From 479cbd55ee5739d3cd2566379575451dbecf4c54 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 31 Mar 2011 12:41:43 +0200 Subject: Documentation and API cleanup. * Rename source directory * More consistent with return values from URI functions. * Allow formatting URI to take a uri type. --- .gitignore | 17 + Makefile.am | 6 +- configure.ac | 17 +- doc/Makefile.am | 80 ++- doc/p11-kit-docs.sgml | 24 + doc/p11-kit-overrides.txt | 0 doc/p11-kit-sections.txt | 40 ++ doc/version.xml.in | 1 + gtk-doc.make | 230 ++++++++ module/Makefile.am | 41 -- module/conf.c | 245 -------- module/conf.h | 51 -- module/hash.c | 453 --------------- module/hash.h | 187 ------ module/p11-kit-lib.c | 1081 ---------------------------------- module/p11-kit-messages.c | 234 -------- module/p11-kit-private.h | 52 -- module/p11-kit-proxy.c | 1382 -------------------------------------------- module/p11-kit-uri.c | 951 ------------------------------ module/p11-kit-uri.h | 104 ---- module/p11-kit.h | 59 -- module/p11-kit.pc.in | 17 - module/pkcs11.h | 1357 ------------------------------------------- module/util.c | 51 -- module/util.h | 45 -- p11-kit/Makefile.am | 40 ++ p11-kit/conf.c | 245 ++++++++ p11-kit/conf.h | 51 ++ p11-kit/hash.c | 452 +++++++++++++++ p11-kit/hash.h | 187 ++++++ p11-kit/p11-kit-lib.c | 1130 ++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit-messages.c | 242 ++++++++ p11-kit/p11-kit-private.h | 52 ++ p11-kit/p11-kit-proxy.c | 1382 ++++++++++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit-uri.c | 1195 ++++++++++++++++++++++++++++++++++++++ p11-kit/p11-kit-uri.h | 105 ++++ p11-kit/p11-kit.h | 59 ++ p11-kit/p11-kit.pc | 17 + p11-kit/p11-kit.pc.in | 17 + p11-kit/pkcs11.h | 1357 +++++++++++++++++++++++++++++++++++++++++++ p11-kit/util.c | 51 ++ p11-kit/util.h | 45 ++ tests/Makefile.am | 8 +- tests/uri-test.c | 82 +-- 44 files changed, 7064 insertions(+), 6378 deletions(-) create mode 100644 doc/p11-kit-docs.sgml create mode 100644 doc/p11-kit-overrides.txt create mode 100644 doc/p11-kit-sections.txt create mode 100644 doc/version.xml.in create mode 100644 gtk-doc.make delete mode 100644 module/Makefile.am delete mode 100644 module/conf.c delete mode 100644 module/conf.h delete mode 100644 module/hash.c delete mode 100644 module/hash.h delete mode 100644 module/p11-kit-lib.c delete mode 100644 module/p11-kit-messages.c delete mode 100644 module/p11-kit-private.h delete mode 100644 module/p11-kit-proxy.c delete mode 100644 module/p11-kit-uri.c delete mode 100644 module/p11-kit-uri.h delete mode 100644 module/p11-kit.h delete mode 100644 module/p11-kit.pc.in delete mode 100644 module/pkcs11.h delete mode 100644 module/util.c delete mode 100644 module/util.h create mode 100644 p11-kit/Makefile.am create mode 100644 p11-kit/conf.c create mode 100644 p11-kit/conf.h create mode 100644 p11-kit/hash.c create mode 100644 p11-kit/hash.h create mode 100644 p11-kit/p11-kit-lib.c create mode 100644 p11-kit/p11-kit-messages.c create mode 100644 p11-kit/p11-kit-private.h create mode 100644 p11-kit/p11-kit-proxy.c create mode 100644 p11-kit/p11-kit-uri.c create mode 100644 p11-kit/p11-kit-uri.h create mode 100644 p11-kit/p11-kit.h create mode 100644 p11-kit/p11-kit.pc create mode 100644 p11-kit/p11-kit.pc.in create mode 100644 p11-kit/pkcs11.h create mode 100644 p11-kit/util.c create mode 100644 p11-kit/util.h diff --git a/.gitignore b/.gitignore index 7549859..f2047de 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ *.gcov *~ *.html +*.stamp .deps .libs @@ -38,6 +39,22 @@ missing stamp-h1 temp.txt +/doc/html +/doc/p11-kit-decl-list.txt +/doc/p11-kit-decl.txt +/doc/p11-kit-undeclared.txt +/doc/p11-kit-undocumented.txt +/doc/p11-kit-unused.txt +/doc/p11-kit.args +/doc/p11-kit.hierarchy +/doc/p11-kit.interfaces +/doc/p11-kit.prerequisites +/doc/p11-kit.signals +/doc/p11-kit.types +/doc/tmpl/ +/doc/version.xml +/doc/xml/ + /module/p11-kit.pc /po/POTFILES diff --git a/Makefile.am b/Makefile.am index e8f0c0c..811b752 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,9 @@ -SUBDIRS = module tests doc po +SUBDIRS = \ + p11-kit \ + tests \ + doc \ + po ACLOCAL_AMFLAGS = -I m4 diff --git a/configure.ac b/configure.ac index 9f63f66..a10790b 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_CONFIG_MACRO_DIR([m4]) AC_INIT([p11-kit],[0.1],[http://bugzilla.example.com]) -AC_CONFIG_SRCDIR([module/p11-kit-lib.c]) +AC_CONFIG_SRCDIR([p11-kit/p11-kit-lib.c]) AC_CONFIG_HEADERS([config.h]) dnl Other initialization @@ -31,6 +31,8 @@ AC_CHECK_LIB(dl, dlopen,, dnl Checks for typedefs, structures, and compiler characteristics. AC_CHECK_MEMBERS([struct dirent.d_type],,,[#include ]) +GTK_DOC_CHECK([1.15]) + # -------------------------------------------------------------------- # PKCS#11 Directories @@ -134,11 +136,12 @@ fi # --------------------------------------------------------------------- AC_CONFIG_FILES([Makefile - module/Makefile - module/p11-kit.pc - po/Makefile.in - tests/Makefile - doc/Makefile - ]) + doc/Makefile + doc/version.xml + po/Makefile.in + p11-kit/Makefile + p11-kit/p11-kit.pc + tests/Makefile +]) AC_OUTPUT diff --git a/doc/Makefile.am b/doc/Makefile.am index 52c269b..b18d86a 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,22 +1,72 @@ +abs_top_builddir = @abs_top_builddir@ -# p11-kit-glue.xml +# We require automake 1.6 at least. +AUTOMAKE_OPTIONS = 1.6 -PARTS = \ - p11-kit-config.xml \ - p11-kit-multiple-problem.xml +# The name of the module, e.g. 'glib'. +DOC_MODULE=p11-kit -BOOK = \ - p11-kit.xml +# The top-level SGML file. You can change this if you want to. +DOC_MAIN_SGML_FILE=$(DOC_MODULE)-docs.sgml -DOCUMENTS = \ - html/p11-kit.html +# The directory containing the source code. Relative to $(srcdir). +# gtk-doc will search all .c & .h files beneath here for inline comments +# documenting the functions and macros. +# e.g. DOC_SOURCE_DIR=../../../gtk +DOC_SOURCE_DIR=../p11-kit -all-local: $(DOCUMENTS) +# Extra options to pass to gtkdoc-scangobj. Not normally needed. +SCANGOBJ_OPTIONS= --version -html/p11-kit.html: $(BOOK) $(PARTS) - xmlto --skip-validation -vv html-nochunks -o html/ p11-kit.xml +# Extra options to supply to gtkdoc-scan. +# e.g. SCAN_OPTIONS=--deprecated-guards="GTK_DISABLE_DEPRECATED" +SCAN_OPTIONS= --rebuild-types -EXTRA_DIST = \ - $(BOOK) \ - $(PARTS) \ - docbook-params.xsl +# Extra options to supply to gtkdoc-mkdb. +# e.g. MKDB_OPTIONS=--sgml-mode --output-format=xml +MKDB_OPTIONS=--sgml-mode --output-format=xml + +# Extra options to supply to gtkdoc-mktmpl +# e.g. MKTMPL_OPTIONS=--only-section-tmpl +MKTMPL_OPTIONS= + +# Extra options to supply to gtkdoc-fixref. Not normally needed. +# e.g. FIXXREF_OPTIONS=--extra-dir=../gdk-pixbuf/html --extra-dir=../gdk/html +FIXXREF_OPTIONS= + +# Used for dependencies. The docs will be rebuilt if any of these change. +# e.g. HFILE_GLOB=$(top_srcdir)/gtk/*.h +# e.g. CFILE_GLOB=$(top_srcdir)/gtk/*.c +HFILE_GLOB=$(top_srcdir)/p11-kit/p11-kit-*.h +CFILE_GLOB=$(top_srcdir)/p11-kit/p11-kit-*.c + +# Header files to ignore when scanning. +# e.g. IGNORE_HFILES=gtkdebug.h gtkintl.h +IGNORE_HFILES= p11-kit-private.h pkcs11.h hash.h conf.h util.h + +# Images to copy into HTML directory. +# e.g. HTML_IMAGES=$(top_srcdir)/gtk/stock-icons/stock_about_24.png +HTML_IMAGES= + +# Extra SGML files that are included by $(DOC_MAIN_SGML_FILE). +# e.g. content_files=running.sgml building.sgml changes-2.0.sgml +content_files=p11-kit-config.xml p11-kit-multiple-problem.xml + +# SGML files where gtk-doc abbrevations (#GtkWidget) are expanded +# These files must be listed here *and* in content_files +# e.g. expand_content_files=running.sgml +expand_content_files= + +# CFLAGS and LDFLAGS for compiling gtkdoc-scangobj with your library. +# Only needed if you are using gtkdoc-scangobj to dynamically query widget +# signals and properties. +# e.g. INCLUDES=-I$(top_srcdir) -I$(top_builddir) $(GTK_DEBUG_FLAGS) +# e.g. GTKDOC_LIBS=$(top_builddir)/gtk/$(gtktargetlib) +INCLUDES= +GTKDOC_LIBS= + +# This includes the standard gtk-doc make rules, copied by gtkdocize. +include $(top_srcdir)/gtk-doc.make + +EXTRA_DIST += \ + version.xml.in diff --git a/doc/p11-kit-docs.sgml b/doc/p11-kit-docs.sgml new file mode 100644 index 0000000..03fd582 --- /dev/null +++ b/doc/p11-kit-docs.sgml @@ -0,0 +1,24 @@ + + + +]> + + + P11-Kit Manual + for p11-kit &version; + + + + Reference + + + + + API Index + + + + diff --git a/doc/p11-kit-overrides.txt b/doc/p11-kit-overrides.txt new file mode 100644 index 0000000..e69de29 diff --git a/doc/p11-kit-sections.txt b/doc/p11-kit-sections.txt new file mode 100644 index 0000000..fbe7452 --- /dev/null +++ b/doc/p11-kit-sections.txt @@ -0,0 +1,40 @@ +
+p11-kit-uri +P11_KIT_URI_SCHEME +P11_KIT_URI_SCHEME_LEN +P11KitUriType +P11KitUriResult +P11KitUri +p11_kit_uri_new +p11_kit_uri_get_module_info +p11_kit_uri_match_module_info +p11_kit_uri_get_token_info +p11_kit_uri_match_token_info +p11_kit_uri_get_attribute_types +p11_kit_uri_get_attribute +p11_kit_uri_set_attribute +p11_kit_uri_clear_attribute +p11_kit_uri_match_attributes +p11_kit_uri_set_unrecognized +p11_kit_uri_any_unrecognized +p11_kit_uri_format +p11_kit_uri_parse +p11_kit_uri_free +
+ +
+p11-kit +p11_kit_initialize_registered +p11_kit_finalize_registered +p11_kit_registered_modules +p11_kit_registered_module_to_name +p11_kit_registered_name_to_module +p11_kit_registered_option +p11_kit_initialize_module +p11_kit_finalize_module +
+ +
+p11-kit-util +p11_kit_strerror +
\ No newline at end of file diff --git a/doc/version.xml.in b/doc/version.xml.in new file mode 100644 index 0000000..27323da --- /dev/null +++ b/doc/version.xml.in @@ -0,0 +1 @@ +@VERSION@ \ No newline at end of file diff --git a/gtk-doc.make b/gtk-doc.make new file mode 100644 index 0000000..a97578b --- /dev/null +++ b/gtk-doc.make @@ -0,0 +1,230 @@ +# -*- mode: makefile -*- + +#################################### +# Everything below here is generic # +#################################### + +if GTK_DOC_USE_LIBTOOL +GTKDOC_CC = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +GTKDOC_LD = $(LIBTOOL) --tag=CC --mode=link $(CC) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +GTKDOC_RUN = $(LIBTOOL) --mode=execute +else +GTKDOC_CC = $(CC) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +GTKDOC_LD = $(CC) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) +GTKDOC_RUN = +endif + +# We set GPATH here; this gives us semantics for GNU make +# which are more like other make's VPATH, when it comes to +# whether a source that is a target of one rule is then +# searched for in VPATH/GPATH. +# +GPATH = $(srcdir) + +TARGET_DIR=$(HTML_DIR)/$(DOC_MODULE) + +EXTRA_DIST = \ + $(content_files) \ + $(HTML_IMAGES) \ + $(DOC_MAIN_SGML_FILE) \ + $(DOC_MODULE)-sections.txt \ + $(DOC_MODULE)-overrides.txt + +DOC_STAMPS=scan-build.stamp tmpl-build.stamp sgml-build.stamp html-build.stamp \ + pdf-build.stamp \ + $(srcdir)/tmpl.stamp $(srcdir)/sgml.stamp $(srcdir)/html.stamp \ + $(srcdir)/pdf.stamp + +SCANOBJ_FILES = \ + $(DOC_MODULE).args \ + $(DOC_MODULE).hierarchy \ + $(DOC_MODULE).interfaces \ + $(DOC_MODULE).prerequisites \ + $(DOC_MODULE).signals + +REPORT_FILES = \ + $(DOC_MODULE)-undocumented.txt \ + $(DOC_MODULE)-undeclared.txt \ + $(DOC_MODULE)-unused.txt + +CLEANFILES = $(SCANOBJ_FILES) $(REPORT_FILES) $(DOC_STAMPS) + +if ENABLE_GTK_DOC +if GTK_DOC_BUILD_HTML +HTML_BUILD_STAMP=html-build.stamp +else +HTML_BUILD_STAMP= +endif +if GTK_DOC_BUILD_PDF +PDF_BUILD_STAMP=pdf-build.stamp +else +PDF_BUILD_STAMP= +endif + +all-local: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) +else +all-local: +endif + +docs: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP) + +$(REPORT_FILES): sgml-build.stamp + +#### scan #### + +scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB) + @echo 'gtk-doc: Scanning header files' + @-chmod -R u+w $(srcdir) + @_source_dir='' ; for i in $(DOC_SOURCE_DIR) ; do \ + _source_dir="$${_source_dir} --source-dir=$$i" ; \ + done ; \ + cd $(srcdir) && \ + gtkdoc-scan --module=$(DOC_MODULE) --ignore-headers="$(IGNORE_HFILES)" $${_source_dir} $(SCAN_OPTIONS) $(EXTRA_HFILES) + @if grep -l '^..*$$' $(srcdir)/$(DOC_MODULE).types > /dev/null 2>&1 ; then \ + CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" RUN="$(GTKDOC_RUN)" CFLAGS="$(GTKDOC_CFLAGS) $(CFLAGS)" LDFLAGS="$(GTKDOC_LIBS) $(LDFLAGS)" gtkdoc-scangobj $(SCANGOBJ_OPTIONS) --module=$(DOC_MODULE) --output-dir=$(srcdir) ; \ + else \ + cd $(srcdir) ; \ + for i in $(SCANOBJ_FILES) ; do \ + test -f $$i || touch $$i ; \ + done \ + fi + @touch scan-build.stamp + +$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt: scan-build.stamp + @true + +#### templates #### + +tmpl-build.stamp: $(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt + @echo 'gtk-doc: Rebuilding template files' + @-chmod -R u+w $(srcdir) + @cd $(srcdir) && gtkdoc-mktmpl --module=$(DOC_MODULE) $(MKTMPL_OPTIONS) + @touch tmpl-build.stamp + +tmpl.stamp: tmpl-build.stamp + @true + +$(srcdir)/tmpl/*.sgml: + @true + +#### xml #### + +sgml-build.stamp: tmpl.stamp $(DOC_MODULE)-sections.txt $(srcdir)/tmpl/*.sgml $(expand_content_files) + @echo 'gtk-doc: Building XML' + @-chmod -R u+w $(srcdir) + @_source_dir='' ; for i in $(DOC_SOURCE_DIR) ; do \ + _source_dir="$${_source_dir} --source-dir=$$i" ; \ + done ; \ + cd $(srcdir) && \ + gtkdoc-mkdb --module=$(DOC_MODULE) --output-format=xml --expand-content-files="$(expand_content_files)" --main-sgml-file=$(DOC_MAIN_SGML_FILE) $${_source_dir} $(MKDB_OPTIONS) + @touch sgml-build.stamp + +sgml.stamp: sgml-build.stamp + @true + +#### html #### + +html-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) + @echo 'gtk-doc: Building HTML' + @-chmod -R u+w $(srcdir) + @rm -rf $(srcdir)/html + @mkdir $(srcdir)/html + @mkhtml_options=""; \ + gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-path"; \ + if test "$(?)" = "0"; then \ + mkhtml_options=--path="$(srcdir)"; \ + fi; \ + cd $(srcdir)/html && gtkdoc-mkhtml $$mkhtml_options $(MKHTML_OPTIONS) $(DOC_MODULE) ../$(DOC_MAIN_SGML_FILE) + @test "x$(HTML_IMAGES)" = "x" || ( cd $(srcdir) && cp $(HTML_IMAGES) html ) + @echo 'gtk-doc: Fixing cross-references' + @cd $(srcdir) && gtkdoc-fixxref --module=$(DOC_MODULE) --module-dir=html --html-dir=$(HTML_DIR) $(FIXXREF_OPTIONS) | grep -v "no link for.*CK-.*CAPS" || true + @touch html-build.stamp + +#### pdf #### + +pdf-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files) + @echo 'gtk-doc: Building PDF' + @-chmod -R u+w $(srcdir) + @rm -rf $(srcdir)/$(DOC_MODULE).pdf + @mkpdf_imgdirs=""; \ + if test "x$(HTML_IMAGES)" != "x"; then \ + for img in $(HTML_IMAGES); do \ + part=`dirname $$img`; \ + echo $$mkpdf_imgdirs | grep >/dev/null "\-\-imgdir=$$part "; \ + if test $$? != 0; then \ + mkpdf_imgdirs="$$mkpdf_imgdirs --imgdir=$$part"; \ + fi; \ + done; \ + fi; \ + cd $(srcdir) && gtkdoc-mkpdf --path="$(abs_srcdir)" $$mkpdf_imgdirs $(DOC_MODULE) $(DOC_MAIN_SGML_FILE) $(MKPDF_OPTIONS) + @touch pdf-build.stamp + +############## + +clean-local: + rm -f *~ *.bak + rm -rf .libs + +distclean-local: + cd $(srcdir) && \ + rm -rf xml $(REPORT_FILES) $(DOC_MODULE).pdf \ + $(DOC_MODULE)-decl-list.txt $(DOC_MODULE)-decl.txt + +maintainer-clean-local: clean + cd $(srcdir) && rm -rf xml html + +install-data-local: + @installfiles=`echo $(srcdir)/html/*`; \ + if test "$$installfiles" = '$(srcdir)/html/*'; \ + then echo '-- Nothing to install' ; \ + else \ + if test -n "$(DOC_MODULE_VERSION)"; then \ + installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ + else \ + installdir="$(DESTDIR)$(TARGET_DIR)"; \ + fi; \ + $(mkinstalldirs) $${installdir} ; \ + for i in $$installfiles; do \ + echo '-- Installing '$$i ; \ + $(INSTALL_DATA) $$i $${installdir}; \ + done; \ + if test -n "$(DOC_MODULE_VERSION)"; then \ + mv -f $${installdir}/$(DOC_MODULE).devhelp2 \ + $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp2; \ + mv -f $${installdir}/$(DOC_MODULE).devhelp \ + $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp; \ + fi; \ + $(GTKDOC_REBASE) --relative --dest-dir=$(DESTDIR) --html-dir=$${installdir}; \ + fi + +uninstall-local: + @if test -n "$(DOC_MODULE_VERSION)"; then \ + installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \ + else \ + installdir="$(DESTDIR)$(TARGET_DIR)"; \ + fi; \ + rm -rf $${installdir} + +# +# Require gtk-doc when making dist +# +if ENABLE_GTK_DOC +dist-check-gtkdoc: +else +dist-check-gtkdoc: + @echo "*** gtk-doc must be installed and enabled in order to make dist" + @false +endif + +dist-hook: dist-check-gtkdoc dist-hook-local + mkdir $(distdir)/tmpl + mkdir $(distdir)/html + -cp $(srcdir)/tmpl/*.sgml $(distdir)/tmpl + cp $(srcdir)/html/* $(distdir)/html + -cp $(srcdir)/$(DOC_MODULE).pdf $(distdir)/ + -cp $(srcdir)/$(DOC_MODULE).types $(distdir)/ + -cp $(srcdir)/$(DOC_MODULE)-sections.txt $(distdir)/ + cd $(distdir) && rm -f $(DISTCLEANFILES) + $(GTKDOC_REBASE) --online --relative --html-dir=$(distdir)/html + +.PHONY : dist-hook-local docs diff --git a/module/Makefile.am b/module/Makefile.am deleted file mode 100644 index b4339a8..0000000 --- a/module/Makefile.am +++ /dev/null @@ -1,41 +0,0 @@ - - -incdir = $(includedir)/p11-kit - -inc_HEADERS = \ - p11-kit.h \ - p11-kit-uri.h \ - pkcs11.h - -MODULE_SRCS = \ - conf.c conf.h \ - hash.c hash.h \ - util.c util.h \ - p11-kit-lib.c \ - p11-kit-proxy.c \ - p11-kit-private.h \ - p11-kit-messages.c \ - p11-kit-uri.c \ - $(inc_HEADERS) - -lib_LTLIBRARIES = \ - libp11-kit.la - -noinst_LTLIBRARIES = \ - libp11-kit-testable.la - -libp11_kit_la_LDFLAGS = \ - -no-undefined -export-symbols-regex '^C_GetFunctionList|^p11_kit_' - -libp11_kit_la_SOURCES = $(MODULE_SRCS) - -libp11_kit_testable_la_LDFLAGS = \ - -no-undefined - -libp11_kit_testable_la_SOURCES = $(MODULE_SRCS) - -pkgconfigdir = $(libdir)/pkgconfig -pkgconfig_DATA = p11-kit.pc - -EXTRA_DIST = \ - p11-kit.pc.in \ No newline at end of file diff --git a/module/conf.c b/module/conf.c deleted file mode 100644 index 6c83407..0000000 --- a/module/conf.c +++ /dev/null @@ -1,245 +0,0 @@ -/* - * Copyright (c) 2005, Stefan Walter - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -#include "conf.h" - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static void -errmsg (conf_error_func error_func, const char* msg, ...) -{ - #define MAX_MSGLEN 1024 - char buf[MAX_MSGLEN]; - va_list ap; - - if (!error_func) - return; - - va_start (ap, msg); - vsnprintf (buf, MAX_MSGLEN, msg, ap); - buf[MAX_MSGLEN - 1] = 0; - error_func (buf); - va_end (ap); -} - -static void -strcln (char* data, char ch) -{ - char* p; - for (p = data; *data; data++, p++) { - while (*data == ch) - data++; - *p = *data; - } - - /* Renull terminate */ - *p = 0; -} - -static char* -strbtrim (const char* data) -{ - while (*data && isspace (*data)) - ++data; - return (char*)data; -} - -static void -stretrim (char* data) -{ - char* t = data + strlen (data); - while (t > data && isspace (*(t - 1))) { - t--; - *t = 0; - } -} - -static char* -strtrim (char* data) -{ - data = (char*)strbtrim (data); - stretrim (data); - return data; -} - -/* ----------------------------------------------------------------------------- - * CONFIG PARSER - */ - -static char* -read_config_file (const char* filename, int flags, - conf_error_func error_func) -{ - char* config = NULL; - FILE* f = NULL; - long len; - - assert (filename); - - f = fopen (filename, "r"); - if (f == NULL) { - if ((flags & CONF_IGNORE_MISSING) && - (errno == ENOENT || errno == ENOTDIR)) { - config = strdup ("\n"); - if (!config) - errno = ENOMEM; - return config; - } - errmsg (error_func, "couldn't open config file: %s", filename); - return NULL; - } - - /* Figure out size */ - if (fseek (f, 0, SEEK_END) == -1 || - (len = ftell (f)) == -1 || - fseek (f, 0, SEEK_SET) == -1) { - errmsg (error_func, "couldn't seek config file: %s", filename); - return NULL; - } - - if ((config = (char*)malloc (len + 2)) == NULL) { - errmsg (error_func, "out of memory"); - errno = ENOMEM; - return NULL; - } - - /* And read in one block */ - if (fread (config, 1, len, f) != len) { - errmsg (error_func, "couldn't read config file: %s", filename); - return NULL; - } - - fclose (f); - - /* Null terminate the data */ - config[len] = '\n'; - config[len + 1] = 0; - - /* Remove nasty dos line endings */ - strcln (config, '\r'); - - return config; -} - -hash_t* -conf_parse_file (const char* filename, int flags, - conf_error_func error_func) -{ - char *name; - char *value; - hash_t *ht = NULL; - char *config; - char *next; - char *end; - - assert (filename); - - /* Adds an extra newline to end of file */ - config = read_config_file (filename, flags, error_func); - if (!config) - return NULL; - - ht = hash_create (hash_string_hash, hash_string_equal, free, free); - next = config; - - /* Go through lines and process them */ - while ((end = strchr (next, '\n')) != NULL) { - *end = 0; - name = strbtrim (next); - next = end + 1; - - /* Empty lines / comments at start */ - if (!*name || *name == '#') - continue; - - /* Look for the break between name: value on the same line */ - value = name + strcspn (name, ":"); - if (!*value) { - errmsg (error_func, "%s: invalid config line: %s", filename, name); - errno = EINVAL; - break; - } - - /* Null terminate and split value part */ - *value = 0; - value++; - - name = strtrim (name); - value = strtrim (value); - - name = strdup (name); - if (!name) { - errno = ENOMEM; - break; - } - value = strdup (value); - if (!value) { - free (name); - errno = ENOMEM; - break; - } - if (!hash_set (ht, name, value)) { - free (name); - free (value); - errno = ENOMEM; - break; - } - } - - /* Unsuccessful? */ - if (end != NULL) { - hash_free (ht); - ht = NULL; - } - - free (config); - return ht; -} diff --git a/module/conf.h b/module/conf.h deleted file mode 100644 index 84138d2..0000000 --- a/module/conf.h +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * Copyright (c) 2005, Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __CONF_H__ -#define __CONF_H__ - -#include "hash.h" - -enum { - CONF_IGNORE_MISSING = 0x01, -}; - -typedef void (*conf_error_func) (const char *message); - -hash_t* conf_parse_file (const char *filename, - int flags, - conf_error_func error_func); - -#endif /* __CONF_H__ */ diff --git a/module/hash.c b/module/hash.c deleted file mode 100644 index 30efced..0000000 --- a/module/hash.c +++ /dev/null @@ -1,453 +0,0 @@ -/* - * Copyright (c) 2004, Stefan Walter - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - */ - -/* - * Originally from apache 2.0 - * Modifications for general use by - */ - -/* Copyright 2000-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include -#include -#include - -#include "hash.h" - -/* - * The internal form of a hash table. - * - * The table is an array indexed by the hash of the key; collisions - * are resolved by hanging a linked list of hash entries off each - * element of the array. Although this is a really simple design it - * isn't too bad given that pools have a low allocation overhead. - */ - -typedef struct hash_entry hash_entry_t; - -struct hash_entry -{ - hash_entry_t* next; - unsigned int hash; - void* key; - void* val; -}; - -/* - * The size of the array is always a power of two. We use the maximum - * index rather than the size so that we can use bitwise-AND for - * modular arithmetic. - * The count of hash entries may be greater depending on the chosen - * collision rate. - */ -struct hash { - hash_entry_t** array; - unsigned int count; - unsigned int max; - hash_hash_func hash_func; - hash_equal_func equal_func; - hash_destroy_func key_destroy_func; - hash_destroy_func value_destroy_func; -}; - -#define INITIAL_MAX 15 /* tunable == 2^n - 1 */ -#define int_malloc malloc -#define int_calloc calloc -#define int_free free - -/* - * Hash creation functions. - */ - -static hash_entry_t** -alloc_array(hash_t* ht, unsigned int max) -{ - return (hash_entry_t**)int_calloc (sizeof (*(ht->array)), (max + 1)); -} - -hash_t* -hash_create (hash_hash_func hash_func, - hash_equal_func equal_func, - hash_destroy_func key_destroy_func, - hash_destroy_func value_destroy_func) -{ - hash_t* ht; - - assert (hash_func); - assert (equal_func); - - ht = int_malloc (sizeof (hash_t)); - if (ht) { - ht->count = 0; - ht->max = INITIAL_MAX; - ht->hash_func = hash_func; - ht->equal_func = equal_func; - ht->key_destroy_func = key_destroy_func; - ht->value_destroy_func = value_destroy_func; - ht->array = alloc_array (ht, ht->max); - if (!ht->array) { - int_free (ht); - return NULL; - } - } - return ht; -} - -void -hash_free (hash_t* ht) -{ - hash_iter_t hi; - - if (!ht) - return; - - hash_iterate (ht, &hi); - while (hash_next (&hi, NULL, NULL)) { - if (ht->key_destroy_func) - ht->key_destroy_func (hi.ths->key); - if (ht->value_destroy_func) - ht->value_destroy_func (hi.ths->val); - } - - if (ht->array) - int_free (ht->array); - - int_free (ht); -} - -/* - * Hash iteration functions. - */ -int -hash_next (hash_iter_t* hi, void **key, void **value) -{ - hi->ths = hi->next; - while (!hi->ths) { - if (hi->index > hi->ht->max) - return 0; - hi->ths = hi->ht->array[hi->index++]; - } - hi->next = hi->ths->next; - if (key) - *key = hi->ths->key; - if (value) - *value = hi->ths->val; - return 1; -} - -void -hash_iterate (hash_t* ht, hash_iter_t *hi) -{ - hi->ht = ht; - hi->index = 0; - hi->ths = NULL; - hi->next = NULL; -} - -/* - * Expanding a hash table - */ - -static int -expand_array (hash_t* ht) -{ - hash_iter_t hi; - hash_entry_t** new_array; - unsigned int new_max; - - new_max = ht->max * 2 + 1; - new_array = alloc_array (ht, new_max); - - if(!new_array) - return 0; - - hash_iterate (ht, &hi); - while (hash_next (&hi, NULL, NULL)) { - unsigned int i = hi.ths->hash & new_max; - hi.ths->next = new_array[i]; - new_array[i] = hi.ths; - } - - if(ht->array) - int_free (ht->array); - - ht->array = new_array; - ht->max = new_max; - return 1; -} - -/* - * This is where we keep the details of the hash function and control - * the maximum collision rate. - * - * If val is non-NULL it creates and initializes a new hash entry if - * there isn't already one there; it returns an updatable pointer so - * that hash entries can be removed. - */ - -static hash_entry_t** -find_entry (hash_t* ht, const void* key, void* val) -{ - hash_entry_t** hep; - hash_entry_t* he; - unsigned int hash; - - /* Perform the hashing */ - hash = ht->hash_func (key); - - /* scan linked list */ - for (hep = &ht->array[hash & ht->max], he = *hep; - he; hep = &he->next, he = *hep) { - if(he->hash == hash && ht->equal_func (he->key, key)) - break; - } - - if(he || !val) - return hep; - - /* add a new entry for non-NULL val */ - he = int_malloc (sizeof (*he)); - - if(he) { - he->key = (void*)key; - he->next = NULL; - he->hash = hash; - he->val = val; - - *hep = he; - ht->count++; - } - - return hep; -} - -void* -hash_get (hash_t* ht, const void *key) -{ - hash_entry_t** he = find_entry (ht, key, NULL); - if (he && *he) - return (void*)((*he)->val); - else - return NULL; -} - -int -hash_set (hash_t* ht, void* key, void* val) -{ - hash_entry_t** hep = find_entry (ht, key, val); - if(hep && *hep) { - /* replace entry */ - (*hep)->val = val; - - /* check that the collision rate isn't too high */ - if (ht->count > ht->max) { - if (!expand_array (ht)) - return 0; - } - - return 1; - } - - return 0; -} - -int -hash_remove (hash_t* ht, const void* key) -{ - hash_entry_t** hep = find_entry (ht, key, NULL); - - if (hep && *hep) { - hash_entry_t* old = *hep; - *hep = (*hep)->next; - --ht->count; - if (ht->key_destroy_func) - ht->key_destroy_func (old->key); - if (ht->value_destroy_func) - ht->value_destroy_func (old->val); - free (old); - return 1; - } - - return 0; -} - -void -hash_clear (hash_t* ht) -{ - hash_entry_t *he, *next; - int i; - - /* Free all entries in the array */ - for (i = 0; i < ht->max; ++i) { - he = ht->array[i]; - while (he) { - next = he->next; - if (ht->key_destroy_func) - ht->key_destroy_func (he->key); - if (ht->value_destroy_func) - ht->value_destroy_func (he->val); - free (he); - he = next; - } - } - - memset (ht->array, 0, ht->max * sizeof (hash_entry_t*)); - ht->count = 0; -} - -unsigned int -hash_count (hash_t* ht) -{ - return ht->count; -} - -unsigned int -hash_string_hash (const void *string) -{ - unsigned int hash; - const unsigned char *p; - - assert (string); - - /* - * This is the popular `times 33' hash algorithm which is used by - * perl and also appears in Berkeley DB. This is one of the best - * known hash functions for strings because it is both computed - * very fast and distributes very well. - * - * The originator may be Dan Bernstein but the code in Berkeley DB - * cites Chris Torek as the source. The best citation I have found - * is "Chris Torek, Hash function for text in C, Usenet message - * <27038@mimsy.umd.edu> in comp.lang.c , October, 1990." in Rich - * Salz's USENIX 1992 paper about INN which can be found at - * . - * - * The magic of number 33, i.e. why it works better than many other - * constants, prime or not, has never been adequately explained by - * anyone. So I try an explanation: if one experimentally tests all - * multipliers between 1 and 256 (as I did while writing a low-level - * data structure library some time ago) one detects that even - * numbers are not useable at all. The remaining 128 odd numbers - * (except for the number 1) work more or less all equally well. - * They all distribute in an acceptable way and this way fill a hash - * table with an average percent of approx. 86%. - * - * If one compares the chi^2 values of the variants (see - * Bob Jenkins ``Hashing Frequently Asked Questions'' at - * http://burtleburtle.net/bob/hash/hashfaq.html for a description - * of chi^2), the number 33 not even has the best value. But the - * number 33 and a few other equally good numbers like 17, 31, 63, - * 127 and 129 have nevertheless a great advantage to the remaining - * numbers in the large set of possible multipliers: their multiply - * operation can be replaced by a faster operation based on just one - * shift plus either a single addition or subtraction operation. And - * because a hash function has to both distribute good _and_ has to - * be very fast to compute, those few numbers should be preferred. - * - * -- Ralf S. Engelschall - */ - - hash = 0; - - for(p = string; *p; p++) - hash = hash * 33 + *p; - - return hash; -} - -int -hash_string_equal (const void *string_one, const void *string_two) -{ - assert (string_one); - assert (string_two); - - return strcmp (string_one, string_two) == 0; -} - -unsigned int -hash_ulongptr_hash (const void *to_ulong) -{ - assert (to_ulong); - return (unsigned int)*((unsigned long*)to_ulong); -} - -int -hash_ulongptr_equal (const void *ulong_one, const void *ulong_two) -{ - assert (ulong_one); - assert (ulong_two); - return *((unsigned long*)ulong_one) == *((unsigned long*)ulong_two); -} - -unsigned int -hash_intptr_hash (const void *to_int) -{ - assert (to_int); - return (unsigned int)*((unsigned long*)to_int); -} - -int -hash_intptr_equal (const void *int_one, const void *int_two) -{ - assert (int_one); - assert (int_two); - return *((unsigned long*)int_one) == *((unsigned long*)int_two); -} - -unsigned int -hash_direct_hash (const void *ptr) -{ - return (unsigned int)ptr; -} - -int -hash_direct_equal (const void *ptr_one, const void *ptr_two) -{ - return ptr_one == ptr_two; -} - diff --git a/module/hash.h b/module/hash.h deleted file mode 100644 index eb3c496..0000000 --- a/module/hash.h +++ /dev/null @@ -1,187 +0,0 @@ -/* - * Copyright (c) 2004, Stefan Walter - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Waler - */ - -/* - * Originally from apache 2.0 - * Modifications for general use by - */ - -/* Copyright 2000-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __HSH_H__ -#define __HSH_H__ - -#include - -/* - * ARGUMENT DOCUMENTATION - * - * ht: The hashtable - * key: Pointer to the key value - * klen: The length of the key - * val: Pointer to the value - * hi: A hashtable iterator - * stamp: A unix timestamp - */ - - -/* ---------------------------------------------------------------------------------- - * TYPES - */ - -/* Abstract type for hash tables. */ -typedef struct hash hash_t; - -/* Type for scanning hash tables. */ -typedef struct hash_iter -{ - hash_t* ht; - struct hash_entry* ths; - struct hash_entry* next; - unsigned int index; -} hash_iter_t; - -typedef unsigned int (*hash_hash_func) (const void *data); - -typedef int (*hash_equal_func) (const void *one, - const void *two); - -typedef void (*hash_destroy_func) (void *data); - -/* ----------------------------------------------------------------------------- - * MAIN - */ - -/* - * hash_create : Create a hash table - * - returns an allocated hashtable - */ -hash_t* hash_create (hash_hash_func hash_func, - hash_equal_func equal_func, - hash_destroy_func key_destroy_func, - hash_destroy_func value_destroy_func); - -/* - * hash_free : Free a hash table - */ -void hash_free (hash_t* ht); - -/* - * hash_count: Number of values in hash table - * - returns the number of entries in hash table - */ -unsigned int hash_count (hash_t* ht); - -/* - * hash_get: Retrieves a value from the hash table - * - returns the value of the entry - */ -void* hash_get (hash_t* ht, - const void *key); - -/* - * hash_set: Set a value in the hash table - * - returns 1 if the entry was added properly - */ -int hash_set (hash_t* ht, - void *key, - void *value); - -/* - * hash_remove: Remove a value from the hash table - * - returns 1 if the entry was found - */ -int hash_remove (hash_t* ht, - const void* key); - -/* - * hash_first: Start