_parser *parser; /* Parser we use to load files */
- p11_index *index; /* Index we load objects into */
- p11_builder *builder; /* Expands objects and applies policy */
- p11_dict *loaded; /* stat structs for loaded files, track reloads */
-
- char *path; /* Main path to load from */
- char *anchors; /* Path to load anchors from */
- char *blacklist; /* Path to load blacklist from */
- char *label; /* The token label */
- CK_SLOT_ID slot; /* The slot id */
-
- bool checked_path;
- bool is_writable;
- bool make_directory;
-};
-
-static bool
-loader_is_necessary (p11_token *token,
- const char *filename,
- struct stat *sb)
-{
- struct stat *last;
-
- last = p11_dict_get (token->loaded, filename);
-
- /* Never seen this before, load it */
- if (last == NULL)
- return true;
-
- /*
- * If any of these are different assume that the file
- * needs to be reloaded
- */
- return (sb->st_mode != last->st_mode ||
- sb->st_mtime != last->st_mtime ||
- sb->st_size != last->st_size);
-}
-
-static void
-loader_was_loaded (p11_token *token,
- const char *filename,
- struct stat *sb)
-{
- char *key;
-
- key = strdup (filename);
- return_if_fail (key != NULL);
-
- sb = memdup (sb, sizeof (struct stat));
- return_if_fail (sb != NULL);
-
- /* Track the info about this file, so we don't reload unnecessarily */
- if (!p11_dict_set (token->loaded, key, sb))
- return_if_reached ();
-}
-
-static bool
-loader_not_loaded (p11_token *token,
- const char *filename)
-{
- /* No longer track info about this file */
- return p11_dict_remove (token->loaded, filename);
-}
-
-static void
-loader_gone_file (p11_token *token,
- const char *filename)
-{
- CK_ATTRIBUTE origin[] = {
- { CKA_X_ORIGIN, (void *)filename, strlen (filename) },
- { CKA_INVALID },
- };
-
- CK_RV rv;
-
- p11_index_load (token->index);
-
- /* Remove everything at this origin */
- rv = p11_index_replace_all (token->index, origin, CKA_INVALID, NULL);
- return_if_fail (rv == CKR_OK);
-
- p11_index_finish (token->index);
-
- /* No longer track info about this file */
- loader_not_loaded (token, filename);
-}
-
-static int
-loader_load_file (p11_token *token,
- const char *filename,
- struct stat *sb)
-{
- CK_ATTRIBUTE origin[] = {
- { CKA_X_ORIGIN, (void *)filename, strlen (filename) },
- { CKA_INVALID },
- };
-
- p11_array *parsed;
- CK_RV rv;
- int flags;
- int ret;
- int i;
-
- /* Check if this file is already loaded */
- if (!loader_is_necessary (token, filename, sb))
- return 0;
-
- flags = P11_PARSE_FLAG_NONE;
-
- /* If it's in the anchors subdirectory, treat as an anchor */
- if (p11_path_prefix (filename, token->anchors))
- flags = P11_PARSE_FLAG_ANCHOR;
-
- /* If it's in the blacklist subdirectory, treat as a blacklist */
- else if (p11_path_prefix (filename, token->blacklist))
- flags = P11_PARSE_FLAG_BLACKLIST;
-
- /* If the token is just one path, then assume they are anchors */
- else if (strcmp (filename, token->path) == 0 && !S_ISDIR (sb->st_mode))
- flags = P11_PARSE_FLAG_ANCHOR;
-
- ret = p11_parse_file (token->parser, filename, sb, flags);
-
- switch (ret) {
- case P11_PARSE_SUCCESS:
- p11_debug ("loaded: %s", filename);
- break;
- case P11_PARSE_UNRECOGNIZED:
- p11_debug ("skipped: %s", filename);
- loader_gone_file (token, filename);
- return 0;
- default:
- p11_debug ("failed to parse: %s", filename);
- loader_gone_file (token, filename);
- return 0;
- }
-
- /* Update each parsed object with the origin */
- parsed = p11_parser_parsed (token->parser);
- for (i = 0; i < parsed->num; i++) {
- parsed->elem[i] = p11_attrs_build (parsed->elem[i], origin, NULL);
- return_val_if_fail (parsed->elem[i] != NULL, 0);
- }
-
- p11_index_load (token->index);
-
- /* Now place all of these in the index */
- rv = p11_index_replace_all (token->index, origin, CKA_CLASS, parsed);
-
- p11_index_finish (token->index);
-
- if (rv != CKR_OK) {
- p11_message ("couldn't load file into objects: %s", filename);
- return 0;
- }
-
- loader_was_loaded (token, filename, sb);
- return 1;
-}
-
-static int
-loader_load_if_file (p11_token *token,
- const char *path)
-{
- struct stat sb;
-
- if (stat (path, &sb) < 0) {
- if (errno != ENOENT)
- p11_message_err (errno, "couldn't stat path: %d: %s", errno, path);
-
- } else if (!S_ISDIR (sb.st_mode)) {
- return loader_load_file (token, path, &sb);
- }
-
- /* Perhaps the file became unloadable, so track properly */
- loader_gone_file (token, path);
- return 0;
-}
-
-static int
-loader_load_directory (p11_token *token,
- const char *directory,
- p11_dict *present)
-{
- p11_dictiter iter;
- struct dirent *dp;
- char *path;
- int total = 0;
- int ret;
- DIR *dir;
-
- /* First we load all the modules */
- dir = opendir (directory);
- if (!dir) {
- p11_message_err (errno, "couldn't list directory: %s", directory);
- loader_not_loaded (token, directory);
- return 0;
- }
-
- while ((dp = readdir (dir)) != NULL) {
- path = p11_path_build (directory, dp->d_name, NULL);
- return_val_if_fail (path != NULL, -1);
-
- ret = loader_load_if_file (token, path);
- return_val_if_fail (ret >=0, -1);
- total += ret;
-
- /* Make note that this file was seen */
- p11_dict_remove (present, path);
-
- free (path);
- }
-
- closedir (dir);
-
- /* All other files that were present, not here now */
- p11_dict_iterate (present, &iter);
- while (p11_dict_next (&iter, (void **)&path, NULL))
- loader_gone_file (token, path);
-
- return total;
-}
-
-static int
-loader_load_path (p11_token *token,
- const char *path,
- bool *is_dir)
-{
- p11_dictiter iter;
- p11_dict *present;
- char *filename;
- struct stat sb;
- int total;
- int ret;
-
- if (stat (path, &sb) < 0) {
- if (errno != ENOENT)
- p11_message_err (errno, "cannot access trust certificate path: %s", path);
- loader_gone_file (token, path);
- *is_dir = false;
- ret = 0;
-
- } else if (S_ISDIR (sb.st_mode)) {
- *is_dir = true;
- ret = 0;
-
- /* All the files we know about at this path */
- present = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
- p11_dict_iterate (token->loaded, &iter);
- while (p11_dict_next (&iter, (void **)&filename, NULL)) {
- if (p11_path_prefix (filename, path)) {
- if (!p11_dict_set (present, filename, filename))
- return_val_if_reached (-1);
- }
- }
-
- /* If the directory has changed, reload it */
- if (loader_is_necessary (token, path, &sb)) {
- ret = loader_load_directory (token, path, present);
-
- /* Directory didn't change, but maybe files changed? */
- } else {
- total = 0;
- p11_dict_iterate (present, &iter);
- while (p11_dict_next (&iter, (void **)&filename, NULL)) {
- ret = loader_load_if_file (token, filename);
- return_val_if_fail (ret >= 0, ret);
- total += ret;
- }
- }
-
- p11_dict_free (present);
- loader_was_loaded (token, path, &sb);
-
- } else {
- *is_dir = false;
- ret = loader_load_file (token, path, &sb);
- }
-
- return ret;
-}
-
-static int
-load_builtin_objects (p11_token *token)
-{
- CK_OBJECT_CLASS builtin = CKO_NSS_BUILTIN_ROOT_LIST;
- CK_BBOOL vtrue = CK_TRUE;
- CK_BBOOL vfalse = CK_FALSE;
- CK_RV rv;
-
- const char *trust_anchor_roots = "Trust Anchor Roots";
- CK_ATTRIBUTE builtin_root_list[] = {
- { CKA_CLASS, &builtin, sizeof (builtin) },
- { CKA_TOKEN, &vtrue, sizeof (vtrue) },
- { CKA_PRIVATE, &vfalse, sizeof (vfalse) },
- { CKA_MODIFIABLE, &vfalse, sizeof (vfalse) },
- { CKA_LABEL, (void *)trust_anchor_roots, strlen (trust_anchor_roots) },
- { CKA_INVALID },
- };
-
- p11_index_load (token->index);
- rv = p11_index_take (token->index, p11_attrs_dup (builtin_root_list), NULL);
- return_val_if_fail (rv == CKR_OK, 0);
- p11_index_finish (token->index);
- return 1;
-}
-
-int
-p11_token_load (p11_token *token)
-{
- int total = 0;
- bool is_dir;
- int ret;
-
- ret = loader_load_path (token, token->path, &is_dir);
- return_val_if_fail (ret >= 0, -1);
- total += ret;
-
- if (is_dir) {
- ret = loader_load_path (token, token->anchors, &is_dir);
- return_val_if_fail (ret >= 0, -1);
- total += ret;
-
- ret = loader_load_path (token, token->blacklist, &is_dir);
- return_val_if_fail (ret >= 0, -1);
- total += ret;
- }
-
- return total;
-}
-
-bool
-p11_token_reload (p11_token *token,
- CK_ATTRIBUTE *attrs)
-{
- CK_ATTRIBUTE *attr;
- struct stat sb;
- char *origin;
- bool ret;
-
- attr = p11_attrs_find (attrs, CKA_X_ORIGIN);
- if (attr == NULL)
- return false;
-
- origin = strndup (attr->pValue, attr->ulValueLen);
- return_val_if_fail (origin != NULL, false);
-
- if (stat (origin, &sb) < 0) {
- if (errno == ENOENT) {
- loader_gone_file (token, origin);
- } else {
- p11_message_err (errno, "cannot access trust file: %s", origin);
- }
- ret = false;
-
- } else {
- ret = loader_load_file (token, origin, &sb) > 0;
- }
-
- free (origin);
- return ret;
-}
-
-static bool
-check_directory (const char *path,
- bool *make_directory,
- bool *is_writable)
-{
- struct stat sb;
- char *parent;
- bool dummy;
- bool ret;
-
- /*
- * This function attempts to determine whether a later write
- * to this token will succeed so we can setup the appropriate
- * token flags. Yes, it is racy, but that's inherent to the problem.