enumerating through the hash table - * - returns a hash iterator - */ -void hash_iterate (hash_t* ht, - hash_iter_t *hi); - -/* - * hash_next: Enumerate through hash table - * - sets key and value to key and/or value - * - returns whether there was another entry - */ -int hash_next (hash_iter_t* hi, - void **key, - void **value); - -/* - * hash_clear: Clear all values from has htable. - */ -void hash_clear (hash_t* ht); - -/* ----------------------------------------------------------------------------- - * HASH FUNCTIONS - */ - -unsigned int hash_string_hash (const void *string); - -int hash_string_equal (const void *string_one, - const void *string_two); - -unsigned int hash_ulongptr_hash (const void *to_ulong); - -int hash_ulongptr_equal (const void *ulong_one, - const void *ulong_two); - -unsigned int hash_intptr_hash (const void *to_int); - -int hash_intptr_equal (const void *int_one, - const void *int_two); - -unsigned int hash_direct_hash (const void *ptr); - -int hash_direct_equal (const void *ptr_one, - const void *ptr_two); - -#endif /* __HASH_H__ */ diff --git a/module/p11-kit-lib.c b/module/p11-kit-lib.c deleted file mode 100644 index 33b768f..0000000 --- a/module/p11-kit-lib.c +++ /dev/null @@ -1,1081 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * Copyright (C) 2008 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "conf.h" -#include "hash.h" -#include "pkcs11.h" -#include "p11-kit.h" -#include "p11-kit-private.h" - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -typedef struct _Module { - char *name; - hash_t *config; - void *dl_module; - CK_FUNCTION_LIST_PTR funcs; - int ref_count; - int initialize_count; - CK_C_INITIALIZE_ARGS init_args; -} Module; - -/* - * This is the mutex that protects the global data of this library - * and the pkcs11 proxy module. Note that we *never* call into our - * underlying pkcs11 modules while holding this mutex. Therefore it - * doesn't have to be recursive and we can keep things simple. - */ -pthread_mutex_t _p11_mutex = PTHREAD_MUTEX_INITIALIZER; - -/* - * Shared data between threads, protected by the mutex, a structure so - * we can audit thread safety easier. - */ -static struct _Shared { - hash_t *modules; - hash_t *config; -} gl = { NULL, NULL }; - -/* ----------------------------------------------------------------------------- - * UTILITIES - */ - -static void -warning (const char* msg, ...) -{ - char buffer[512]; - va_list va; - - va_start (va, msg); - - vsnprintf(buffer, sizeof (buffer) - 1, msg, va); - buffer[sizeof (buffer) - 1] = 0; - fprintf (stderr, "p11-kit: %s\n", buffer); - - va_end (va); -} - -static void -conf_error (const char *buffer) -{ - /* called from conf.c */ - fprintf (stderr, "p11-kit: %s\n", buffer); -} - -static char* -strconcat (const char *first, ...) -{ - size_t length = 0; - const char *arg; - char *result, *at; - va_list va; - - va_start (va, first); - - for (arg = first; arg; arg = va_arg (va, const char*)) - length += strlen (arg); - - va_end (va); - - at = result = malloc (length); - if (!result) - return NULL; - - va_start (va, first); - - for (arg = first; arg; arg = va_arg (va, const char*)) { - length = strlen (arg); - memcpy (at, arg, length); - at += length; - } - - va_end (va); - - *at = 0; - return result; -} - -static int -strequal (const char *one, const char *two) -{ - return strcmp (one, two) == 0; -} - -/* ----------------------------------------------------------------------------- - * P11-KIT FUNCTIONALITY - */ - -static CK_RV -create_mutex (CK_VOID_PTR_PTR mut) -{ - pthread_mutex_t *pmutex; - int err; - - pmutex = malloc (sizeof (pthread_mutex_t)); - if (!pmutex) - return CKR_HOST_MEMORY; - err = pthread_mutex_init (pmutex, NULL); - if (err == ENOMEM) - return CKR_HOST_MEMORY; - else if (err != 0) - return CKR_GENERAL_ERROR; - *mut = pmutex; - return CKR_OK; -} - -static CK_RV -destroy_mutex (CK_VOID_PTR mut) -{ - pthread_mutex_t *pmutex = mut; - int err; - - err = pthread_mutex_destroy (pmutex); - if (err == EINVAL) - return CKR_MUTEX_BAD; - else if (err != 0) - return CKR_GENERAL_ERROR; - free (pmutex); - return CKR_OK; -} - -static CK_RV -lock_mutex (CK_VOID_PTR mut) -{ - pthread_mutex_t *pmutex = mut; - int err; - - err = pthread_mutex_lock (pmutex); - if (err == EINVAL) - return CKR_MUTEX_BAD; - else if (err != 0) - return CKR_GENERAL_ERROR; - return CKR_OK; -} - -static CK_RV -unlock_mutex (CK_VOID_PTR mut) -{ - pthread_mutex_t *pmutex = mut; - int err; - - err = pthread_mutex_unlock (pmutex); - if (err == EINVAL) - return CKR_MUTEX_BAD; - else if (err == EPERM) - return CKR_MUTEX_NOT_LOCKED; - else if (err != 0) - return CKR_GENERAL_ERROR; - return CKR_OK; -} - -static void -free_module_unlocked (void *data) -{ - Module *module = data; - - assert (module); - - /* Module must be finalized */ - assert (module->initialize_count == 0); - - /* Module must have no outstanding references */ - assert (module->ref_count == 0); - - if (module->dl_module) - dlclose (module->dl_module); - hash_free (module->config); - free (module->name); - free (module); -} - -static Module* -alloc_module_unlocked (void) -{ - Module *module; - - module = calloc (1, sizeof (Module)); - if (!module) - return NULL; - - module->init_args.CreateMutex = create_mutex; - module->init_args.DestroyMutex = destroy_mutex; - module->init_args.LockMutex = lock_mutex; - module->init_args.UnlockMutex = unlock_mutex; - module->init_args.flags = CKF_OS_LOCKING_OK; - - return module; -} - -static CK_RV -load_module_from_config_unlocked (const char *configfile, const char *name) -{ - Module *module, *prev; - const char *path; - CK_C_GetFunctionList gfl; - CK_RV rv; - - assert (configfile); - - module = alloc_module_unlocked (); - if (!module) - return CKR_HOST_MEMORY; - - module->config = conf_parse_file (configfile, 0, conf_error); - if (!module->config) { - free_module_unlocked (module); - if (errno == ENOMEM) - return CKR_HOST_MEMORY; - return CKR_GENERAL_ERROR; - } - - module->name = strdup (name); - if (!module->name) { - free_module_unlocked (module); - return CKR_HOST_MEMORY; - } - - path = hash_get (module->config, "module"); - if (path == NULL) { - free_module_unlocked (module); - warning ("no module path specified in config: %s", configfile); - return CKR_GENERAL_ERROR; - } - - module->dl_module = dlopen (path, RTLD_LOCAL | RTLD_NOW); - if (module->dl_module == NULL) { - warning ("couldn't load module: %s: %s", path, dlerror ()); - free_module_unlocked (module); - return CKR_GENERAL_ERROR; - } - - gfl = dlsym (module->dl_module, "C_GetFunctionList"); - if (!gfl) { - warning ("couldn't find C_GetFunctionList entry point in module: %s: %s", - path, dlerror ()); - free_module_unlocked (module); - return CKR_GENERAL_ERROR; - } - - rv = gfl (&module->funcs); - if (rv != CKR_OK) { - warning ("call to C_GetFunctiontList failed in module: %s: %s", - path, p11_kit_strerror (rv)); - free_module_unlocked (module); - return rv; - } - - prev = hash_get (gl.modules, module->funcs); - - /* Replace previous module that was loaded explicitly? */ - if (prev && !prev->name) { - module->ref_count = prev->ref_count; - module->initialize_count = prev->initialize_count; - prev->ref_count = 0; - prev->initialize_count = 0; - hash_set (gl.modules, module->funcs, module); - prev = NULL; /* freed by hash above */ - } - - /* Refuse to load duplicate module */ - if (prev) { - warning ("duplicate configured module: %s: %s", - module->name, path); - free_module_unlocked (module); - return CKR_GENERAL_ERROR; - } - - return CKR_OK; -} - -static CK_RV -load_modules_from_config_unlocked (const char *directory) -{ - struct dirent *dp; - CK_RV rv = CKR_OK; - DIR *dir; - char *path; - - /* First we load all the modules */ - dir = opendir (directory); - if (!dir) { - if (errno == ENOENT || errno == ENOTDIR) - warning ("couldn't list directory: %s", directory); - return CKR_GENERAL_ERROR; - } - - /* We're within a global mutex, so readdir is safe */ - while ((dp = readdir(dir)) != NULL) { - path = strconcat (directory, "/", dp->d_name); - if (!path) { - rv = CKR_HOST_MEMORY; - break; - } - - rv = load_module_from_config_unlocked (path, dp->d_name); - free (path); - - if (rv != CKR_OK) - break; - } - - closedir (dir); - - return rv; -} - -static char* -expand_user_path (const char *path) -{ - const char *env; - struct passwd *pwd; - - if (path[0] == '~' && path[1] == '/') { - env = getenv ("HOME"); - if (env && env[0]) { - return strconcat (env, path + 1, NULL); - } else { - pwd = getpwuid (getuid ()); - if (!pwd) - return NULL; - return strconcat (pwd->pw_dir, path + 1, NULL); - } - } - - return strdup (path); -} - -enum { - USER_CONFIG_INVALID = 0, - USER_CONFIG_NONE = 1, - USER_CONFIG_MERGE, - USER_CONFIG_OVERRIDE -}; - -static int -user_config_mode (hash_t *config, int defmode) -{ - const char *mode; - - /* Whether we should use or override from user directory */ - mode = hash_get (config, "user-config"); - if (mode == NULL) { - return defmode; - } else if (strequal (mode, "none")) { - return USER_CONFIG_NONE; - } else if (strequal (mode, "merge")) { - return USER_CONFIG_MERGE; - } else if (strequal (mode, "override")) { - return USER_CONFIG_OVERRIDE; - } else { - warning ("invalid mode for 'user-config': %s", mode); - return USER_CONFIG_INVALID; - } -} - -static CK_RV -load_config_files_unlocked (int *user_mode) -{ - hash_t *config = NULL; - hash_t *uconfig = NULL; - void *key = NULL; - void *value = NULL; - char *path; - int mode; - CK_RV rv = CKR_GENERAL_ERROR; - hash_iter_t hi; - - /* Should only be called after everything has been unloaded */ - assert (!gl.config); - - /* Load the main configuration */ - config = conf_parse_file (P11_SYSTEM_CONF, CONF_IGNORE_MISSING, conf_error); - if (!config) { - rv = (errno == ENOMEM) ? CKR_HOST_MEMORY : CKR_GENERAL_ERROR; - goto finished; - } - - /* Whether we should use or override from user directory */ - mode = user_config_mode (config, USER_CONFIG_INVALID); - if (mode == USER_CONFIG_INVALID) - goto finished; - - if (mode != USER_CONFIG_NONE) { - path = expand_user_path (P11_USER_CONF); - if (!path) - goto finished; - - /* Load up the user configuration */ - uconfig = conf_parse_file (path, CONF_IGNORE_MISSING, conf_error); - free (path); - - if (!uconfig) { - rv = (errno == ENOMEM) ? CKR_HOST_MEMORY : CKR_GENERAL_ERROR; - goto finished; - } - - /* Figure out what the user mode is */ - mode = user_config_mode (uconfig, mode); - if (mode == USER_CONFIG_INVALID) - goto finished; - - /* Merge everything into the system config */ - if (mode == USER_CONFIG_MERGE) { - hash_iterate (uconfig, &hi); - while (hash_next (&hi, &key, &value)) { - key = strdup (key); - if (key == NULL) - goto finished; - value = strdup (value); - if (value == NULL) - goto finished; - if (!hash_set (config, key, value)) - goto finished; - key = NULL; - value = NULL; - } - - /* Override the system config */ - } else if (mode == USER_CONFIG_OVERRIDE) { - hash_free (config); - config = uconfig; - uconfig = NULL; - } - } - - gl.config = config; - config = NULL; - rv = CKR_OK; - - if (user_mode) - *user_mode = mode; - -finished: - hash_free (config); - hash_free (uconfig); - free (key); - free (value); - return rv; -} - -static CK_RV -load_registered_modules_unlocked (void) -{ - char *path; - int mode; - CK_RV rv; - - rv = load_config_files_unlocked (&mode); - if (rv != CKR_OK) - return rv; - - assert (gl.config); - assert (mode != USER_CONFIG_INVALID); - - /* Load each module from the main list */ - if (mode != USER_CONFIG_OVERRIDE) { - rv = load_modules_from_config_unlocked (P11_SYSTEM_MODULES); - if (rv != CKR_OK); - return rv; - } - - /* Load each module from the user list */ - if (mode != USER_CONFIG_NONE) { - path = expand_user_path (P11_USER_MODULES); - if (!path) - rv = CKR_GENERAL_ERROR; - else - rv = load_modules_from_config_unlocked (path); - free (path); - if (rv != CKR_OK); - return rv; - } - - return CKR_OK; -} - -static CK_RV -initialize_module_unlocked_reentrant (Module *module) -{ - CK_RV rv = CKR_OK; - - assert (module); - - /* - * Initialize first, so module doesn't get freed out from - * underneath us when the mutex is unlocked below. - */ - ++module->ref_count; - - if (!module->initialize_count) { - - _p11_unlock (); - - assert (module->funcs); - rv = module->funcs->C_Initialize (&module->init_args); - - _p11_lock (); - - /* - * Because we have the mutex unlocked above, two initializes could - * race. Therefore we need to take CKR_CRYPTOKI_ALREADY_INITIALIZED - * into account. - * - * We also need to take into account where in a race both calls return - * CKR_OK (which is not according to the spec but may happen, I mean we - * do it in this module, so it's not unimaginable). - */ - - if (rv == CKR_OK) - ++module->initialize_count; - else if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) - rv = CKR_OK; - else - --module->ref_count; - } - - return rv; -} - -static void -reinitialize_after_fork (void) -{ - hash_iter_t it; - Module *module; - - /* WARNING: This function must be reentrant */ - - _p11_lock (); - - if (gl.modules) { - hash_iterate (gl.modules, &it); - while (hash_next (&it, NULL, (void**)&module)) { - module->initialize_count = 0; - - /* WARNING: Reentrancy can occur here */ - initialize_module_unlocked_reentrant (module); - } - } - - _p11_unlock (); - - _p11_kit_proxy_after_fork (); -} - -static CK_RV -init_globals_unlocked (void) -{ - static int once = 0; - - if (!gl.modules) - gl.modules = hash_create (hash_direct_hash, hash_direct_equal, - NULL, free_module_unlocked); - if (!gl.modules) - return CKR_HOST_MEMORY; - - if (once) - return CKR_OK; - - pthread_atfork (NULL, NULL, reinitialize_after_fork); - once = 1; - - return CKR_OK; -} - -static void -free_modules_when_no_refs_unlocked (void) -{ - Module *module; - hash_iter_t it; - - /* Check if any modules have a ref count */ - hash_iterate (gl.modules, &it); - while (hash_next (&it, NULL, (void**)&module)) { - if (module->ref_count) - return; - } - - hash_free (gl.modules); - gl.modules = NULL; - hash_free (gl.config); - gl.config = NULL; -} - -static CK_RV -finalize_module_unlocked_reentrant (Module *module) -{ - assert (module); - - /* - * We leave module info around until all are finalized - * so we can encounter these zombie Module structures. - */ - if (module->ref_count == 0) - return CKR_ARGUMENTS_BAD; - - if (--module->ref_count > 0) - return CKR_OK; - - /* - * Becuase of the mutex unlock below, we temporarily increase - * the ref count. This prevents module from being freed out - * from ounder us. - */ - ++module->ref_count; - - while (module->initialize_count > 0) { - - _p11_unlock (); - - assert (module->funcs); - module->funcs->C_Finalize (NULL); - - _p11_lock (); - - if (module->initialize_count > 0) - --module->initialize_count; - } - - /* Match the increment above */ - --module->ref_count; - - free_modules_when_no_refs_unlocked (); - return CKR_OK; -} - -static Module* -find_module_for_name_unlocked (const char *name) -{ - Module *module; - hash_iter_t it; - - assert (name); - - hash_iterate (gl.modules, &it); - while (hash_next (&it, NULL, (void**)&module)) - if (module->ref_count && module->name && strcmp (name, module->name)) - return module; - return NULL; -} - -CK_RV -_p11_kit_initialize_registered_unlocked_reentrant (void) -{ - Module *module; - hash_iter_t it; - CK_RV rv; - - rv = init_globals_unlocked (); - if (rv == CKR_OK) - rv = load_registered_modules_unlocked (); - if (rv == CKR_OK) { - hash_iterate (gl.modules, &it); - while (hash_next (&it, NULL, (void**)&module)) { - - /* Skip all modules that aren't registered */ - if (!module->name) - continue; - - rv = initialize_module_unlocked_reentrant (module); - - if (rv != CKR_OK) - break; - } - } - - return rv; -} - -/** - * p11_kit_initialize_registered: - * - * Initialize all the registered PKCS#11 modules. - * - * If this is the first time this function is called multiple times - * consecutively within a single process, then it merely increments an - * initialization reference count for each of these modules. - * - * Use p11_kit_finalize_registered() to finalize these registered modules once - * the caller is done with them. - * - * Returns: CKR_OK if the initialization succeeded, or an error code. - */ -CK_RV -p11_kit_initialize_registered (void) -{ - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - _p11_lock (); - - /* WARNING: Reentrancy can occur here */ - rv = _p11_kit_initialize_registered_unlocked_reentrant (); - - _p11_unlock (); - - /* Cleanup any partial initialization */ - if (rv != CKR_OK) - p11_kit_finalize_registered (); - - return rv; -} - -CK_RV -_p11_kit_finalize_registered_unlocked_reentrant (void) -{ - Module *module; - hash_iter_t it; - Module **to_finalize; - int i, count; - - if (!gl.modules) - return