- */
-
- if (stat (path, &sb) == 0) {
- *make_directory = false;
- *is_writable = S_ISDIR (sb.st_mode) && access (path, W_OK) == 0;
- return true;
- }
-
- switch (errno) {
- case EACCES:
- *is_writable = false;
- *make_directory = false;
- return true;
- case ENOENT:
- *make_directory = true;
- parent = p11_path_parent (path);
- if (parent == NULL)
- ret = false;
- else
- ret = check_directory (parent, &dummy, is_writable);
- free (parent);
- return ret;
- default:
- p11_message_err (errno, "couldn't access: %s", path);
- return false;
- }
-}
-
-static bool
-check_token_directory (p11_token *token)
-{
- if (!token->checked_path) {
- token->checked_path = check_directory (token->path,
- &token->make_directory,
- &token->is_writable);
- }
-
- return token->checked_path;
-}
-
-static bool
-writer_remove_origin (p11_token *token,
- CK_ATTRIBUTE *origin)
-{
- bool ret = true;
- char *path;
-
- path = strndup (origin->pValue, origin->ulValueLen);
- return_val_if_fail (path != NULL, false);
-
- if (unlink (path) < 0) {
- p11_message_err (errno, "couldn't remove file: %s", path);
- ret = false;
- }
-
- free (path);
- return ret;
-}
-
-static p11_save_file *
-writer_overwrite_origin (p11_token *token,
- CK_ATTRIBUTE *origin)
-{
- p11_save_file *file;
- char *path;
-
- path = strndup (origin->pValue, origin->ulValueLen);
- return_val_if_fail (path != NULL, NULL);
-
- file = p11_save_open_file (path, NULL, P11_SAVE_OVERWRITE);
- free (path);
-
- return file;
-}
-
-static char *
-writer_suggest_name (CK_ATTRIBUTE *attrs)
-{
- CK_ATTRIBUTE *label;
- CK_OBJECT_CLASS klass;
- const char *nick;
-
- label = p11_attrs_find (attrs, CKA_LABEL);
- if (label && label->ulValueLen)
- return strndup (label->pValue, label->ulValueLen);
-
- nick = NULL;
- if (p11_attrs_find_ulong (attrs, CKA_CLASS, &klass))
- nick = p11_constant_nick (p11_constant_classes, klass);
- if (nick == NULL)
- nick = "object";
- return strdup (nick);
-}
-
-static p11_save_file *
-writer_create_origin (p11_token *token,
- CK_ATTRIBUTE *attrs)
-{
- p11_save_file *file;
- char *name;
- char *path;
-
- name = writer_suggest_name (attrs);
- return_val_if_fail (name != NULL, NULL);
-
- p11_path_canon (name);
-
- path = p11_path_build (token->path, name, NULL);
- free (name);
-
- file = p11_save_open_file (path, ".p11-kit", P11_SAVE_UNIQUE);
- free (path);
-
- return file;
-}
-
-static CK_RV
-writer_put_header (p11_save_file *file)
-{
- const char *header =
- "# This file has been auto-generated and written by p11-kit. Changes will be\n"
- "# unceremoniously overwritten.\n"
- "#\n"
- "# The format is designed to be somewhat human readable and debuggable, and a\n"
- "# bit transparent but it is not encouraged to read/write this format from other\n"
- "# applications or tools without first discussing this at the the mailing list:\n"
- "#\n"
- "# p11-glue@lists.freedesktop.org\n"
- "#\n";
-
- if (!p11_save_write (file, header, -1))
- return CKR_FUNCTION_FAILED;
-
- return CKR_OK;
-}
-
-static CK_RV
-writer_put_object (p11_save_file *file,
- p11_persist *persist,
- p11_buffer *buffer,
- CK_ATTRIBUTE *attrs)
-{
- if (!p11_buffer_reset (buffer, 0))
- assert_not_reached ();
- if (!p11_persist_write (persist, attrs, buffer))
- return_val_if_reached (CKR_GENERAL_ERROR);
- if (!p11_save_write (file, buffer->data, buffer->len))
- return CKR_FUNCTION_FAILED;
-
- return CKR_OK;
-}
-
-static bool
-mkdir_with_parents (const char *path)
-{
- char *parent;
- bool ret;
-
-#ifdef OS_UNIX
- int mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH;
- if (mkdir (path, mode) == 0)
-#else
- if (mkdir (path) == 0)
-#endif
- return true;
-
- switch (errno) {
- case ENOENT:
- parent = p11_path_parent (path);
- if (parent != NULL) {
- ret = mkdir_with_parents (parent);
- free (parent);
- if (ret == true) {
-#ifdef OS_UNIX
- if (mkdir (path, mode) == 0)
-#else
- if (mkdir (path) == 0)
-#endif
- return true;
- }
- }
- /* fall through */
- default:
- p11_message_err (errno, "couldn't create directory: %s", path);
- return false;
- }
-}
-
-static CK_RV
-on_index_build (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs,
- CK_ATTRIBUTE *merge,
- CK_ATTRIBUTE **extra)
-{
- p11_token *token = data;
- return p11_builder_build (token->builder, index, attrs, merge, extra);
-}
-
-static CK_RV
-on_index_store (void *data,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE **attrs)
-{
- p11_token *token = data;
- CK_OBJECT_HANDLE *other;
- p11_persist *persist;
- p11_buffer buffer;
- CK_ATTRIBUTE *origin;
- CK_ATTRIBUTE *object;
- p11_save_file *file;
- bool creating = false;
- char *path;
- CK_RV rv;
- int i;
-
- /* Signifies that data is being loaded, don't write out */
- if (p11_index_loading (index))
- return CKR_OK;
-
- if (!check_token_directory (token))
- return CKR_FUNCTION_FAILED;
-
- if (token->make_directory) {
- if (!mkdir_with_parents (token->path))
- return CKR_FUNCTION_FAILED;
- token->make_directory = false;
- }
-
- /* Do we already have a filename? */
- origin = p11_attrs_find (*attrs, CKA_X_ORIGIN);
- if (origin == NULL) {
- file = writer_create_origin (token, *attrs);
- creating = true;
- other = NULL;
-
- } else {
- other = p11_index_find_all (index, origin, 1);
- file = writer_overwrite_origin (token, origin);
- creating = false;
- }
-
- if (file == NULL) {
- free (origin);
- free (other);
- return CKR_GENERAL_ERROR;
- }
-
- persist = p11_persist_new ();
- p11_buffer_init (&buffer, 1024);
-
- rv = writer_put_header (file);
- if (rv == CKR_OK)
- rv = writer_put_object (file, persist, &buffer, *attrs);
-
- for (i = 0; rv == CKR_OK && other && other[i] != 0; i++) {
- if (other[i] != handle) {
- object = p11_index_lookup (index, other[i]);
- if (object != NULL)
- rv = writer_put_object (file, persist, &buffer, object);
- }
- }
-
- p11_buffer_uninit (&buffer);
- p11_persist_free (persist);
- free (other);
-
- if (rv == CKR_OK) {
- if (!p11_save_finish_file (file, &path, true))
- rv = CKR_FUNCTION_FAILED;
- else if (creating)
- *attrs = p11_attrs_take (*attrs, CKA_X_ORIGIN, path, strlen (path));
- else
- free (path);
- } else {
- p11_save_finish_file (file, NULL, false);
- }
-
- return rv;
-}
-
-static CK_RV
-on_index_remove (void *data,
- p11_index *index,
- CK_ATTRIBUTE *attrs)
-{
- p11_token *token = data;
- CK_OBJECT_HANDLE *other;
- p11_persist *persist;
- p11_buffer buffer;
- CK_ATTRIBUTE *origin;
- CK_ATTRIBUTE *object;
- p11_save_file *file;
- CK_RV rv = CKR_OK;
- int i;
-
- /* Signifies that data is being loaded, don't write out */
- if (p11_index_loading (index))
- return CKR_OK;
-
- if (!check_token_directory (token))
- return CKR_FUNCTION_FAILED;
-
- /* We should have a file name */
- origin = p11_attrs_find (attrs, CKA_X_ORIGIN);
- return_val_if_fail (origin != NULL, CKR_GENERAL_ERROR);
-
- /* If there are other objects in this file, then rewrite it */
- other = p11_index_find_all (index, origin, 1);
- if (other && other[0]) {
- file = writer_overwrite_origin (token, origin);
- if (file == NULL) {
- free (other);
- return CKR_GENERAL_ERROR;
- }
-
- persist = p11_persist_new ();
- p11_buffer_init (&buffer, 1024);
-
- rv = writer_put_header (file);
- for (i = 0; rv == CKR_OK && other && other[i] != 0; i++) {
- object = p11_index_lookup (index, other[i]);
- if (object != NULL)
- rv = writer_put_object (file, persist, &buffer, object);
- }
-
- if (rv == CKR_OK) {
- if (!p11_save_finish_file (file, NULL, true))
- rv = CKR_FUNCTION_FAILED;
- } else {
- p11_save_finish_file (file, NULL, false);
- }
-
- p11_persist_free (persist);
- p11_buffer_uninit (&buffer);
-
- /* Otherwise just remove the file */
- } else {
- if (!writer_remove_origin (token, origin))
- rv = CKR_FUNCTION_FAILED;
- }
-
- free (other);
-
- return rv;
-}
-
-static void
-on_index_notify (void *data,
- p11_index *index,
- CK_OBJECT_HANDLE handle,
- CK_ATTRIBUTE *attrs)
-{
- p11_token *token = data;
- p11_builder_changed (token->builder, index, handle, attrs);
-}
-
-void
-p11_token_free (p11_token *token)
-{
- if (!token)
- return;
-
- p11_index_free (token->index);
- p11_parser_free (token->parser);
- p11_builder_free (token->builder);
- p11_dict_free (token->loaded);
- free (token->path);
- free (token->anchors);
- free (token->blacklist);
- free (token->label);
- free (token);
-}
-
-p11_token *
-p11_token_new (CK_SLOT_ID slot,
- const char *path,
- const char *label)
-{
- p11_token *token;
-
- return_val_if_fail (path != NULL, NULL);
- return_val_if_fail (label != NULL, NULL);
-
- token = calloc (1, sizeof (p11_token));
- return_val_if_fail (token != NULL, NULL);
-
- token->builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN);
- return_val_if_fail (token->builder != NULL, NULL);
-
- token->index = p11_index_new (on_index_build,
- on_index_store,
- on_index_remove,
- on_index_notify,
- token);
- return_val_if_fail (token->index != NULL, NULL);
-
- token->parser = p11_parser_new (p11_builder_get_cache (token->builder));
- return_val_if_fail (token->parser != NULL, NULL);
- p11_parser_formats (token->parser, p11_parser_format_persist,
- p11_parser_format_pem, p11_parser_format_x509, NULL);
-
- token->loaded = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, free, free);
- return_val_if_fail (token->loaded != NULL, NULL);
-
- token->path = p11_path_expand (path);
- return_val_if_fail (token->path != NULL, NULL);
-
- token->anchors = p11_path_build (token->path, "anchors", NULL);
- return_val_if_fail (token->anchors != NULL, NULL);
-
- token->blacklist = p11_path_build (token->path, "blacklist", NULL);
- return_val_if_fail (token->blacklist != NULL, NULL);
-
- token->label = strdup (label);
- return_val_if_fail (token->label != NULL, NULL);
-
- token->slot = slot;
-
- load_builtin_objects (token);
-
- p11_debug ("token: %s: %s", token->label, token->path);
- return token;
-}
-
-const char *
-p11_token_get_label (p11_token *token)
-{
- return_val_if_fail (token != NULL, NULL);
- return token->label;
-}
-
-const char *
-p11_token_get_path (p11_token *token)
-{
- return_val_if_fail (token != NULL, NULL);
- return token->path;
-}
-
-CK_SLOT_ID
-p11_token_get_slot (p11_token *token)
-{
- return_val_if_fail (token != NULL, 0);
- return token->slot;
-}
-
-p11_index *
-p11_token_index (p11_token *token)
-{
- return_val_if_fail (token != NULL, NULL);
- return token->index;
-}
-
-p11_parser *
-p11_token_parser (p11_token *token)
-{
- return_val_if_fail (token != NULL, NULL);
- return token->parser;
-}
-
-bool
-p11_token_is_writable (p11_token *token)
-{
- if (!check_token_directory (token))
- return false;
- return token->is_writable;
-}
diff --git a/trust/token.h b/trust/token.h
deleted file mode 100644
index 1180b27..0000000
--- a/trust/token.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_TOKEN_H_
-#define P11_TOKEN_H_
-
-#include "dict.h"
-#include "index.h"
-#include "parser.h"
-#include "pkcs11.h"
-
-typedef struct _p11_token p11_token;
-
-p11_token * p11_token_new (CK_SLOT_ID slot,
- const char *path,
- const char *label);
-
-void p11_token_free (p11_token *token);
-
-int p11_token_load (p11_token *token);
-
-bool p11_token_reload (p11_token *token,
- CK_ATTRIBUTE *attrs);
-
-p11_index * p11_token_index (p11_token *token);
-
-p11_parser * p11_token_parser (p11_token *token);
-
-const char * p11_token_get_path (p11_token *token);
-
-const char * p11_token_get_label (p11_token *token);
-
-CK_SLOT_ID p11_token_get_slot (p11_token *token);
-
-bool p11_token_is_writable (p11_token *token);
-
-#endif /* P11_TOKEN_H_ */
diff --git a/trust/trust-extract-compat.in b/trust/trust-extract-compat.in
deleted file mode 100755
index 9b46055..0000000
--- a/trust/trust-extract-compat.in
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-
-# This script is a placeholder designed to be replaced when this software
-# has been customized for distribution. It should be symlinked linked to the
-# distribution's update-ca-certificates or update-ca-trust command as
-# appropriate. In the future this script will be called when the PKCS#11
-# trust module is used to modifiy trust anchors and related data.