CKR_CRYPTOKI_NOT_INITIALIZED; - - /* WARNING: This function must be reentrant */ - - to_finalize = calloc (hash_count (gl.modules), sizeof (Module*)); - if (!to_finalize) - return CKR_HOST_MEMORY; - - count = 0; - hash_iterate (gl.modules, &it); - while (hash_next (&it, NULL, (void**)&module)) { - - /* Skip all modules that aren't registered */ - if (module->name) - to_finalize[count++] = module; - } - - for (i = 0; i < count; ++i) { - /* WARNING: Reentrant calls can occur here */ - finalize_module_unlocked_reentrant (to_finalize[i]); - } - - free (to_finalize); - return CKR_OK; -} - -/** - * p11_kit_finalize_registered: - * - * Finalize all the registered PKCS#11 modules. These should have been - * initialized with p11_kit_initialize_registered(). - * - * If p11_kit_initialize_registered() has been called more than once in this - * process, then this function must be called the same number of times before - * actual finalization will occur. - * - * Returns: CKR_OK if the finalization succeeded, or an error code. - */ - -CK_RV -p11_kit_finalize_registered (void) -{ - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - _p11_lock (); - - /* WARNING: Reentrant calls can occur here */ - rv = _p11_kit_finalize_registered_unlocked_reentrant (); - - _p11_unlock (); - - return rv; -} - -CK_FUNCTION_LIST_PTR_PTR -_p11_kit_registered_modules_unlocked (void) -{ - CK_FUNCTION_LIST_PTR_PTR result; - Module *module; - hash_iter_t it; - int i = 0; - - result = calloc (hash_count (gl.modules) + 1, sizeof (CK_FUNCTION_LIST_PTR)); - if (result) { - hash_iterate (gl.modules, &it); - while (hash_next (&it, NULL, (void**)&module)) { - if (module->ref_count && module->name) - result[i++] = module->funcs; - } - } - - return result; -} - -/** - * p11_kit_registered_modules: - * - * Get a list of all the registered PKCS#11 modules. This list will be valid - * once the p11_kit_initialize_registered() function has been called. - * - * The returned value is a %NULL terminated array of %CK_FUNCTION_LIST_PTR - * pointers. - * - * Returns: A list of all the registered modules. Use the free() function to - * free the list. - */ -CK_FUNCTION_LIST_PTR_PTR -p11_kit_registered_modules (void) -{ - CK_FUNCTION_LIST_PTR_PTR result; - - _p11_lock (); - - result = _p11_kit_registered_modules_unlocked (); - - _p11_unlock (); - - return result; -} - -/** - * p11_kit_registered_module_to_name: - * @funcs: pointer to a registered module - * - * Get the name of a registered PKCS#11 module. - * - * You can use p11_kit_registered_modules() to get a list of all the registered - * modules. This name is specified by the registered module configuration. - * - * Returns: A newly allocated string containing the module name, or %NULL - * if no such registered module exists. Use free() to free this string. - */ -char* -p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR funcs) -{ - Module *module; - char *name = NULL; - - if (!funcs) - return NULL; - - _p11_lock (); - - module = gl.modules ? hash_get (gl.modules, funcs) : NULL; - if (module && module->name) - name = strdup (module->name); - - _p11_unlock (); - - return name; -} - -/** - * p11_kit_registered_name_to_module: - * @name: name of a registered module - * - * Lookup a registered PKCS#11 module by its name. This name is specified by - * the registered module configuration. - * - * Returns: a pointer to a PKCS#11 module, or %NULL if this name was not found. - */ -CK_FUNCTION_LIST_PTR -p11_kit_registered_name_to_module (const char *name) -{ - CK_FUNCTION_LIST_PTR funcs = NULL; - Module *module; - - _p11_lock (); - - if (gl.modules) { - module = find_module_for_name_unlocked (name); - if (module) - funcs = module->funcs; - } - - _p11_unlock (); - - return funcs; -} - -/** - * p11_kit_registered_option: - * @funcs: a pointer to a registered module - * @field: the name of the option to lookup. - * - * Lookup a configured option for a registered PKCS#11 module. - * - * Returns: A newly allocated string containing the option value, or %NULL - * if the registered module or the option were not found. Use free() to free - * the returned string. - */ -char* -p11_kit_registered_option (CK_FUNCTION_LIST_PTR funcs, const char *field) -{ - Module *module; - char *option = NULL; - - if (!funcs || !field) - return NULL; - - _p11_lock (); - - module = gl.modules ? hash_get (gl.modules, funcs) : NULL; - if (module && module->config) { - option = hash_get (module->config, field); - if (option) - option = strdup (option); - } - - _p11_unlock (); - - return option; -} - -/** - * p11_kit_initialize_module: - * @funcs: loaded module to initialize. - * - * Initialize an arbitrary PKCS#11 module. Normally using the - * p11_kit_initialize_registered() is preferred. - * - * Using this function to initialize modules allows coordination between - * multiple users of the same module in a single process. It should be called - * on modules that have been loaded (with dlopen() for example) but not yet - * initialized. The caller should not yet have called the module's - * %C_Initialize method. This function will call %C_Initialize as necessary. - * - * Subsequent calls to this function for the same module will result in an - * initialization count being incremented for the module. It is safe (although - * usually unnecessary) to use this function on registered modules. - * - * The module must be finalized with p11_kit_finalize_module() instead of - * calling its %C_Finalize method directly. - * - * This function does not accept a %CK_C_INITIALIZE_ARGS argument. Custom - * initialization arguments cannot be supported when multiple consumers load - * the same module. - * - * Returns: CKR_OK if the initialization was successful. - */ -CK_RV -p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs) -{ - CK_C_INITIALIZE_ARGS args; - Module *module; - Module *allocated = NULL; - CK_RV rv = CKR_OK; - - /* WARNING: This function must be reentrant for the same arguments */ - - _p11_lock (); - - rv = init_globals_unlocked (); - if (rv == CKR_OK) { - - module = hash_get (gl.modules, funcs); - if (module == NULL) { - allocated = module = alloc_module_unlocked (); - module->funcs = funcs; - } - - /* WARNING: Reentrancy can occur here */ - rv = initialize_module_unlocked_reentrant (module); - - /* If this was newly allocated, add it to the list */ - if (rv == CKR_OK && allocated) { - hash_set (gl.modules, allocated->funcs, allocated); - allocated = NULL; - } - - free (allocated); - } - - _p11_unlock (); - - return rv; -} - -/** - * p11_kit_finalize_module: - * @funcs: loaded module to finalize. - * - * Finalize an arbitrary PKCS#11 module. The module must have been initialized - * using p11_kit_initialize_module(). In most cases callers will want to use - * p11_kit_finalize_registered() instead of this function. - * - * Using this function to finalize modules allows coordination between - * multiple users of the same module in a single process. The caller should - * call the module's %C_Finalize method. This function will call - * %C_Finalize as necessary. - * - * If the module was initialized more than once, then this function will - * decrement an initialization count for the module. When the count reaches zero - * the module will be truly finalized. It is safe (although usually unnecessary) - * to use this function on registered modules if (and only if) they were - * initialized using p11_kit_initialize_module() for some reason. - * - * Returns: CKR_OK if the finalization was successful. - */ -CK_RV -p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs) -{ - Module *module; - CK_RV rv = CKR_OK; - - /* WARNING: This function must be reentrant for the same arguments */ - - _p11_lock (); - - module = gl.modules ? hash_get (gl.modules, funcs) : NULL; - if (module == NULL) { - rv = CKR_ARGUMENTS_BAD; - } else { - /* WARNING: Rentrancy can occur here */ - rv = finalize_module_unlocked_reentrant (module); - } - - _p11_unlock (); - - return rv; -} diff --git a/module/p11-kit-messages.c b/module/p11-kit-messages.c deleted file mode 100644 index 3a71a96..0000000 --- a/module/p11-kit-messages.c +++ /dev/null @@ -1,234 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "pkcs11.h" -#include "p11-kit.h" - -#ifdef ENABLE_NLS -#include -#define _(x) dgettext(PACKAGE_NAME, x) -#else -#define _(x) x -#endif - -/** - * gck_message_from_rv: - * @rv: The PKCS#11 return value to get a message for. - * - * Get a message for a PKCS#11 return value or error code. Do not - * pass CKR_OK or other such non errors to this function. - * - * Return value: The user readable message. - **/ -const char* -p11_kit_strerror (CK_RV rv) -{ - switch (rv) { - - /* These are not really errors, or not current */ - case CKR_OK: - case CKR_NO_EVENT: - case CKR_FUNCTION_NOT_PARALLEL: - case CKR_SESSION_PARALLEL_NOT_SUPPORTED: - return ""; - - case CKR_CANCEL: - case CKR_FUNCTION_CANCELED: - return _("The operation was cancelled"); - - case CKR_HOST_MEMORY: - return _("Insufficient memory available"); - case CKR_SLOT_ID_INVALID: - return _("The specified slot ID is not valid"); - case CKR_GENERAL_ERROR: - return _("Internal error"); - case CKR_FUNCTION_FAILED: - return _("The operation failed"); - case CKR_ARGUMENTS_BAD: - return _("Invalid arguments"); - case CKR_NEED_TO_CREATE_THREADS: - return _("The module cannot create needed threads"); - case CKR_CANT_LOCK: - return _("The module cannot lock data properly"); - case CKR_ATTRIBUTE_READ_ONLY: - return _("The field is read-only"); - case CKR_ATTRIBUTE_SENSITIVE: - return _("The field is sensitive and cannot be revealed"); - case CKR_ATTRIBUTE_TYPE_INVALID: - return _("The field is invalid or does not exist"); - case CKR_ATTRIBUTE_VALUE_INVALID: - return _("Invalid value for field"); - case CKR_DATA_INVALID: - return _("The data is not valid or unrecognized"); - case CKR_DATA_LEN_RANGE: - return _("The data is too long"); - case CKR_DEVICE_ERROR: - return _("An error occurred on the device"); - case CKR_DEVICE_MEMORY: - return _("Insufficient memory available on the device"); - case CKR_DEVICE_REMOVED: - return _("The device was removed or unplugged"); - case CKR_ENCRYPTED_DATA_INVALID: - return _("The encrypted data is not valid or unrecognized"); - case CKR_ENCRYPTED_DATA_LEN_RANGE: - return _("The encrypted data is too long"); - case CKR_FUNCTION_NOT_SUPPORTED: - return _("This operation is not supported"); - case CKR_KEY_HANDLE_INVALID: - return _("The key is missing or invalid"); - case CKR_KEY_SIZE_RANGE: - return _("The key is the wrong size"); - case CKR_KEY_TYPE_INCONSISTENT: - return _("The key is of the wrong type"); - case CKR_KEY_NOT_NEEDED: - return _("No key is needed"); - case CKR_KEY_CHANGED: - return _("The key is different than before"); - case CKR_KEY_NEEDED: - return _("A key is needed"); - case CKR_KEY_INDIGESTIBLE: - return _("Cannot include the key in the digest"); - case CKR_KEY_FUNCTION_NOT_PERMITTED: - return _("This operation cannot be done with this key"); - case CKR_KEY_NOT_WRAPPABLE: - return _("The key cannot be wrapped"); - case CKR_KEY_UNEXTRACTABLE: - return _("Cannot export this key"); - case CKR_MECHANISM_INVALID: - return _("The crypto mechanism is invalid or unrecognized"); - case CKR_MECHANISM_PARAM_INVALID: - return _("The crypto mechanism has an invalid argument"); - case CKR_OBJECT_HANDLE_INVALID: - return _("The object is missing or invalid"); - case CKR_OPERATION_ACTIVE: - return _("Another operation is already taking place"); - case CKR_OPERATION_NOT_INITIALIZED: - return _("No operation is taking place"); - case CKR_PIN_INCORRECT: - return _("The password or PIN is incorrect"); - case CKR_PIN_INVALID: - return _("The password or PIN is invalid"); - case CKR_PIN_LEN_RANGE: - return _("The password or PIN is of an invalid length"); - case CKR_PIN_EXPIRED: - return _("The password or PIN has expired"); - case CKR_PIN_LOCKED: - return _("The password or PIN is locked"); - case CKR_SESSION_CLOSED: - return _("The session is closed"); - case CKR_SESSION_COUNT: - return _("Too many sessions are active"); - case CKR_SESSION_HANDLE_INVALID: - return _("The session is invalid"); - case CKR_SESSION_READ_ONLY: - return _("The session is read-only"); - case CKR_SESSION_EXISTS: - return _("An open session exists"); - case CKR_SESSION_READ_ONLY_EXISTS: - return _("A read-only session exists"); - case CKR_SESSION_READ_WRITE_SO_EXISTS: - return _("An administrator session exists"); - case CKR_SIGNATURE_INVALID: - return _("The signature is bad or corrupted"); - case CKR_SIGNATURE_LEN_RANGE: - return _("The signature is unrecognized or corrupted"); - case CKR_TEMPLATE_INCOMPLETE: - return _("Certain required fields are missing"); - case CKR_TEMPLATE_INCONSISTENT: - return _("Certain fields have invalid values"); - case CKR_TOKEN_NOT_PRESENT: - return _("The device is not present or unplugged"); - case CKR_TOKEN_NOT_RECOGNIZED: - return _("The device is invalid or unrecognizable"); - case CKR_TOKEN_WRITE_PROTECTED: - return _("The device is write protected"); - case CKR_UNWRAPPING_KEY_HANDLE_INVALID: - return _("Cannot import because the key is invalid"); - case CKR_UNWRAPPING_KEY_SIZE_RANGE: - return _("Cannot import because the key is of the wrong size"); - case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: - return _("Cannot import because the key is of the wrong type"); - case CKR_USER_ALREADY_LOGGED_IN: - return _("You are already logged in"); - case CKR_USER_NOT_LOGGED_IN: - return _("No user has logged in"); - case CKR_USER_PIN_NOT_INITIALIZED: - return _("The user's password or PIN is not set"); - case CKR_USER_TYPE_INVALID: - return _("The user is of an invalid type"); - case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: - return _("Another user is already logged in"); - case CKR_USER_TOO_MANY_TYPES: - return _("Too many users of different types are logged in"); - case CKR_WRAPPED_KEY_INVALID: - return _("Cannot import an invalid key"); - case CKR_WRAPPED_KEY_LEN_RANGE: - return _("Cannot import a key of the wrong size"); - case CKR_WRAPPING_KEY_HANDLE_INVALID: - return _("Cannot export because the key is invalid"); - case CKR_WRAPPING_KEY_SIZE_RANGE: - return _("Cannot export because the key is of the wrong size"); - case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: - return _("Cannot export because the key is of the wrong type"); - case CKR_RANDOM_SEED_NOT_SUPPORTED: - return _("Unable to initialize the random number generator"); - case CKR_RANDOM_NO_RNG: - return _("No random number generator available"); - case CKR_DOMAIN_PARAMS_INVALID: - return _("The crypto mechanism has an invalid parameter"); - case CKR_BUFFER_TOO_SMALL: - return _("Not enough space to store the result"); - case CKR_SAVED_STATE_INVALID: - return _("The saved state is invalid"); - case CKR_INFORMATION_SENSITIVE: - return _("The information is sensitive and cannot be revealed"); - case CKR_STATE_UNSAVEABLE: - return _("The state cannot be saved"); - case CKR_CRYPTOKI_NOT_INITIALIZED: - return _("The module has not been initialized"); - case CKR_CRYPTOKI_ALREADY_INITIALIZED: - return _("The module has already been initialized"); - case CKR_MUTEX_BAD: - return _("Cannot lock data"); - case CKR_MUTEX_NOT_LOCKED: - return _("The data cannot be locked"); - case CKR_FUNCTION_REJECTED: - return _("The signature request was rejected by the user"); - - default: - return _("Unknown error"); - } -} diff --git a/module/p11-kit-private.h b/module/p11-kit-private.h deleted file mode 100644 index 5fbe1eb..0000000 --- a/module/p11-kit-private.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_KIT_PRIVATE_H__ -#define __P11_KIT_PRIVATE_H__ - -extern pthread_mutex_t _p11_mutex; - -#define _p11_lock() pthread_mutex_lock (&_p11_mutex); - -#define _p11_unlock() pthread_mutex_unlock (&_p11_mutex); - -CK_FUNCTION_LIST_PTR_PTR _p11_kit_registered_modules_unlocked (void); - -CK_RV _p11_kit_initialize_registered_unlocked_reentrant (void); - -CK_RV _p11_kit_finalize_registered_unlocked_reentrant (void); - -void _p11_kit_proxy_after_fork (void); - -#endif /* __P11_KIT_PRIVATE_H__ */ diff --git a/module/p11-kit-proxy.c b/module/p11-kit-proxy.c deleted file mode 100644 index fd28a19..0000000 --- a/module/p11-kit-proxy.c +++ /dev/null @@ -1,1382 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * Copyright (C) 2008 Stefan Walter - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "hash.h" -#include "pkcs11.h" -#include "p11-kit.h" -#include "p11-kit-private.h" -#include "util.