-
-if [ $# -ne 0 ]; then
- echo "usage: trust extract-compat" >&2
- exit 2
-fi
-
-uid=$(id -u)
-if [ "$uid" != 0 ]; then
- echo "trust: running as non-root user: skip extracting compat bundles" >&2
- exit 0
-fi
-
-echo "trust: the placeholder extract-compat command has not been customized by your distribution." >&2
-
-# You can use commands like this to extract data from trust modules
-# into appropriate locations for your distribution.
-#
-# trust extract --format=openssl-bundle --filter=ca-anchors \
-# --overwrite /tmp/openssl-bundle.pem
-# trust extract --format=pem-bundle --filter=ca-anchors --overwrite \
-# --purpose server-auth /tmp/server-auth-bundle.pem
-# trust extract --format=java-cacerts --filter=ca-anchors --overwrite \
-# --purpose server-auth /tmp/cacerts
-
-exit 1
diff --git a/trust/trust.c b/trust/trust.c
deleted file mode 100644
index b006ec8..0000000
--- a/trust/trust.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2011, Collabora Ltd.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@collabora.co.uk>
- */
-
-#include "config.h"
-
-#include "anchor.h"
-#include "extract.h"
-#include "list.h"
-
-#include "buffer.h"
-#include "compat.h"
-#include "debug.h"
-#include "message.h"
-#include "path.h"
-#include "tool.h"
-
-#include <assert.h>
-#include <ctype.h>
-#include <getopt.h>
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-static const p11_tool_command commands[] = {
- { "list", p11_trust_list, "List trust or certificates" },
- { "extract", p11_trust_extract, "Extract certificates and trust" },
- { "extract-compat", p11_trust_extract_compat, "Extract trust compatibility bundles" },
- { "anchor", p11_trust_anchor, "Add, remove, change trust anchors" },
- { 0, }
-};
-
-int
-main (int argc,
- char *argv[])
-{
- return p11_tool_main (argc, argv, commands);
-}
diff --git a/trust/types.h b/trust/types.h
deleted file mode 100644
index 64a92b1..0000000
--- a/trust/types.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (c) 2013 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef TYPES_H_
-#define TYPES_H_ 1
-
-#include "pkcs11x.h"
-
-/*
- * A boolean value which denotes whether we auto generated
- * this object, as opposed to coming from outside the builder.
- *
- * We set this on all objects. It will always be either CK_TRUE
- * or CK_FALSE for all objects built by this builder.
- */
-#define CKA_X_GENERATED (CKA_X_VENDOR + 8000)
-
-/*
- * A string pointing to the filename from which this was loaded.
- */
-#define CKA_X_ORIGIN (CKA_X_VENDOR + 8001)
-
-#endif /* TYPES_H_ */
diff --git a/trust/utf8.c b/trust/utf8.c
deleted file mode 100644
index b94c3e7..0000000
--- a/trust/utf8.c
+++ /dev/null
@@ -1,329 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "buffer.h"
-#include "debug.h"
-#include "utf8.h"
-
-#include <assert.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <string.h>
-
-/*
- * Some parts come from FreeBSD utf8.c
- *
- * Copyright (c) 2002-2004 Tim J. Robbins
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-static ssize_t
-utf8_to_uchar (const char *str,
- size_t len,
- uint32_t *uc)
-{
- int ch, i, mask, want;
- uint32_t lbound, uch;
-
- assert (str != NULL);
- assert (len > 0);
- assert (uc != NULL);
-
- if (((ch = (unsigned char)*str) & ~0x7f) == 0) {
- /* Fast path for plain ASCII characters. */
- *uc = ch;
- return 1;
- }
-
- /*
- * Determine the number of octets that make up this character
- * from the first octet, and a mask that extracts the
- * interesting bits of the first octet. We already know
- * the character is at least two bytes long.
- *
- * We also specify a lower bound for the character code to
- * detect redundant, non-"shortest form" encodings. For
- * example, the sequence C0 80 is _not_ a legal representation
- * of the null character. This enforces a 1-to-1 mapping
- * between character codes and their multibyte representations.
- */
- ch = (unsigned char)*str;
- if ((ch & 0xe0) == 0xc0) {
- mask = 0x1f;
- want = 2;
- lbound = 0x80;
- } else if ((ch & 0xf0) == 0xe0) {
- mask = 0x0f;
- want = 3;
- lbound = 0x800;
- } else if ((ch & 0xf8) == 0xf0) {
- mask = 0x07;
- want = 4;
- lbound = 0x10000;
- } else if ((ch & 0xfc) == 0xf8) {
- mask = 0x03;
- want = 5;
- lbound = 0x200000;
- } else if ((ch & 0xfe) == 0xfc) {
- mask = 0x01;
- want = 6;
- lbound = 0x4000000;
- } else {
- /*
- * Malformed input; input is not UTF-8.