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* Start wrap slots slightly higher for testing */ -#define MAPPING_OFFSET 0x10 -#define FIRST_HANDLE 0x10 - -typedef struct _Mapping { - CK_SLOT_ID wrap_slot; - CK_SLOT_ID real_slot; - CK_FUNCTION_LIST_PTR funcs; -} Mapping; - -typedef struct _Session { - CK_SESSION_HANDLE wrap_session; - CK_SESSION_HANDLE real_session; - CK_SLOT_ID wrap_slot; -} Session; - -/* Forward declaration */ -static CK_FUNCTION_LIST proxy_function_list; - -/* - * Shared data between threads, protected by the mutex, a structure so - * we can audit thread safety easier. - */ -static struct _Shared { - Mapping *mappings; - unsigned int n_mappings; - int mappings_refs; - hash_t *sessions; - CK_ULONG last_handle; -} gl = { NULL, 0, 0, NULL, FIRST_HANDLE }; - -#define MANUFACTURER_ID "PKCS#11 Kit " -#define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module " -#define LIBRARY_VERSION_MAJOR 1 -#define LIBRARY_VERSION_MINOR 1 - -/* ----------------------------------------------------------------------------- - * PKCS#11 PROXY MODULE - */ - -static CK_RV -map_slot_unlocked (CK_SLOT_ID slot, Mapping *mapping) -{ - assert (mapping); - - if (slot < MAPPING_OFFSET) - return CKR_SLOT_ID_INVALID; - slot -= MAPPING_OFFSET; - - if (slot > gl.n_mappings) { - return CKR_SLOT_ID_INVALID; - } else { - assert (gl.mappings); - memcpy (mapping, &gl.mappings[slot], sizeof (Mapping)); - return CKR_OK; - } -} - -static CK_RV -map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping) -{ - CK_RV rv; - - assert (mapping); - - _p11_lock (); - - if (!gl.mappings) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - else - rv = map_slot_unlocked (*slot, mapping); - if (rv == CKR_OK) - *slot = mapping->real_slot; - - _p11_unlock (); - - return rv; -} - -static CK_RV -map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *session) -{ - CK_RV rv = CKR_OK; - Session *sess; - - assert (handle); - assert (mapping); - - _p11_lock (); - - if (!gl.sessions) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - assert (gl.sessions); - sess = hash_get (gl.sessions, &handle); - if (sess != NULL) { - *handle = sess->real_session; - rv = map_slot_unlocked (sess->wrap_slot, mapping); - if (session != NULL) - memcpy (session, sess, sizeof (Session)); - } else { - rv = CKR_SESSION_HANDLE_INVALID; - } - } - - _p11_unlock (); - - return rv; -} - -static void -finalize_mappings_unlocked (void) -{ - assert (gl.mappings_refs); - - if (--gl.mappings_refs) - return; - - /* No more mappings */ - free (gl.mappings); - gl.mappings = NULL; - gl.n_mappings = 0; - - /* no more sessions */ - hash_free (gl.sessions); - gl.sessions = NULL; -} - -void -_p11_kit_proxy_after_fork (void) -{ - /* - * After a fork the callers are supposed to call C_Initialize and all. - * In addition the underlying libraries may change their state so free - * up any mappings and all - */ - - _p11_lock (); - - gl.mappings_refs = 1; - finalize_mappings_unlocked (); - assert (!gl.mappings); - - _p11_unlock (); -} - -static CK_RV -proxy_C_Finalize (CK_VOID_PTR reserved) -{ - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - if (reserved) - return CKR_ARGUMENTS_BAD; - - _p11_lock (); - - /* WARNING: Reentrancy can occur here */ - rv = _p11_kit_finalize_registered_unlocked_reentrant (); - - /* - * If modules are all gone, then this was the last - * finalize, so cleanup our mappings - */ - if (gl.mappings_refs) - finalize_mappings_unlocked (); - - _p11_unlock (); - - return rv; -} - -static CK_RV -initialize_mappings_unlocked_reentrant (void) -{ - CK_FUNCTION_LIST_PTR *funcss, *f; - CK_FUNCTION_LIST_PTR funcs; - Mapping *mappings = NULL; - int n_mappings = 0; - CK_SLOT_ID_PTR slots; - CK_ULONG i, count; - CK_RV rv; - - assert (!gl.mappings); - - funcss = _p11_kit_registered_modules_unlocked (); - for (f = funcss; *f; ++f) { - funcs = *f; - - assert (funcs); - slots = NULL; - - _p11_unlock (); - - /* Ask module for its slots */ - rv = (funcs->C_GetSlotList) (FALSE, NULL, &count); - if (rv == CKR_OK && count) { - slots = calloc (sizeof (CK_SLOT_ID), count); - if (!slots) - rv = CKR_HOST_MEMORY; - else - rv = (funcs->C_GetSlotList) (FALSE, slots, &count); - } - - _p11_lock (); - - if (rv != CKR_OK) { - free (slots); - break; - } - - mappings = xrealloc (mappings, sizeof (Mapping) * (n_mappings + count)); - if (!mappings) { - free (slots); - rv = CKR_HOST_MEMORY; - break; - } - - /* And now add a mapping for each of those slots */ - for (i = 0; i < count; ++i) { - mappings[n_mappings].funcs = funcs; - mappings[n_mappings].wrap_slot = n_mappings + MAPPING_OFFSET; - mappings[n_mappings].real_slot = slots[i]; - ++n_mappings; - } - - free (slots); - } - - /* Another thread raced us here due to above reentrancy */ - if (gl.mappings) { - free (mappings); - return CKR_OK; - } - - assert (!gl.sessions); - gl.sessions = hash_create (hash_ulongptr_hash, hash_ulongptr_equal, NULL, free); - ++gl.mappings_refs; - - /* Any cleanup necessary for failure will happen at caller */ - return rv; -} - -static CK_RV -proxy_C_Initialize (CK_VOID_PTR init_args) -{ - CK_RV rv; - - /* WARNING: This function must be reentrant */ - - _p11_lock (); - - /* WARNING: Reentrancy can occur here */ - rv = _p11_kit_initialize_registered_unlocked_reentrant (); - - /* WARNING: Reentrancy can occur here */ - if (rv == CKR_OK && !gl.mappings_refs == 0) - rv = initialize_mappings_unlocked_reentrant (); - - _p11_unlock (); - - if (rv != CKR_OK) - proxy_C_Finalize (NULL); - - return rv; -} - -static CK_RV -proxy_C_GetInfo (CK_INFO_PTR info) -{ - CK_RV rv = CKR_OK; - - if (info == NULL) - return CKR_ARGUMENTS_BAD; - - _p11_lock (); - - if (!gl.mappings) - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - _p11_unlock (); - - if (rv != CKR_OK) - return rv; - - info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; - info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; - info->libraryVersion.major = LIBRARY_VERSION_MAJOR; - info->libraryVersion.minor = LIBRARY_VERSION_MINOR; - info->flags = 0; - strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); - strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); - return CKR_OK; -} - -static CK_RV -proxy_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - /* Can be called before C_Initialize */ - - if (!list) - return CKR_ARGUMENTS_BAD; - *list = &proxy_function_list; - return CKR_OK; -} - -static CK_RV -proxy_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list, - CK_ULONG_PTR count) -{ - CK_SLOT_INFO info; - Mapping *mapping; - CK_ULONG index; - CK_RV rv = CKR_OK; - int i; - - if (!count) - return CKR_ARGUMENTS_BAD; - - _p11_lock (); - - if (!gl.mappings) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - index = 0; - - /* Go through and build up a map */ - for (i = 0; i < gl.n_mappings; ++i) { - mapping = &gl.mappings[i]; - - /* Skip ones without a token if requested */ - if (token_present) { - rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info); - if (rv != CKR_OK) - break; - if (!(info.flags & CKF_TOKEN_PRESENT)) - continue; - } - - /* Fill in the slot if we can */ - if (slot_list && *count > index) - slot_list[index] = mapping->wrap_slot; - - ++index; - } - - if (slot_list && *count < index) - rv = CKR_BUFFER_TOO_SMALL; - - *count = index; - } - - _p11_unlock (); - - return rv; -} - -static CK_RV -proxy_C_GetSlotInfo (CK_SLOT_ID id, CK_SLOT_INFO_PTR info) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetSlotInfo) (id, info); -} - -static CK_RV -proxy_C_GetTokenInfo (CK_SLOT_ID id, CK_TOKEN_INFO_PTR info) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetTokenInfo) (id, info); -} - -static CK_RV -proxy_C_GetMechanismList (CK_SLOT_ID id, CK_MECHANISM_TYPE_PTR mechanism_list, - CK_ULONG_PTR count) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetMechanismList) (id, mechanism_list, count); -} - -static CK_RV -proxy_C_GetMechanismInfo (CK_SLOT_ID id, CK_MECHANISM_TYPE type, - CK_MECHANISM_INFO_PTR info) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetMechanismInfo) (id, type, info); -} - -static CK_RV -proxy_C_InitToken (CK_SLOT_ID id, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, CK_UTF8CHAR_PTR label) -{ - Mapping map; - CK_RV rv; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_InitToken) (id, pin, pin_len, label); -} - -static CK_RV -proxy_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved) -{ - return CKR_FUNCTION_NOT_SUPPORTED; -} - -static CK_RV -proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, - CK_NOTIFY callback, CK_SESSION_HANDLE_PTR handle) -{ - Session *sess; - Mapping map; - CK_RV rv; - - if (handle == NULL) - return CKR_ARGUMENTS_BAD; - - rv = map_slot_to_real (&id, &map); - if (rv != CKR_OK) - return rv; - - rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle); - - if (rv == CKR_OK) { - _p11_lock (); - - if (!gl.sessions) { - /* - * The underlying module should have returned an error, so this - * code should never be reached with properly behaving modules. - * That's why we don't cleanup and close the newly opened session here - * or anything like that. - */ - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - - } else { - sess = calloc (1, sizeof (Session)); - sess->wrap_slot = map.wrap_slot; - sess->real_session = *handle; - sess->wrap_session = ++gl.last_handle; /* TODO: Handle wrapping, and then collisions */ - hash_set (gl.sessions, &sess->wrap_session, sess); - *handle = sess->wrap_session; - } - - _p11_unlock (); - } - - return rv; -} - -static CK_RV -proxy_C_CloseSession (CK_SESSION_HANDLE handle) -{ - CK_SESSION_HANDLE key; - Mapping map; - CK_RV rv; - - key = handle; - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - rv = (map.funcs->C_CloseSession) (handle); - - if (rv == CKR_OK) { - _p11_lock (); - - if (gl.sessions) - hash_remove (gl.sessions, &key); - - _p11_unlock (); - } - - return rv; -} - -static CK_RV -proxy_C_CloseAllSessions (CK_SLOT_ID id) -{ - CK_SESSION_HANDLE_PTR to_close; - CK_RV rv = CKR_OK; - Session *sess; - CK_ULONG i, count = 0; - hash_iter_t iter; - - _p11_lock (); - - if (!gl.sessions) { - rv = CKR_CRYPTOKI_NOT_INITIALIZED; - } else { - to_close = calloc (sizeof (CK_SESSION_HANDLE), hash_count (gl.sessions)); - if (!to_close) { - rv = CKR_HOST_MEMORY; - } else { - hash_iterate (gl.sessions, &iter); - count = 0; - while (hash_next (&iter, NULL, (void**)&sess)) { - if (sess->wrap_slot == id && to_close) - to_close[count++] = sess->wrap_session; - } - } - } - - _p11_unlock (); - - if (rv != CKR_OK) - return rv; - - for (i = 0; i < count; ++i) - proxy_C_CloseSession (to_close[i]); - - free (to_close); - return CKR_OK; -} - -static CK_RV -proxy_C_GetFunctionStatus (CK_SESSION_HANDLE handle) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetFunctionStatus) (handle); -} - -static CK_RV -proxy_C_CancelFunction (CK_SESSION_HANDLE handle) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_CancelFunction) (handle); -} - -static CK_RV -proxy_C_GetSessionInfo (CK_SESSION_HANDLE handle, CK_SESSION_INFO_PTR info) -{ - Mapping map; - CK_RV rv; - - if (info == NULL) - return CKR_ARGUMENTS_BAD; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - rv = (map.funcs->C_GetSessionInfo) (handle, info); - if (rv == CKR_OK) - info->slotID = map.wrap_slot; - - return rv; -} - -static CK_RV -proxy_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_InitPIN) (handle, pin, pin_len); -} - -static CK_RV -proxy_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len, - CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len); -} - -static CK_RV -proxy_C_GetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len); -} - -static CK_RV -proxy_C_SetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, - CK_ULONG operation_state_len, CK_OBJECT_HANDLE encryption_key, - CK_OBJECT_HANDLE authentication_key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key); -} - -static CK_RV -proxy_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type, - CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_Login) (handle, user_type, pin, pin_len); -} - -static CK_RV -proxy_C_Logout (CK_SESSION_HANDLE handle) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Logout) (handle); -} - -static CK_RV -proxy_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template, - CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - - return (map.funcs->C_CreateObject) (handle, template, count, new_object); -} - -static CK_RV -proxy_C_CopyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, CK_ULONG count, - CK_OBJECT_HANDLE_PTR new_object) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_CopyObject) (handle, object, template, count, new_object); -} - -static CK_RV -proxy_C_DestroyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DestroyObject) (handle, object); -} - -static CK_RV -proxy_C_GetObjectSize (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, - CK_ULONG_PTR size) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetObjectSize) (handle, object, size); -} - -static CK_RV -proxy_C_GetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, CK_ULONG count) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GetAttributeValue) (handle, object, template, count); -} - -static CK_RV -proxy_C_SetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, - CK_ATTRIBUTE_PTR template, CK_ULONG count) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SetAttributeValue) (handle, object, template, count); -} - -static CK_RV -proxy_C_FindObjectsInit (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template, - CK_ULONG count) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjectsInit) (handle, template, count); -} - -static CK_RV -proxy_C_FindObjects (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, CK_ULONG_PTR count) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjects) (handle, objects, max_count, count); -} - -static CK_RV -proxy_C_FindObjectsFinal (CK_SESSION_HANDLE handle) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_FindObjectsFinal) (handle); -} - -static CK_RV -proxy_C_EncryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Encrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Encrypt) (handle, data, data_len, encrypted_data, encrypted_data_len); -} - -static CK_RV -proxy_C_EncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, - CK_ULONG part_len, CK_BYTE_PTR encrypted_part, - CK_ULONG_PTR encrypted_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len); -} - -static CK_RV -proxy_C_EncryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len); -} - -static CK_RV -proxy_C_DecryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Decrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data, - CK_ULONG enc_data_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, data, data_len); -} - -static CK_RV -proxy_C_DecryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, CK_BYTE_PTR part, CK_ULONG_PTR part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_DecryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part, - CK_ULONG_PTR last_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len); -} - -static CK_RV -proxy_C_DigestInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestInit) (handle, mechanism); -} - -static CK_RV -proxy_C_Digest (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR digest, CK_ULONG_PTR digest_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Digest) (handle, data, data_len, digest, digest_len); -} - -static CK_RV -proxy_C_DigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_DigestKey (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestKey) (handle, key); -} - -static CK_RV -proxy_C_DigestFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR digest, - CK_ULONG_PTR digest_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestFinal) (handle, digest, digest_len); -} - -static CK_RV -proxy_C_SignInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Sign (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Sign) (handle, data, data_len, signature, signature_len); -} - -static CK_RV -proxy_C_SignUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_SignFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, - CK_ULONG_PTR signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignFinal) (handle, signature, signature_len); -} - -static CK_RV -proxy_C_SignRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignRecoverInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_SignRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignRecover) (handle, data, data_len, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_Verify (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, - CK_BYTE_PTR signature, CK_ULONG signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_Verify) (handle, data, data_len, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyUpdate) (handle, part, part_len); -} - -static CK_RV -proxy_C_VerifyFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, - CK_ULONG signature_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyFinal) (handle, signature, signature_len); -} - -static CK_RV -proxy_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key); -} - -static CK_RV -proxy_C_VerifyRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, - CK_ULONG signature_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, data, data_len); -} - -static CK_RV -proxy_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, - CK_ULONG part_len, CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); -} - -static CK_RV -proxy_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, - CK_ULONG part_len, CK_BYTE_PTR enc_part, - CK_ULONG_PTR enc_part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); -} - -static CK_RV -proxy_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, - CK_ULONG enc_part_len, CK_BYTE_PTR part, - CK_ULONG_PTR part_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len); -} - -static CK_RV -proxy_C_GenerateKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR template, CK_ULONG count, - CK_OBJECT_HANDLE_PTR key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key); -} - -static CK_RV -proxy_C_GenerateKeyPair (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_ATTRIBUTE_PTR pub_template, CK_ULONG pub_count, - CK_ATTRIBUTE_PTR priv_template, CK_ULONG priv_count, - CK_OBJECT_HANDLE_PTR pub_key, CK_OBJECT_HANDLE_PTR priv_key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key); -} - -static CK_RV -proxy_C_WrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE wrapping_key, CK_OBJECT_HANDLE key, - CK_BYTE_PTR wrapped_key, CK_ULONG_PTR wrapped_key_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len); -} - -static CK_RV -proxy_C_UnwrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE unwrapping_key, CK_BYTE_PTR wrapped_key, - CK_ULONG wrapped_key_len, CK_ATTRIBUTE_PTR template, - CK_ULONG count, CK_OBJECT_HANDLE_PTR key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key); -} - -static CK_RV -proxy_C_DeriveKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, - CK_OBJECT_HANDLE base_key, CK_ATTRIBUTE_PTR template, - CK_ULONG count, CK_OBJECT_HANDLE_PTR key) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key); -} - -static CK_RV -proxy_C_SeedRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR seed, CK_ULONG seed_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_SeedRandom) (handle, seed, seed_len); -} - -static CK_RV -proxy_C_GenerateRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR random_data, - CK_ULONG random_len) -{ - Mapping map; - CK_RV rv; - - rv = map_session_to_real (&handle, &map, NULL); - if (rv != CKR_OK) - return rv; - return (map.funcs->C_GenerateRandom) (handle, random_data, random_len); -} - -/* -------------------------------------------------------------------- - * MODULE ENTRY POINT - */ - -static CK_FUNCTION_LIST proxy_function_list = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ - proxy_C_Initialize, - proxy_C_Finalize, - proxy_C_GetInfo, - proxy_C_GetFunctionList, - proxy_C_GetSlotList, - proxy_C_GetSlotInfo, - proxy_C_GetTokenInfo, - proxy_C_GetMechanismList, - proxy_C_GetMechanismInfo, - proxy_C_InitToken, - proxy_C_InitPIN, - proxy_C_SetPIN, - proxy_C_OpenSession, - proxy_C_CloseSession, - proxy_C_CloseAllSessions, - proxy_C_GetSessionInfo, - proxy_C_GetOperationState, - proxy_C_SetOperationState, - proxy_C_Login, - proxy_C_Logout, - proxy_C_CreateObject, - proxy_C_CopyObject, - proxy_C_DestroyObject, - proxy_C_GetObjectSize, - proxy_C_GetAttributeValue, - proxy_C_SetAttributeValue, - proxy_C_FindObjectsInit, - proxy_C_FindObjects, - proxy_C_FindObjectsFinal, - proxy_C_EncryptInit, - proxy_C_Encrypt, - proxy_C_EncryptUpdate, - proxy_C_EncryptFinal, - proxy_C_DecryptInit, - proxy_C_Decrypt, - proxy_C_DecryptUpdate, - proxy_C_DecryptFinal, - proxy_C_DigestInit, - proxy_C_Digest, - proxy_C_DigestUpdate, - proxy_C_DigestKey, - proxy_C_DigestFinal, - proxy_C_SignInit, - proxy_C_Sign, - proxy_C_SignUpdate, - proxy_C_SignFinal, - proxy_C_SignRecoverInit, - proxy_C_SignRecover, - proxy_C_VerifyInit, - proxy_C_Verify, - proxy_C_VerifyUpdate, - proxy_C_VerifyFinal, - proxy_C_VerifyRecoverInit, - proxy_C_VerifyRecover, - proxy_C_DigestEncryptUpdate, - proxy_C_DecryptDigestUpdate, - proxy_C_SignEncryptUpdate, - proxy_C_DecryptVerifyUpdate, - proxy_C_GenerateKey, - proxy_C_GenerateKeyPair, - proxy_C_WrapKey, - proxy_C_UnwrapKey, - proxy_C_DeriveKey, - proxy_C_SeedRandom, - proxy_C_GenerateRandom, - proxy_C_GetFunctionStatus, - proxy_C_CancelFunction, - proxy_C_WaitForSlotEvent -}; - -CK_RV -C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) -{ - return proxy_C_GetFunctionList (list); -} diff --git a/module/p11-kit-uri.c b/module/p11-kit-uri.c deleted file mode 100644 index 6830896..0000000 --- a/module/p11-kit-uri.c +++ /dev/null @@ -1,951 +0,0 @@ -/* - * Copyright (C) 2011 Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "config.h" - -#include "pkcs11.h" -#include "p11-kit-uri.h" -#include "util.h" - -#include -#include -#include -#include -#include - -enum { - CLASS_IDX, - LABEL_IDX, - ID_IDX, - NUM_ATTRS, -}; - -struct _P11KitUri { - int unrecognized; - CK_INFO module; - CK_TOKEN_INFO token; - CK_ATTRIBUTE attrs[NUM_ATTRS]; -}; - -const static char HEX_CHARS[] = "0123456789abcdef"; - -static int -url_decode (const char *value, const char *end, - unsigned char** output, size_t *length) -{ - char *a, *b; - unsigned char *result, *p; - - assert (output); - assert (value <= end); - - /* String can only get shorter */ - result = malloc ((end - value) + 1); - if (!result) - return P11_KIT_URI_NO_MEMORY; - - /* Now loop through looking for escapes */ - p = result; - while (value != end) { - /* - * A percent sign followed by two hex digits means - * that the digits represent an escaped character. - */ - if (*value == '%') { - value++; - if (value + 2 > end) { - free (result); - return P11_KIT_URI_BAD_ENCODING; - } - a = strchr (HEX_CHARS, tolower (value[0])); - b = strchr (HEX_CHARS, tolower (value[1])); - if (!a || !b) { - free (result); - return P11_KIT_URI_BAD_ENCODING; - } - *p = (a - HEX_CHARS) << 4; - *(p++) |= (b - HEX_CHARS); - value += 2; - } else { - *(p++) = *(value++); - } - } - - *p = 0; - if (length) - *length = p - result; - *output = result; - return P11_KIT_URI_OK; -} - -static char* -url_encode (const unsigned char *value, const unsigned char *end, size_t *length) -{ - char *p; - char *result; - - assert (value <= end); - - /* Just allocate for worst case */ - result = malloc (((end - value) * 3) + 1); - if (!result) - return NULL; - - /* Now loop through looking for escapes */ - p = result; - while (value != end) { - - /* These characters we let through verbatim */ - if (*value && (isalnum (*value) || strchr ("_-.", *value) != NULL)) { - *(p++) = *(value++); - - /* All others get encoded */ - } else { - *(p++) = '%'; - *(p++) = HEX_CHARS[((unsigned char)*value) >> 4]; - *(p++) = HEX_CHARS[((unsigned char)*value) & 0x0F]; - ++value; - } - } - - *p = 0; - if (length) - *length = p - result; - return result; -} - -static int -attribute_to_idx (CK_ATTRIBUTE_TYPE type) -{ - switch (type) { - case CKA_CLASS: - return CLASS_IDX; - case CKA_LABEL: - return LABEL_IDX; - case CKA_ID: - return ID_IDX; - default: - return -1; - } -} - -static CK_ATTRIBUTE_TYPE -idx_to_attribute (int idx) -{ - switch (idx) { - case CLASS_IDX: - return CKA_CLASS; - case LABEL_IDX: - return CKA_LABEL; - case ID_IDX: - return CKA_ID; - default: - assert (0); - } -} - -static int -match_struct_string (const unsigned char *inuri, const unsigned char *real, - size_t length) -{ - assert (inuri); - assert (real); - assert (length > 0); - - /* NULL matches anything */ - if (inuri[0] == 0) - return 1; - - return memcmp (inuri, real, length) == 0 ? 1 : 0; -} - -static int -match_struct_version (CK_VERSION_PTR inuri, CK_VERSION_PTR real) -{ - /* This matches anything */ - if (inuri->major == (CK_BYTE)-1 && inuri->minor == (CK_BYTE)-1) - return 1; - - return memcmp (inuri, real, sizeof (CK_VERSION)); -} - -/** - * p11_kit_uri_get_module_info: - * - * Get the %CK_INFO structure associated with this URI. - * - * Returns: A pointer to the %CK_INFO structure. - */ -CK_INFO_PTR -p11_kit_uri_get_module_info (P11KitUri *uri) -{ - assert (uri); - return &uri->module; -} - -/** - * p11_kit_uri_match_module_info: - * - * Match a %CK_INFO structure against the library parts of this URI. - * - * Only the fields of the %CK_INFO structure that are valid for use in a - * URI will be matched. A URI part that was not specified in the URI will - * match any value in the structure. If during the URI parsing any unrecognized - * parts were encountered then this match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_module_info (P11KitUri *uri, CK_INFO_PTR info) -{ - assert (uri); - assert (info); - - if (uri->unrecognized) - return 0; - - return (match_struct_string (uri->module.libraryDescription, - info->libraryDescription, - sizeof (info->libraryDescription)) && - match_struct_string (uri->module.manufacturerID, - info->manufacturerID, - sizeof (info->manufacturerID)) && - match_struct_version (&uri->module.libraryVersion, - &info->libraryVersion)); -} - -CK_TOKEN_INFO_PTR -p11_kit_uri_get_token_info (P11KitUri *uri) -{ - assert (uri); - return &uri->token; -} - -/** - * p11_kit_uri_match_token_info: - * - * Match a %CK_TOKEN_INFO structure against the token parts of this URI. - * - * Only the fields of the %CK_TOKEN_INFO structure that are valid for use in a - * URI will be matched. A URI part that was not specified in the URI will - * match any value in the structure. If during the URI parsing any unrecognized - * parts were encountered then this match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_token_info (P11KitUri *uri, CK_TOKEN_INFO_PTR token_info) -{ - assert (uri); - assert (token_info); - - if (uri->unrecognized) - return 0; - - return (match_struct_string (uri->token.label, - token_info->label, - sizeof (token_info->label)) && - match_struct_string (uri->token.manufacturerID, - token_info->manufacturerID, - sizeof (token_info->manufacturerID)) && - match_struct_string (uri->token.model, - token_info->model, - sizeof (token_info->model)) && - match_struct_string (uri->token.serialNumber, - token_info->serialNumber, - sizeof (token_info->serialNumber))); -} - -CK_ATTRIBUTE_TYPE* -p11_kit_uri_get_attribute_types (P11KitUri *uri, int *n_types) -{ - CK_ATTRIBUTE_TYPE *result; - int i, j; - - assert (uri); - assert (n_types); - - result = calloc (NUM_ATTRS, sizeof (CK_ATTRIBUTE_TYPE)); - if (result == NULL) - return NULL; - - for (i = 0, j = 0; i < NUM_ATTRS; ++i) { - if (uri->attrs[i].ulValueLen != (CK_ULONG)-1) - result[j++] = uri->attrs[i].type; - } - - *n_types = j; - return result; -} - -CK_ATTRIBUTE_PTR -p11_kit_uri_get_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE type) -{ - int idx; - - assert (uri); - - idx = attribute_to_idx (type); - if (idx < 0) - return NULL; - - assert (idx < NUM_ATTRS); - if (uri->attrs[idx].ulValueLen == (CK_ULONG)-1) - return NULL; - return &uri->attrs[idx]; -} - -int -p11_kit_uri_set_attribute (P11KitUri *uri, CK_ATTRIBUTE_PTR attr) -{ - void *value = NULL; - int idx; - int ret; - - assert (uri); - assert (attr); - - if (attr->pValue && attr->ulValueLen && attr->ulValueLen != (CK_ULONG)-1) { - value = malloc (attr->ulValueLen); - if (!value) - return P11_KIT_URI_NO_MEMORY; - memcpy (value, attr->pValue, attr->ulValueLen); - } - - ret = p11_kit_uri_clear_attribute (uri, attr->type); - if (ret < 0){ - free (value); - return ret; - } - - idx = attribute_to_idx (attr->type); - assert (idx >= 0 && idx < NUM_ATTRS); - - memcpy (&uri->attrs[idx], attr, sizeof (CK_ATTRIBUTE)); - uri->attrs[idx].pValue = value; - - return P11_KIT_URI_OK; -} - -int -p11_kit_uri_clear_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE type) -{ - int idx; - - assert (uri); - - idx = attribute_to_idx (type); - if (idx < 0) - return P11_KIT_URI_NOT_FOUND; - assert (idx < NUM_ATTRS); - - free (uri->attrs[idx].pValue); - uri->attrs[idx].pValue = NULL; - uri->attrs[idx].ulValueLen = (CK_ULONG)-1; - return 0; -} - -static int -match_attributes (CK_ATTRIBUTE_PTR one, CK_ATTRIBUTE_PTR two) -{ - assert (one); - assert (two); - - if (one->type != two->type) - return 0; - if (one->ulValueLen != two->ulValueLen) - return 0; - if (one->pValue == two->pValue) - return 1; - if (!one->pValue || !two->pValue) - return 0; - return memcmp (one->pValue, two->pValue, one->ulValueLen) == 0; -} - -/** - * p11_kit_uri_match_attributes: - * - * Match a attributes against the object parts of this URI. - * - * Only the attributes that are valid for use in a URI will be matched. A URI - * part that was not specified in the URI will match any attribute value. If - * during the URI parsing any unrecognized parts were encountered then this - * match will fail. - * - * Returns: 1 if the URI matches, 0 if not. - */ -int -p11_kit_uri_match_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs) -{ - CK_ULONG j; - int i; - - assert (uri); - assert (attrs || !n_attrs); - - if (uri->unrecognized) - return 0; - - for (i = 0; i < NUM_ATTRS; ++i) { - if (uri->attrs[i].ulValueLen == (CK_ULONG)-1) - continue; - for (j = 0; j < n_attrs; ++j) { - if (attrs[j].type == uri->attrs[i].type) { - if (!match_attributes (&uri->attrs[i], &attrs[j])) - return 0; - break; - } - } - } - - return 1; -} - -void -p11_kit_uri_set_unrecognized (P11KitUri *uri, int unrecognized) -{ - assert (uri); - uri->unrecognized = unrecognized; -} - -int -p11_kit_uri_any_unrecognized (P11KitUri *uri) -{ - assert (uri); - return uri->unrecognized; -} - -P11KitUri* -p11_kit_uri_new (void) -{ - P11KitUri *uri; - int i; - - uri = calloc (1, sizeof (P11KitUri)); - if (!uri) - return NULL; - - /* So that it matches anything */ - uri->module.libraryVersion.major = (CK_BYTE)-1; - uri->module.libraryVersion.minor = (CK_BYTE)-1; - - for (i = 0; i < NUM_ATTRS; ++i) { - uri->attrs[i].type = idx_to_attribute (i); - uri->attrs[i].ulValueLen = (CK_ULONG)-1; - } - - return uri; -} - -static size_t -space_strlen (const unsigned char *string, size_t max_length) -{ - size_t i = max_length - 1; - - assert (string); - - while (i > 0 && string[i] == ' ') - --i; - return i + 1; -} - -static int -format_raw_string (char **string, size_t *length, int *is_first, - const char *name, const char *value) -{ - size_t namelen; - size_t vallen; - - /* Not set */ - if (!value) - return 1; - - namelen = strlen (name); - vallen = strlen (value); - - *string = xrealloc (*string, *length + namelen + vallen + 3); - if (!*string) - return 0; - - if (!*is_first) - (*string)[(*length)++] = ';'; - memcpy ((*string) + *length, name, namelen); - *length += namelen; - (*string)[(*length)++] = '='; - memcpy ((*string) + *length, value, vallen); - *length += vallen; - (*string)[*length] = 0; - *is_first = 0; - - return 1; -} - - -static int -format_struct_string (char **string, size_t *length, int *is_first, - const char *name, const unsigned char *value, - size_t value_max) -{ - char *encoded; - size_t len; - int ret; - - /* Not set */ - if (!value[0]) - return 1; - - len = space_strlen (value, value_max); - encoded = url_encode (value, value + len, NULL); - if (!encoded) - return 0; - - ret = format_raw_string (string, length, is_first, name, encoded); - free (encoded); - - return ret; -} - -static int -format_attribute_string (char **string, size_t *length, int *is_first, - const char *name, CK_ATTRIBUTE_PTR attr) -{ - unsigned char *value; - char *encoded; - int ret; - - /* Not set */; - if (attr->ulValueLen == (CK_ULONG)-1) - return 1; - - value = attr->pValue; - encoded = url_encode (value, value + attr->ulValueLen, NULL); - if (!encoded) - return 0; - - ret = format_raw_string (string, length, is_first, name, encoded); - free (encoded); - - return ret; -} - -static int -format_attribute_class (char **string, size_t *length, int *is_first, - const char *name, CK_ATTRIBUTE_PTR attr) -{ - CK_OBJECT_CLASS klass; - const char *value; - - /* Not set */; - if (attr->ulValueLen != sizeof (klass)) - return 1; - - klass = *((CK_OBJECT_CLASS*)attr->pValue); - switch (klass) { - case CKO_DATA: - value = "data"; - break; - case CKO_SECRET_KEY: - value = "secretkey"; - break; - case CKO_CERTIFICATE: - value = "cert"; - break; - case CKO_PUBLIC_KEY: - value = "public"; - break; - case CKO_PRIVATE_KEY: - value = "private"; - break; - } - - return format_raw_string (string, length, is_first, name, value); -} - -static int -format_struct_version (char **string, size_t *length, int *is_first, - const char *name, CK_VERSION_PTR version) -{ - char buffer[64]; - - /* Not set */ - if (version->major == (CK_BYTE)-1 && version->minor == (CK_BYTE)-1) - return 1; - - snprintf (buffer, sizeof (buffer), "%d.%d", - (int)version->major, (int)version->minor); - return format_raw_string (string, length, is_first, name, buffer); -} - -int -p11_kit_uri_format (P11KitUri *uri, char **string) -{ - char *result = NULL; - size_t length = 0; - int is_first = 1; - - result = malloc (128); - if (!result) - return P11_KIT_URI_NO_MEMORY; - - length = P11_KIT_URI_PREFIX_LEN; - memcpy (result, P11_KIT_URI_PREFIX, length); - result[length] = 0; - - if (!format_struct_string (&result, &length, &is_first, "library-description", - uri->module.libraryDescription, - sizeof (uri->module.libraryDescription)) || - !format_struct_string (&result, &length, &is_first, "library-manufacturer", - uri->module.manufacturerID, - sizeof (uri->module.manufacturerID)) || - !format_struct_string (&result, &length, &is_first, "model", - uri->token.model, - sizeof (uri->token.model)) || - !format_struct_string (&result, &length, &is_first, "manufacturer", - uri->token.manufacturerID, - sizeof (uri->token.manufacturerID)) || - !format_struct_string (&result, &length, &is_first, "serial", - uri->token.serialNumber, - sizeof (uri->token.serialNumber)) || - !format_struct_string (&result, &length, &is_first, "token", - uri->token.label, - sizeof (uri->token.label)) || - !format_struct_version (&result, &length, &is_first, "library-version", - &uri->module.libraryVersion)) { - free (result); - return P11_KIT_URI_NO_MEMORY; - } - - if (!format_attribute_string (&result, &length, &is_first, "id", - &uri->attrs[ID_IDX]) || - !format_attribute_string (&result, &length, &is_first, "object", - &uri->attrs[LABEL_IDX])) { - free (result); - return P11_KIT_URI_NO_MEMORY; - } - - if (!format_attribute_class (&result, &length, &is_first, "objecttype", - &uri->attrs[CLASS_IDX])) { - free (result); - return P11_KIT_URI_NO_MEMORY; - } - - *string = result; - return P11_KIT_URI_OK; -} - -static int -parse_string_attribute (const char *name, const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *value; - size_t length; - int idx, ret; - - assert (start <= end); - - if (strcmp ("id", name) == 0) - idx = ID_IDX; - else if (strcmp ("object", name) == 0) - idx = LABEL_IDX; - else - return 0; - - ret = url_decode (start, end, &value, &length); - if (ret < 0) - return ret; - - free (uri->attrs[idx].pValue); - uri->attrs[idx].pValue = value; - uri->attrs[idx].ulValueLen = length; - return 1; -} - -static int -equals_segment (const char *start, const char *end, const char *match) -{ - size_t len = strlen (match); - assert (start <= end); - return (end - start == len) && memcmp (start, match, len) == 0; -} - -static int -parse_class_attribute (const char *name, const char *start, const char *end, - P11KitUri *uri) -{ - CK_OBJECT_CLASS klass = 0; - void *value; - - assert (start <= end); - - if (strcmp ("objecttype", name) != 0) - return 0; - - if (equals_segment (start, end, "cert")) - klass = CKO_CERTIFICATE; - else if (equals_segment (start, end, "public")) - klass = CKO_PUBLIC_KEY; - else if (equals_segment (start, end, "private")) - klass = CKO_PRIVATE_KEY; - else if (equals_segment (start, end, "secretkey")) - klass = CKO_SECRET_KEY; - else if (equals_segment (start, end, "data")) - klass = CKO_DATA; - else { - uri->unrecognized = 1; - return 1; - } - - value = malloc (sizeof (klass)); - if (value == NULL) - return P11_KIT_URI_NO_MEMORY; - - free (uri->attrs[CLASS_IDX].pValue); - memcpy (value, &klass, sizeof (klass)); - uri->attrs[CLASS_IDX].pValue = value; - uri->attrs[CLASS_IDX].ulValueLen = sizeof (klass); - - return 1; -} - -static int -parse_struct_info (unsigned char *where, size_t length, const char *start, - const char *end, P11KitUri *uri) -{ - unsigned char *value; - size_t value_length; - int ret; - - assert (start <= end); - - ret = url_decode (start, end, &value, &value_length); - if (ret < 0) - return ret; - - /* Too long, shouldn't match anything */ - if (value_length > length) { - free (value); - uri->unrecognized = 1; - return 1; - } - - memset (where, ' ', length); - memcpy (where, value, value_length); - - free (value); - return 1; -} - -static int -parse_token_info (const char *name, const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *where; - size_t length; - - assert (start <= end); - - if (strcmp (name, "model") == 0) { - where = uri->token.model; - length = sizeof (uri->token.model); - } else if (strcmp (name, "manufacturer") == 0) { - where = uri->token.manufacturerID; - length = sizeof (uri->token.manufacturerID); - } else if (strcmp (name, "serial") == 0) { - where = uri->token.serialNumber; - length = sizeof (uri->token.serialNumber); - } else if (strcmp (name, "token") == 0) { - where = uri->token.label; - length = sizeof (uri->token.label); - } else { - return 0; - } - - return parse_struct_info (where, length, start, end, uri); -} - -static int -atoin (const char *start, const char *end) -{ - int ret = 0; - while (start != end) { - if (*start < '0' || *start > '9') - return -1; - ret *= 10; - ret += (*start - '0'); - ++start; - } - return ret; -} - -static int -parse_struct_version (const char *start, const char *end, CK_VERSION_PTR version) -{ - const char *dot; - int val; - - assert (start <= end); - - dot = memchr (start, '.', end - start); - if (!dot) - dot = end; - - if (dot == start) - return P11_KIT_URI_BAD_VERSION; - val = atoin (start, dot); - if (val < 0 || val >= 255) - return P11_KIT_URI_BAD_VERSION; - version->major = (CK_BYTE)val; - version->minor = 0; - - if (dot != end) { - if (dot + 1 == end) - return P11_KIT_URI_BAD_VERSION; - val = atoin (dot + 1, end); - if (val < 0 || val >= 255) - return P11_KIT_URI_BAD_VERSION; - version->minor = (CK_BYTE)val; - } - - return 1; -} - -static int -parse_module_info (const char *name, const char *start, const char *end, - P11KitUri *uri) -{ - unsigned char *where; - size_t length; - - assert (start <= end); - - if (strcmp (name, "library-description") == 0) { - where = uri->module.libraryDescription; - length = sizeof (uri->module.libraryDescription); - } else if (strcmp (name, "library-manufacturer") == 0) { - where = uri->module.manufacturerID; - length = sizeof (uri->module.manufacturerID); - } else if (strcmp (name, "library-version") == 0) { - return parse_struct_version (start, end, - &uri->module.libraryVersion); - } else { - return 0; - } - - return parse_struct_info (where, length, start, end, uri); -} - -int -p11_kit_uri_parse (const char *string, P11KitUriContext context, - P11KitUri *uri) -{ - const char *spos, *epos; - char *key = NULL; - int ret = -1; - int i; - - assert (string); - assert (uri); - - if (strncmp (string, P11_KIT_URI_PREFIX, P11_KIT_URI_PREFIX_LEN) != 0) - return P11_KIT_URI_BAD_PREFIX; - - string += P11_KIT_URI_PREFIX_LEN; - - /* Clear everything out */ - memset (&uri->module, 0, sizeof (uri->module)); - memset (&uri->token, 0, sizeof (uri->module)); - for (i = 0; i < NUM_ATTRS; ++i) - uri->attrs[i].ulValueLen = (CK_ULONG)-1; - uri->module.libraryVersion.major = (CK_BYTE)-1; - uri->module.libraryVersion.minor = (CK_BYTE)-1; - uri->unrecognized = 0; - - for (;;) { - spos = strchr (string, ';'); - if (spos == NULL) { - spos = string + strlen (string); - assert (*spos == '\0'); - if (spos == string) - break; - } - - epos = strchr (string, '='); - if (epos == NULL || spos == string || epos == string || epos >= spos) - return P11_KIT_URI_BAD_SYNTAX; - - key = malloc ((epos - string) + 1); - if (key == NULL) - return P11_KIT_URI_NO_MEMORY; - memcpy (key, string, epos - string); - key[epos - string] = 0; - epos++; - - ret = 0; - if (context & P11_KIT_URI_PARSE_OBJECT) - ret = parse_string_attribute (key, epos, spos, uri); - if (ret == 0 && context & P11_KIT_URI_PARSE_OBJECT) - ret = parse_class_attribute (key, epos, spos, uri); - if (ret == 0 && context & P11_KIT_URI_PARSE_TOKEN) - ret = parse_token_info (key, epos, spos, uri); - if (ret == 0 && context & P11_KIT_URI_PARSE_MODULE) - ret = parse_module_info (key, epos, spos, uri); - free (key); - - if (ret < 0) - return ret; - if (ret == 0) - uri->unrecognized = 1; - - if (*spos == '\0') - break; - string = spos + 1; - } - - return P11_KIT_URI_OK; -} - -void -p11_kit_uri_free (P11KitUri *uri) -{ - int i; - - if (!uri) - return; - - for (i = 0; i < NUM_ATTRS; ++i) - free (uri->attrs[i].pValue); - - free (uri); -} diff --git a/module/p11-kit-uri.h b/module/p11-kit-uri.h deleted file mode 100644 index 209f3d6..0000000 --- a/module/p11-kit-uri.h +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#include "pkcs11.h" - -#ifndef __P11_KIT_URI_H__ -#define __P11_KIT_URI_H__ - -#define P11_KIT_URI_PREFIX "pkcs11:" -#define P11_KIT_URI_PREFIX_LEN 7 - -typedef enum { - P11_KIT_URI_OK = 0, - P11_KIT_URI_NO_MEMORY = -1, - P11_KIT_URI_BAD_PREFIX = -2, - P11_KIT_URI_BAD_ENCODING = -3, - P11_KIT_URI_BAD_SYNTAX = -4, - P11_KIT_URI_BAD_VERSION = -5, - P11_KIT_URI_NOT_FOUND = -6, -} P11KitUriParseStatus; - -typedef enum { - P11_KIT_URI_PARSE_MODULE = (1 << 1), - P11_KIT_URI_PARSE_TOKEN = (1 << 2) | P11_KIT_URI_PARSE_MODULE, - P11_KIT_URI_PARSE_OBJECT = (1 << 3) | P11_KIT_URI_PARSE_TOKEN, - P11_KIT_URI_PARSE_ANY = 0xFFFFFFFF, -} P11KitUriContext; - -typedef struct _P11KitUri P11KitUri; - -CK_INFO_PTR p11_kit_uri_get_module_info (P11KitUri *uri); - -int p11_kit_uri_match_module_info (P11KitUri *uri, - CK_INFO_PTR info); - -CK_TOKEN_INFO_PTR p11_kit_uri_get_token_info (P11KitUri *uri); - -int p11_kit_uri_match_token_info (P11KitUri *uri, - CK_TOKEN_INFO_PTR token_info); - -CK_ATTRIBUTE_TYPE* p11_kit_uri_get_attribute_types (P11KitUri *uri, - int *n_types); - -CK_ATTRIBUTE_PTR p11_kit_uri_get_attribute (P11KitUri *uri, - CK_ATTRIBUTE_TYPE type); - -int p11_kit_uri_set_attribute (P11KitUri *uri, - CK_ATTRIBUTE_PTR attr); - -int p11_kit_uri_clear_attribute (P11KitUri *uri, - CK_ATTRIBUTE_TYPE type); - -int p11_kit_uri_match_attributes (P11KitUri *uri, - CK_ATTRIBUTE_PTR attrs, - CK_ULONG n_attrs); - -void p11_kit_uri_set_unrecognized (P11KitUri *uri, - int unrecognized); - -int p11_kit_uri_any_unrecognized (P11KitUri *uri); - -P11KitUri* p11_kit_uri_new (void); - -int p11_kit_uri_format (P11KitUri *uri, - char **string); - -int p11_kit_uri_parse (const char *string, - P11KitUriContext context, - P11KitUri *uri); - -void p11_kit_uri_free (P11KitUri *uri); - -#endif /* __P11_KIT_URI_H__ */ diff --git a/module/p11-kit.h b/module/p11-kit.h deleted file mode 100644 index b035f56..0000000 --- a/module/p11-kit.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2011, Collabora Ltd. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * Author: Stef Walter - */ - -#ifndef __P11_KIT_H__ -#define __P11_KIT_H__ - -#include "pkcs11.h" - -CK_RV p11_kit_initialize_registered (void); - -CK_RV p11_kit_finalize_registered (void); - -CK_FUNCTION_LIST_PTR* p11_kit_registered_modules (void); - -char* p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR funcs); - -CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module (const char *name); - -char* p11_kit_registered_option (CK_FUNCTION_LIST_PTR funcs, - const char *field); - -CK_RV p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs); - -CK_RV p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs); - -const char* p11_kit_strerror (CK_RV rv); - -#endif /* __P11_KIT_H__ */ diff --git a/module/p11-kit.pc.in b/module/p11-kit.pc.in deleted file mode 100644 index d80167e..0000000 --- a/module/p11-kit.pc.in +++ /dev/null @@ -1,17 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ -datarootdir=@datarootdir@ -datadir=@datadir@ -sysconfdir=@sysconfdir@ -p11_system_conf=@p11_system_conf@ -p11_system_modules=@p11_system_modules@ -p11_user_conf=@p11_user_conf@ -p11_user_modules=@p11_user_modules@ - -Name: p11-kit -Description: Library and proxy module for properly loading and sharing PKCS#11 modules. -Version: @VERSION@ -Libs: -L${libdir} -lp11-kit -Cflags: -I${includedir}/p11-kit diff --git a/module/pkcs11.h b/module/pkcs11.h deleted file mode 100644 index b8be30f..0000000 --- a/module/pkcs11.h +++ /dev/null @@ -1,1357 +0,0 @@ -/* pkcs11.h - Copyright 2006, 2007 g10 Code GmbH - Copyright 2006 Andreas Jellinghaus - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even - the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - PURPOSE. */ - -/* Please submit changes back to the Scute project at - http://www.scute.org/ (or send them to marcus@g10code.com), so that - they can be picked up by other projects from there as well. */ - -/* This file is a modified implementation of the PKCS #11 standard by - RSA Security Inc. It is mostly a drop-in replacement, with the - following change: - - This header file does not require any macro definitions by the user - (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros - for you (if useful, some are missing, let me know if you need - more). - - There is an additional API available that does comply better to the - GNU coding standard. It can be switched on by defining - CRYPTOKI_GNU before including this header file. For this, the - following changes are made to the specification: - - All structure types are changed to a "struct ck_foo" where CK_FOO - is the type name in PKCS #11. - - All non-structure types are changed to ck_foo_t where CK_FOO is the - lowercase version of the type name in PKCS #11. The basic types - (CK_ULONG et al.) are removed without substitute. - - All members of structures are modified in the following way: Type - indication prefixes are removed, and underscore characters are - inserted before words. Then the result is lowercased. - - Note that function names are still in the original case, as they - need for ABI compatibility. - - CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use - . - - If CRYPTOKI_COMPAT is defined before including this header file, - then none of the API changes above take place, and the API is the - one defined by the PKCS #11 standard. */ - -#ifndef PKCS11_H -#define PKCS11_H 1 - -#if defined(__cplusplus) -extern "C" { -#endif - - -/* The version of cryptoki we implement. The revision is changed with - each modification of this file. If you do not use the "official" - version of this file, please consider deleting the revision macro - (you may use a macro with a different name to keep track of your - versions). */ -#define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 20 -#define CRYPTOKI_VERSION_REVISION 6 - - -/* Compatibility interface is default, unless CRYPTOKI_GNU is - given. */ -#ifndef CRYPTOKI_GNU -#ifndef CRYPTOKI_COMPAT -#define CRYPTOKI_COMPAT 1 -#endif -#endif - -/* System dependencies. */ - -#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) - -/* There is a matching pop below. */ -#pragma pack(push, cryptoki, 1) - -#ifdef CRYPTOKI_EXPORTS -#define CK_SPEC __declspec(dllexport) -#else -#define CK_SPEC __declspec(dllimport) -#endif - -#else - -#define CK_SPEC - -#endif - - -#ifdef CRYPTOKI_COMPAT - /* If we are in compatibility mode, switch all exposed names to the - PKCS #11 variant. There are corresponding #undefs below. */ - -#define ck_flags_t CK_FLAGS -#define ck_version _CK_VERSION - -#define ck_info _CK_INFO -#define cryptoki_version cryptokiVersion -#define manufacturer_id manufacturerID -#define library_description libraryDescription -#define library_version libraryVersion - -#define ck_notification_t CK_NOTIFICATION -#define ck_slot_id_t CK_SLOT_ID - -#define ck_slot_info _CK_SLOT_INFO -#define slot_description slotDescription -#define hardware_version hardwareVersion -#define firmware_version firmwareVersion - -#define ck_token_info _CK_TOKEN_INFO -#define serial_number serialNumber -#define max_session_count ulMaxSessionCount -#define session_count ulSessionCount -#define max_rw_session_count ulMaxRwSessionCount -#define rw_session_count ulRwSessionCount -#define max_pin_len ulMaxPinLen -#define min_pin_len ulMinPinLen -#define total_public_memory ulTotalPublicMemory -#define free_public_memory ulFreePublicMemory -#define total_private_memory ulTotalPrivateMemory -#define free_private_memory ulFreePrivateMemory -#define utc_time utcTime - -#define ck_session_handle_t CK_SESSION_HANDLE -#define ck_user_type_t CK_USER_TYPE -#define ck_state_t CK_STATE - -#define ck_session_info _CK_SESSION_INFO -#define slot_id slotID -#define device_error ulDeviceError - -#define ck_object_handle_t CK_OBJECT_HANDLE -#define ck_object_class_t CK_OBJECT_CLASS -#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE -#define ck_key_type_t CK_KEY_TYPE -#define ck_certificate_type_t CK_CERTIFICATE_TYPE -#define ck_attribute_type_t CK_ATTRIBUTE_TYPE - -#define ck_attribute _CK_ATTRIBUTE -#define value pValue -#define value_len ulValueLen - -#define ck_date _CK_DATE - -#define ck_mechanism_type_t CK_MECHANISM_TYPE - -#define ck_mechanism _CK_MECHANISM -#define parameter pParameter -#define parameter_len ulParameterLen - -#define ck_mechanism_info _CK_MECHANISM_INFO -#define min_key_size ulMinKeySize -#define max_key_size ulMaxKeySize - -#define ck_rv_t CK_RV -#define