- */
- return -1;
- }
-
- if (want > len) {
- /* Incomplete multibyte sequence. */
- return -1;
- }
-
- /*
- * Decode the octet sequence representing the character in chunks
- * of 6 bits, most significant first.
- */
- uch = (unsigned char)*str++ & mask;
- for (i = 1; i < want; i++) {
- if ((*str & 0xc0) != 0x80) {
- /*
- * Malformed input; bad characters in the middle
- * of a character.
- */
- return -1;
- }
- uch <<= 6;
- uch |= *str++ & 0x3f;
- }
- if (uch < lbound) {
- /*
- * Malformed input; redundant encoding.
- */
- return -1;
- }
-
- *uc = uch;
- return want;
-}
-
-static size_t
-utf8_for_uchar (uint32_t uc,
- char *str,
- size_t len)
-{
- unsigned char lead;
- int i, want;
-
- assert (str != NULL);
- assert (len >= 6);
-
- if ((uc & ~0x7f) == 0) {
- /* Fast path for plain ASCII characters. */
- *str = (char)uc;
- return 1;
- }
-
- /*
- * Determine the number of octets needed to represent this character.
- * We always output the shortest sequence possible. Also specify the
- * first few bits of the first octet, which contains the information
- * about the sequence length.
- */
- if ((uc & ~0x7ff) == 0) {
- lead = 0xc0;
- want = 2;
- } else if ((uc & ~0xffff) == 0) {
- lead = 0xe0;
- want = 3;
- } else if ((uc & ~0x1fffff) == 0) {
- lead = 0xf0;
- want = 4;
- } else if ((uc & ~0x3ffffff) == 0) {
- lead = 0xf8;
- want = 5;
- } else if ((uc & ~0x7fffffff) == 0) {
- lead = 0xfc;
- want = 6;
- } else {
- return -1;
- }
-
- assert (want <= len);
-
- /*
- * Output the octets representing the character in chunks
- * of 6 bits, least significant last. The first octet is
- * a special case because it contains the sequence length
- * information.
- */
- for (i = want - 1; i > 0; i--) {
- str[i] = (uc & 0x3f) | 0x80;
- uc >>= 6;
- }
- *str = (uc & 0xff) | lead;
- return want;
-}
-
-static ssize_t
-ucs2be_to_uchar (const unsigned char *str,
- size_t len,
- uint32_t *wc)
-{
- assert (str != NULL);
- assert (len != 0);
- assert (wc != NULL);
-
- if (len < 2)
- return -1;
-
- *wc = (str[0] << 8 | str[1]);
- return 2;
-}
-
-static ssize_t
-ucs4be_to_uchar (const unsigned char *str,
- size_t len,
- uint32_t *uc)
-{
- assert (str != NULL);
- assert (len != 0);
- assert (uc != NULL);
-
- if (len < 4)
- return -1;
-
- *uc = (str[0] << 24 | str[1] << 16 | str[2] << 8 | str[3]);
- return 4;
-}
-
-bool
-p11_utf8_validate (const char *str,
- ssize_t len)
-{
- uint32_t dummy;
- ssize_t ret;
-
- if (len < 0)
- len = strlen (str);
-
- while (len > 0) {
- ret = utf8_to_uchar (str, len, &dummy);
- if (ret < 0)
- return false;
- str += ret;
- len -= ret;
- }
-
- return true;
-}
-
-static char *
-utf8_for_convert (ssize_t (* convert) (const unsigned char *, size_t, uint32_t *),
- const unsigned char *str,
- size_t num_bytes,
- size_t *ret_len)
-{
- p11_buffer buf;
- char block[6];
- uint32_t uc;
- ssize_t ret;
-
- assert (convert);
-
- if (!p11_buffer_init_null (&buf, num_bytes))
- return_val_if_reached (NULL);
-
- while (num_bytes != 0) {
- ret = (convert) (str, num_bytes, &uc);
- if (ret < 0) {
- p11_buffer_uninit (&buf);
- return NULL;
- }
-
- str += ret;
- num_bytes -= ret;
-
- ret = utf8_for_uchar (uc, block, 6);
- if (ret < 0) {
- p11_buffer_uninit (&buf);
- return NULL;
- }
- p11_buffer_add (&buf, block, ret);
- }
-
- return_val_if_fail (p11_buffer_ok (&buf), NULL);
- return p11_buffer_steal (&buf, ret_len);
-}
-
-char *
-p11_utf8_for_ucs2be (const unsigned char *str,
- size_t num_bytes,
- size_t *ret_len)
-{
- assert (str != NULL);
- return utf8_for_convert (ucs2be_to_uchar, str, num_bytes, ret_len);
-}
-
-char *
-p11_utf8_for_ucs4be (const unsigned char *str,
- size_t num_bytes,
- size_t *ret_len)
-{
- assert (str != NULL);
- return utf8_for_convert (ucs4be_to_uchar, str, num_bytes, ret_len);
-}
diff --git a/trust/utf8.h b/trust/utf8.h
deleted file mode 100644
index 8efa66f..0000000
--- a/trust/utf8.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2013, Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#ifndef P11_UTF8_H_
-#define P11_UTF8_H_
-
-#include "compat.h"
-
-#include <sys/types.h>
-
-bool p11_utf8_validate (const char *str,
- ssize_t len);
-
-char * p11_utf8_for_ucs2be (const unsigned char *str,
- size_t num_bytes,
- size_t *ret_len);
-
-char * p11_utf8_for_ucs4be (const unsigned char *str,
- size_t num_bytes,
- size_t *ret_len);
-
-#endif /* P11_UTF8_H_ */
diff --git a/trust/x509.c b/trust/x509.c
deleted file mode 100644
index 3b4fb2d..0000000
--- a/trust/x509.c
+++ /dev/null
@@ -1,370 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include "config.h"
-
-#include "asn1.h"
-#define P11_DEBUG_FLAG P11_DEBUG_TRUST
-#include "debug.h"
-#include "digest.h"
-#include "oid.h"
-#include "utf8.h"
-#include "x509.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-unsigned char *
-p11_x509_find_extension (node_asn *cert,
- const unsigned char *oid,
- const unsigned char *der,
- size_t der_len,
- size_t *ext_len)
-{
- char field[128];
- int start;
- int end;
- int ret;
- int i;
-
- return_val_if_fail (cert != NULL, NULL);
- return_val_if_fail (oid != NULL, NULL);
- return_val_if_fail (ext_len != NULL, NULL);
-
- for (i = 1; ; i++) {
- if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnID", i) < 0)
- return_val_if_reached (NULL);
-
- ret = asn1_der_decoding_startEnd (cert, der, der_len, field, &start, &end);
-
- /* No more extensions */
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- break;
-
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- /* Make sure it's a straightforward oid with certain assumptions */
- if (!p11_oid_simple (der + start, (end - start) + 1))
- continue;
-
- /* The one we're lookin for? */
- if (!p11_oid_equal (der + start, oid))
- continue;
-
- if (snprintf (field, sizeof (field), "tbsCertificate.extensions.?%u.extnValue", i) < 0)
- return_val_if_reached (NULL);
-
- return p11_asn1_read (cert, field, ext_len);
- }
-
- return NULL;
-}
-
-bool
-p11_x509_hash_subject_public_key (node_asn *cert,
- const unsigned char *der,
- size_t der_len,
- unsigned char *keyid)
-{
- int start, end;
- size_t len;
- int ret;
-
- return_val_if_fail (cert != NULL, NULL);
- return_val_if_fail (der != NULL, NULL);
-
- ret = asn1_der_decoding_startEnd (cert, der, der_len, "tbsCertificate.subjectPublicKeyInfo", &start, &end);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- return_val_if_fail (end >= start, false);
-
- len = (end - start) + 1;
- p11_digest_sha1 (keyid, (der + start), len, NULL);
- return true;
-}
-
-unsigned char *
-p11_x509_parse_subject_key_identifier (p11_dict *asn1_defs,
- const unsigned char *ext_der,
- size_t ext_len,
- size_t *keyid_len)
-{
- unsigned char *keyid;
- node_asn *ext;
-
- return_val_if_fail (keyid_len != NULL, false);
-
- ext = p11_asn1_decode (asn1_defs, "PKIX1.SubjectKeyIdentifier", ext_der, ext_len, NULL);
- if (ext == NULL)
- return NULL;
-
- keyid = p11_asn1_read (ext, "", keyid_len);
- return_val_if_fail (keyid != NULL, NULL);
-
- asn1_delete_structure (&ext);
-
- return keyid;
-}
-
-bool
-p11_x509_parse_basic_constraints (p11_dict *asn1_defs,
- const unsigned char *ext_der,
- size_t ext_len,
- bool *is_ca)
-{
- char buffer[8];
- node_asn *ext;
- int ret;
- int len;
-
- return_val_if_fail (is_ca != NULL, false);
-
- ext = p11_asn1_decode (asn1_defs, "PKIX1.BasicConstraints", ext_der, ext_len, NULL);
- if (ext == NULL)
- return false;
-
- len = sizeof (buffer);
- ret = asn1_read_value (ext, "cA", buffer, &len);
-
- /* Default value for cA is FALSE */
- if (ret == ASN1_ELEMENT_NOT_FOUND) {
- *is_ca = false;
-
- } else {
- return_val_if_fail (ret == ASN1_SUCCESS, false);
- *is_ca = (strcmp (buffer, "TRUE") == 0);
- }
-
- asn1_delete_structure (&ext);
-
- return true;
-}
-
-bool
-p11_x509_parse_key_usage (p11_dict *asn1_defs,
- const unsigned char *ext_der,
- size_t ext_len,
- unsigned int *ku)
-{
- char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
- unsigned char buf[2];
- node_asn *ext;
- int len;
- int ret;
-
- ext = p11_asn1_decode (asn1_defs, "PKIX1.KeyUsage", ext_der, ext_len, message);
- if (ext == NULL)
- return false;
-
- len = sizeof (buf);
- ret = asn1_read_value (ext, "", buf, &len);
- return_val_if_fail (ret == ASN1_SUCCESS, false);
-
- /* A bit string, so combine into one set of flags */
- *ku = buf[0] | (buf[1] << 8);
-
- asn1_delete_structure (&ext);
-
- return true;
-}
-
-p11_array *
-p11_x509_parse_extended_key_usage (p11_dict *asn1_defs,
- const unsigned char *ext_der,
- size_t ext_len)
-{
- node_asn *asn;
- char field[128];
- p11_array *ekus;
- size_t len;
- char *eku;
- int i;
-
- asn = p11_asn1_decode (asn1_defs, "PKIX1.ExtKeyUsageSyntax", ext_der, ext_len, NULL);
- if (asn == NULL)
- return NULL;
-
- ekus = p11_array_new (free);
-
- for (i = 1; ; i++) {
- if (snprintf (field, sizeof (field), "?%u", i) < 0)
- return_val_if_reached (NULL);
-
- eku = p11_asn1_read (asn, field, &len);
- if (eku == NULL)
- break;
-
- eku[len] = 0;
-
- /* If it's our reserved OID, then skip */
- if (strcmp (eku, P11_OID_RESERVED_PURPOSE_STR) == 0) {
- free (eku);
- continue;
- }
-
- if (!p11_array_push (ekus, eku))
- return_val_if_reached (NULL);
- }
-
- asn1_delete_structure (&asn);
-
- return ekus;
-}
-
-char *
-p11_x509_parse_directory_string (const unsigned char *input,
- size_t input_len,
- bool *unknown_string,
- size_t *string_len)
-{
- unsigned long tag;
- unsigned char cls;
- int tag_len;
- int len_len;
- const void *octets;
- long octet_len;
- int ret;
-
- ret = asn1_get_tag_der (input, input_len, &cls, &tag_len, &tag);
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- octet_len = asn1_get_length_der (input + tag_len, input_len - tag_len, &len_len);
- return_val_if_fail (octet_len >= 0, false);
- return_val_if_fail (tag_len + len_len + octet_len == input_len, NULL);
-
- octets = input + tag_len + len_len;
-
- if (unknown_string)
- *unknown_string = false;
-
- /* The following strings are the ones we normalize */
- switch (tag) {
- case 12: /* UTF8String */
- case 18: /* NumericString */
- case 22: /* IA5String */
- case 20: /* TeletexString */
- case 19: /* PrintableString */
- if (!p11_utf8_validate (octets, octet_len))
- return NULL;
- if (string_len)
- *string_len = octet_len;
- return strndup (octets, octet_len);
-
- case 28: /* UniversalString */
- return p11_utf8_for_ucs4be (octets, octet_len, string_len);
-
- case 30: /* BMPString */
- return p11_utf8_for_ucs2be (octets, octet_len, string_len);
-
- /* Just pass through all the non-string types */
- default:
- if (unknown_string)
- *unknown_string = true;
- return NULL;
- }
-
-}
-
-char *
-p11_x509_parse_dn_name (p11_dict *asn_defs,
- const unsigned char *der,
- size_t der_len,
- const unsigned char *oid)
-{
- node_asn *asn;
- char *part;
-
- asn = p11_asn1_decode (asn_defs, "PKIX1.Name", der, der_len, NULL);
- if (asn == NULL)
- return NULL;
-
- part = p11_x509_lookup_dn_name (asn, NULL, der, der_len, oid);
- asn1_delete_structure (&asn);
- return part;
-}
-
-char *
-p11_x509_lookup_dn_name (node_asn *asn,
- const char *dn_field,
- const unsigned char *der,
- size_t der_len,
- const unsigned char *oid)
-{
- unsigned char *value;
- char field[128];
- size_t value_len;
- char *part;
- int i, j;
- int start;
- int end;
- int ret;
-
- for (i = 1; true; i++) {
- for (j = 1; true; j++) {
- snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.type",
- dn_field, dn_field ? "." : "", i, j);
-
- ret = asn1_der_decoding_startEnd (asn, der, der_len, field, &start, &end);
-
- /* No more dns */
- if (ret == ASN1_ELEMENT_NOT_FOUND)
- break;
-
- return_val_if_fail (ret == ASN1_SUCCESS, NULL);
-
- /* Make sure it's a straightforward oid with certain assumptions */
- if (!p11_oid_simple (der + start, (end - start) + 1))
- continue;
-
- /* The one we're lookin for? */
- if (!p11_oid_equal (der + start, oid))
- continue;
-
- snprintf (field, sizeof (field), "%s%srdnSequence.?%d.?%d.value",
- dn_field, dn_field ? "." : "", i, j);
-
- value = p11_asn1_read (asn, field, &value_len);
- return_val_if_fail (value != NULL, NULL);
-
- part = p11_x509_parse_directory_string (value, value_len, NULL, NULL);
- free (value);
-
- return part;
- }
-
- if (j == 1)
- break;
- }
-
- return NULL;
-}
diff --git a/trust/x509.h b/trust/x509.h
deleted file mode 100644
index 45fa628..0000000
--- a/trust/x509.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (C) 2012 Red Hat Inc.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above
- * copyright notice, this list of conditions and the
- * following disclaimer.
- * * Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and
- * the following disclaimer in the documentation and/or
- * other materials provided with the distribution.
- * * The names of contributors to this software may not be
- * used to endorse or promote products derived from this
- * software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
- * DAMAGE.
- *
- * Author: Stef Walter <stefw@redhat.com>
- */
-
-#include <libtasn1.h>
-
-#include "array.h"
-#include "dict.h"
-
-#ifndef P11_X509_H_
-#define P11_X509_H_
-
-unsigned char * p11_x509_find_extension (node_asn *cert,
- const unsigned char *oid,
- const unsigned char *der,
- size_t der_len,
- size_t *ext_len);
-
-bool p11_x509_hash_subject_public_key (node_asn *cert,
- const unsigned char *der,
- size_t der_len,
- unsigned char *keyid);
-
-bool p11_x509_parse_basic_constraints (p11_dict *asn1_defs,
- const unsigned char *ext_der,
- size_t ext_len,
- bool *is_ca);
-
-bool p11_x509_parse_key_usage (p11_dict *asn1_defs,
- const unsigned char *data,
- size_t length,
- unsigned int *ku);
-
-p11_array * p11_x509_parse_extended_key_usage (p11_dict *asn1_defs,
- const unsigned char *ext_der,
- size_t ext_len);
-
-unsigned char * p11_x509_parse_subject_key_identifier (p11_dict *asn1_defs,
- const unsigned char *ext_der,
- size_t ext_len,
- size_t *keyid_len);
-
-char * p11_x509_parse_dn_name (p11_dict *asn_defs,
- const unsigned char *der,
- size_t der_len,
- const unsigned char *oid);
-
-char * p11_x509_lookup_dn_name (node_asn *asn,
- const char *dn_field,
- const unsigned char *der,
- size_t der_len,
- const unsigned char *oid);
-
-char * p11_x509_parse_directory_string (const unsigned char *input,
- size_t input_len,
- bool *unknown_string,
- size_t *string_len);
-
-#endif /* P11_X509_H_ */
View Lorry Controller Status