ck_notify_t CK_NOTIFY - -#define ck_function_list _CK_FUNCTION_LIST - -#define ck_createmutex_t CK_CREATEMUTEX -#define ck_destroymutex_t CK_DESTROYMUTEX -#define ck_lockmutex_t CK_LOCKMUTEX -#define ck_unlockmutex_t CK_UNLOCKMUTEX - -#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS -#define create_mutex CreateMutex -#define destroy_mutex DestroyMutex -#define lock_mutex LockMutex -#define unlock_mutex UnlockMutex -#define reserved pReserved - -#endif /* CRYPTOKI_COMPAT */ - - - -typedef unsigned long ck_flags_t; - -struct ck_version -{ - unsigned char major; - unsigned char minor; -}; - - -struct ck_info -{ - struct ck_version cryptoki_version; - unsigned char manufacturer_id[32]; - ck_flags_t flags; - unsigned char library_description[32]; - struct ck_version library_version; -}; - - -typedef unsigned long ck_notification_t; - -#define CKN_SURRENDER (0UL) - - -typedef unsigned long ck_slot_id_t; - - -struct ck_slot_info -{ - unsigned char slot_description[64]; - unsigned char manufacturer_id[32]; - ck_flags_t flags; - struct ck_version hardware_version; - struct ck_version firmware_version; -}; - - -#define CKF_TOKEN_PRESENT (1UL << 0) -#define CKF_REMOVABLE_DEVICE (1UL << 1) -#define CKF_HW_SLOT (1UL << 2) -#define CKF_ARRAY_ATTRIBUTE (1UL << 30) - - -struct ck_token_info -{ - unsigned char label[32]; - unsigned char manufacturer_id[32]; - unsigned char model[16]; - unsigned char serial_number[16]; - ck_flags_t flags; - unsigned long max_session_count; - unsigned long session_count; - unsigned long max_rw_session_count; - unsigned long rw_session_count; - unsigned long max_pin_len; - unsigned long min_pin_len; - unsigned long total_public_memory; - unsigned long free_public_memory; - unsigned long total_private_memory; - unsigned long free_private_memory; - struct ck_version hardware_version; - struct ck_version firmware_version; - unsigned char utc_time[16]; -}; - - -#define CKF_RNG (1UL << 0) -#define CKF_WRITE_PROTECTED (1UL << 1) -#define CKF_LOGIN_REQUIRED (1UL << 2) -#define CKF_USER_PIN_INITIALIZED (1UL << 3) -#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) -#define CKF_CLOCK_ON_TOKEN (1UL << 6) -#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) -#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) -#define CKF_TOKEN_INITIALIZED (1UL << 10) -#define CKF_SECONDARY_AUTHENTICATION (1UL << 11) -#define CKF_USER_PIN_COUNT_LOW (1UL << 16) -#define CKF_USER_PIN_FINAL_TRY (1UL << 17) -#define CKF_USER_PIN_LOCKED (1UL << 18) -#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) -#define CKF_SO_PIN_COUNT_LOW (1UL << 20) -#define CKF_SO_PIN_FINAL_TRY (1UL << 21) -#define CKF_SO_PIN_LOCKED (1UL << 22) -#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) - -#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) -#define CK_EFFECTIVELY_INFINITE (0UL) - - -typedef unsigned long ck_session_handle_t; - -#define CK_INVALID_HANDLE (0UL) - - -typedef unsigned long ck_user_type_t; - -#define CKU_SO (0UL) -#define CKU_USER (1UL) -#define CKU_CONTEXT_SPECIFIC (2UL) - - -typedef unsigned long ck_state_t; - -#define CKS_RO_PUBLIC_SESSION (0UL) -#define CKS_RO_USER_FUNCTIONS (1UL) -#define CKS_RW_PUBLIC_SESSION (2UL) -#define CKS_RW_USER_FUNCTIONS (3UL) -#define CKS_RW_SO_FUNCTIONS (4UL) - - -struct ck_session_info -{ - ck_slot_id_t slot_id; - ck_state_t state; - ck_flags_t flags; - unsigned long device_error; -}; - -#define CKF_RW_SESSION (1UL << 1) -#define CKF_SERIAL_SESSION (1UL << 2) - - -typedef unsigned long ck_object_handle_t; - - -typedef unsigned long ck_object_class_t; - -#define CKO_DATA (0UL) -#define CKO_CERTIFICATE (1UL) -#define CKO_PUBLIC_KEY (2UL) -#define CKO_PRIVATE_KEY (3UL) -#define CKO_SECRET_KEY (4UL) -#define CKO_HW_FEATURE (5UL) -#define CKO_DOMAIN_PARAMETERS (6UL) -#define CKO_MECHANISM (7UL) -#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -typedef unsigned long ck_hw_feature_type_t; - -#define CKH_MONOTONIC_COUNTER (1UL) -#define CKH_CLOCK (2UL) -#define CKH_USER_INTERFACE (3UL) -#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -typedef unsigned long ck_key_type_t; - -#define CKK_RSA (0UL) -#define CKK_DSA (1UL) -#define CKK_DH (2UL) -#define CKK_ECDSA (3UL) -#define CKK_EC (3UL) -#define CKK_X9_42_DH (4UL) -#define CKK_KEA (5UL) -#define CKK_GENERIC_SECRET (0x10UL) -#define CKK_RC2 (0x11UL) -#define CKK_RC4 (0x12UL) -#define CKK_DES (0x13UL) -#define CKK_DES2 (0x14UL) -#define CKK_DES3 (0x15UL) -#define CKK_CAST (0x16UL) -#define CKK_CAST3 (0x17UL) -#define CKK_CAST128 (0x18UL) -#define CKK_RC5 (0x19UL) -#define CKK_IDEA (0x1aUL) -#define CKK_SKIPJACK (0x1bUL) -#define CKK_BATON (0x1cUL) -#define CKK_JUNIPER (0x1dUL) -#define CKK_CDMF (0x1eUL) -#define CKK_AES (0x1fUL) -#define CKK_BLOWFISH (0x20UL) -#define CKK_TWOFISH (0x21UL) -#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -typedef unsigned long ck_certificate_type_t; - -#define CKC_X_509 (0UL) -#define CKC_X_509_ATTR_CERT (1UL) -#define CKC_WTLS (2UL) -#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -typedef unsigned long ck_attribute_type_t; - -#define CKA_CLASS (0UL) -#define CKA_TOKEN (1UL) -#define CKA_PRIVATE (2UL) -#define CKA_LABEL (3UL) -#define CKA_APPLICATION (0x10UL) -#define CKA_VALUE (0x11UL) -#define CKA_OBJECT_ID (0x12UL) -#define CKA_CERTIFICATE_TYPE (0x80UL) -#define CKA_ISSUER (0x81UL) -#define CKA_SERIAL_NUMBER (0x82UL) -#define CKA_AC_ISSUER (0x83UL) -#define CKA_OWNER (0x84UL) -#define CKA_ATTR_TYPES (0x85UL) -#define CKA_TRUSTED (0x86UL) -#define CKA_CERTIFICATE_CATEGORY (0x87UL) -#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) -#define CKA_URL (0x89UL) -#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) -#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) -#define CKA_CHECK_VALUE (0x90UL) -#define CKA_KEY_TYPE (0x100UL) -#define CKA_SUBJECT (0x101UL) -#define CKA_ID (0x102UL) -#define CKA_SENSITIVE (0x103UL) -#define CKA_ENCRYPT (0x104UL) -#define CKA_DECRYPT (0x105UL) -#define CKA_WRAP (0x106UL) -#define CKA_UNWRAP (0x107UL) -#define CKA_SIGN (0x108UL) -#define CKA_SIGN_RECOVER (0x109UL) -#define CKA_VERIFY (0x10aUL) -#define CKA_VERIFY_RECOVER (0x10bUL) -#define CKA_DERIVE (0x10cUL) -#define CKA_START_DATE (0x110UL) -#define CKA_END_DATE (0x111UL) -#define CKA_MODULUS (0x120UL) -#define CKA_MODULUS_BITS (0x121UL) -#define CKA_PUBLIC_EXPONENT (0x122UL) -#define CKA_PRIVATE_EXPONENT (0x123UL) -#define CKA_PRIME_1 (0x124UL) -#define CKA_PRIME_2 (0x125UL) -#define CKA_EXPONENT_1 (0x126UL) -#define CKA_EXPONENT_2 (0x127UL) -#define CKA_COEFFICIENT (0x128UL) -#define CKA_PRIME (0x130UL) -#define CKA_SUBPRIME (0x131UL) -#define CKA_BASE (0x132UL) -#define CKA_PRIME_BITS (0x133UL) -#define CKA_SUB_PRIME_BITS (0x134UL) -#define CKA_VALUE_BITS (0x160UL) -#define CKA_VALUE_LEN (0x161UL) -#define CKA_EXTRACTABLE (0x162UL) -#define CKA_LOCAL (0x163UL) -#define CKA_NEVER_EXTRACTABLE (0x164UL) -#define CKA_ALWAYS_SENSITIVE (0x165UL) -#define CKA_KEY_GEN_MECHANISM (0x166UL) -#define CKA_MODIFIABLE (0x170UL) -#define CKA_ECDSA_PARAMS (0x180UL) -#define CKA_EC_PARAMS (0x180UL) -#define CKA_EC_POINT (0x181UL) -#define CKA_SECONDARY_AUTH (0x200UL) -#define CKA_AUTH_PIN_FLAGS (0x201UL) -#define CKA_ALWAYS_AUTHENTICATE (0x202UL) -#define CKA_WRAP_WITH_TRUSTED (0x210UL) -#define CKA_HW_FEATURE_TYPE (0x300UL) -#define CKA_RESET_ON_INIT (0x301UL) -#define CKA_HAS_RESET (0x302UL) -#define CKA_PIXEL_X (0x400UL) -#define CKA_PIXEL_Y (0x401UL) -#define CKA_RESOLUTION (0x402UL) -#define CKA_CHAR_ROWS (0x403UL) -#define CKA_CHAR_COLUMNS (0x404UL) -#define CKA_COLOR (0x405UL) -#define CKA_BITS_PER_PIXEL (0x406UL) -#define CKA_CHAR_SETS (0x480UL) -#define CKA_ENCODING_METHODS (0x481UL) -#define CKA_MIME_TYPES (0x482UL) -#define CKA_MECHANISM_TYPE (0x500UL) -#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) -#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) -#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) -#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) -#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) -#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) -#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -struct ck_attribute -{ - ck_attribute_type_t type; - void *value; - unsigned long value_len; -}; - - -struct ck_date -{ - unsigned char year[4]; - unsigned char month[2]; - unsigned char day[2]; -}; - - -typedef unsigned long ck_mechanism_type_t; - -#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) -#define CKM_RSA_PKCS (1UL) -#define CKM_RSA_9796 (2UL) -#define CKM_RSA_X_509 (3UL) -#define CKM_MD2_RSA_PKCS (4UL) -#define CKM_MD5_RSA_PKCS (5UL) -#define CKM_SHA1_RSA_PKCS (6UL) -#define CKM_RIPEMD128_RSA_PKCS (7UL) -#define CKM_RIPEMD160_RSA_PKCS (8UL) -#define CKM_RSA_PKCS_OAEP (9UL) -#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) -#define CKM_RSA_X9_31 (0xbUL) -#define CKM_SHA1_RSA_X9_31 (0xcUL) -#define CKM_RSA_PKCS_PSS (0xdUL) -#define CKM_SHA1_RSA_PKCS_PSS (0xeUL) -#define CKM_DSA_KEY_PAIR_GEN (0x10UL) -#define CKM_DSA (0x11UL) -#define CKM_DSA_SHA1 (0x12UL) -#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) -#define CKM_DH_PKCS_DERIVE (0x21UL) -#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) -#define CKM_X9_42_DH_DERIVE (0x31UL) -#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) -#define CKM_X9_42_MQV_DERIVE (0x33UL) -#define CKM_SHA256_RSA_PKCS (0x40UL) -#define CKM_SHA384_RSA_PKCS (0x41UL) -#define CKM_SHA512_RSA_PKCS (0x42UL) -#define CKM_SHA256_RSA_PKCS_PSS (0x43UL) -#define CKM_SHA384_RSA_PKCS_PSS (0x44UL) -#define CKM_SHA512_RSA_PKCS_PSS (0x45UL) -#define CKM_RC2_KEY_GEN (0x100UL) -#define CKM_RC2_ECB (0x101UL) -#define CKM_RC2_CBC (0x102UL) -#define CKM_RC2_MAC (0x103UL) -#define CKM_RC2_MAC_GENERAL (0x104UL) -#define CKM_RC2_CBC_PAD (0x105UL) -#define CKM_RC4_KEY_GEN (0x110UL) -#define CKM_RC4 (0x111UL) -#define CKM_DES_KEY_GEN (0x120UL) -#define CKM_DES_ECB (0x121UL) -#define CKM_DES_CBC (0x122UL) -#define CKM_DES_MAC (0x123UL) -#define CKM_DES_MAC_GENERAL (0x124UL) -#define CKM_DES_CBC_PAD (0x125UL) -#define CKM_DES2_KEY_GEN (0x130UL) -#define CKM_DES3_KEY_GEN (0x131UL) -#define CKM_DES3_ECB (0x132UL) -#define CKM_DES3_CBC (0x133UL) -#define CKM_DES3_MAC (0x134UL) -#define CKM_DES3_MAC_GENERAL (0x135UL) -#define CKM_DES3_CBC_PAD (0x136UL) -#define CKM_CDMF_KEY_GEN (0x140UL) -#define CKM_CDMF_ECB (0x141UL) -#define CKM_CDMF_CBC (0x142UL) -#define CKM_CDMF_MAC (0x143UL) -#define CKM_CDMF_MAC_GENERAL (0x144UL) -#define CKM_CDMF_CBC_PAD (0x145UL) -#define CKM_MD2 (0x200UL) -#define CKM_MD2_HMAC (0x201UL) -#define CKM_MD2_HMAC_GENERAL (0x202UL) -#define CKM_MD5 (0x210UL) -#define CKM_MD5_HMAC (0x211UL) -#define CKM_MD5_HMAC_GENERAL (0x212UL) -#define CKM_SHA_1 (0x220UL) -#define CKM_SHA_1_HMAC (0x221UL) -#define CKM_SHA_1_HMAC_GENERAL (0x222UL) -#define CKM_RIPEMD128 (0x230UL) -#define CKM_RIPEMD128_HMAC (0x231UL) -#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) -#define CKM_RIPEMD160 (0x240UL) -#define CKM_RIPEMD160_HMAC (0x241UL) -#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) -#define CKM_SHA256 (0x250UL) -#define CKM_SHA256_HMAC (0x251UL) -#define CKM_SHA256_HMAC_GENERAL (0x252UL) -#define CKM_SHA384 (0x260UL) -#define CKM_SHA384_HMAC (0x261UL) -#define CKM_SHA384_HMAC_GENERAL (0x262UL) -#define CKM_SHA512 (0x270UL) -#define CKM_SHA512_HMAC (0x271UL) -#define CKM_SHA512_HMAC_GENERAL (0x272UL) -#define CKM_CAST_KEY_GEN (0x300UL) -#define CKM_CAST_ECB (0x301UL) -#define CKM_CAST_CBC (0x302UL) -#define CKM_CAST_MAC (0x303UL) -#define CKM_CAST_MAC_GENERAL (0x304UL) -#define CKM_CAST_CBC_PAD (0x305UL) -#define CKM_CAST3_KEY_GEN (0x310UL) -#define CKM_CAST3_ECB (0x311UL) -#define CKM_CAST3_CBC (0x312UL) -#define CKM_CAST3_MAC (0x313UL) -#define CKM_CAST3_MAC_GENERAL (0x314UL) -#define CKM_CAST3_CBC_PAD (0x315UL) -#define CKM_CAST5_KEY_GEN (0x320UL) -#define CKM_CAST128_KEY_GEN (0x320UL) -#define CKM_CAST5_ECB (0x321UL) -#define CKM_CAST128_ECB (0x321UL) -#define CKM_CAST5_CBC (0x322UL) -#define CKM_CAST128_CBC (0x322UL) -#define CKM_CAST5_MAC (0x323UL) -#define CKM_CAST128_MAC (0x323UL) -#define CKM_CAST5_MAC_GENERAL (0x324UL) -#define CKM_CAST128_MAC_GENERAL (0x324UL) -#define CKM_CAST5_CBC_PAD (0x325UL) -#define CKM_CAST128_CBC_PAD (0x325UL) -#define CKM_RC5_KEY_GEN (0x330UL) -#define CKM_RC5_ECB (0x331UL) -#define CKM_RC5_CBC (0x332UL) -#define CKM_RC5_MAC (0x333UL) -#define CKM_RC5_MAC_GENERAL (0x334UL) -#define CKM_RC5_CBC_PAD (0x335UL) -#define CKM_IDEA_KEY_GEN (0x340UL) -#define CKM_IDEA_ECB (0x341UL) -#define CKM_IDEA_CBC (0x342UL) -#define CKM_IDEA_MAC (0x343UL) -#define CKM_IDEA_MAC_GENERAL (0x344UL) -#define CKM_IDEA_CBC_PAD (0x345UL) -#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) -#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) -#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) -#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) -#define CKM_XOR_BASE_AND_DATA (0x364UL) -#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) -#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) -#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) -#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) -#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) -#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) -#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) -#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) -#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) -#define CKM_SSL3_MD5_MAC (0x380UL) -#define CKM_SSL3_SHA1_MAC (0x381UL) -#define CKM_MD5_KEY_DERIVATION (0x390UL) -#define CKM_MD2_KEY_DERIVATION (0x391UL) -#define CKM_SHA1_KEY_DERIVATION (0x392UL) -#define CKM_PBE_MD2_DES_CBC (0x3a0UL) -#define CKM_PBE_MD5_DES_CBC (0x3a1UL) -#define CKM_PBE_MD5_CAST_CBC (0x3a2UL) -#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) -#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) -#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) -#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) -#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) -#define CKM_PBE_SHA1_RC4_128 (0x3a6UL) -#define CKM_PBE_SHA1_RC4_40 (0x3a7UL) -#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) -#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) -#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) -#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) -#define CKM_PKCS5_PBKD2 (0x3b0UL) -#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) -#define CKM_KEY_WRAP_LYNKS (0x400UL) -#define CKM_KEY_WRAP_SET_OAEP (0x401UL) -#define CKM_SKIPJACK_KEY_GEN (0x1000UL) -#define CKM_SKIPJACK_ECB64 (0x1001UL) -#define CKM_SKIPJACK_CBC64 (0x1002UL) -#define CKM_SKIPJACK_OFB64 (0x1003UL) -#define CKM_SKIPJACK_CFB64 (0x1004UL) -#define CKM_SKIPJACK_CFB32 (0x1005UL) -#define CKM_SKIPJACK_CFB16 (0x1006UL) -#define CKM_SKIPJACK_CFB8 (0x1007UL) -#define CKM_SKIPJACK_WRAP (0x1008UL) -#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) -#define CKM_SKIPJACK_RELAYX (0x100aUL) -#define CKM_KEA_KEY_PAIR_GEN (0x1010UL) -#define CKM_KEA_KEY_DERIVE (0x1011UL) -#define CKM_FORTEZZA_TIMESTAMP (0x1020UL) -#define CKM_BATON_KEY_GEN (0x1030UL) -#define CKM_BATON_ECB128 (0x1031UL) -#define CKM_BATON_ECB96 (0x1032UL) -#define CKM_BATON_CBC128 (0x1033UL) -#define CKM_BATON_COUNTER (0x1034UL) -#define CKM_BATON_SHUFFLE (0x1035UL) -#define CKM_BATON_WRAP (0x1036UL) -#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) -#define CKM_EC_KEY_PAIR_GEN (0x1040UL) -#define CKM_ECDSA (0x1041UL) -#define CKM_ECDSA_SHA1 (0x1042UL) -#define CKM_ECDH1_DERIVE (0x1050UL) -#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) -#define CKM_ECMQV_DERIVE (0x1052UL) -#define CKM_JUNIPER_KEY_GEN (0x1060UL) -#define CKM_JUNIPER_ECB128 (0x1061UL) -#define CKM_JUNIPER_CBC128 (0x1062UL) -#define CKM_JUNIPER_COUNTER (0x1063UL) -#define CKM_JUNIPER_SHUFFLE (0x1064UL) -#define CKM_JUNIPER_WRAP (0x1065UL) -#define CKM_FASTHASH (0x1070UL) -#define CKM_AES_KEY_GEN (0x1080UL) -#define CKM_AES_ECB (0x1081UL) -#define CKM_AES_CBC (0x1082UL) -#define CKM_AES_MAC (0x1083UL) -#define CKM_AES_MAC_GENERAL (0x1084UL) -#define CKM_AES_CBC_PAD (0x1085UL) -#define CKM_DSA_PARAMETER_GEN (0x2000UL) -#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) -#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) -#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - -struct ck_mechanism -{ - ck_mechanism_type_t mechanism; - void *parameter; - unsigned long parameter_len; -}; - - -struct ck_mechanism_info -{ - unsigned long min_key_size; - unsigned long max_key_size; - ck_flags_t flags; -}; - -#define CKF_HW (1UL << 0) -#define CKF_ENCRYPT (1UL << 8) -#define CKF_DECRYPT (1UL << 9) -#define CKF_DIGEST (1UL << 10) -#define CKF_SIGN (1UL << 11) -#define CKF_SIGN_RECOVER (1UL << 12) -#define CKF_VERIFY (1UL << 13) -#define CKF_VERIFY_RECOVER (1UL << 14) -#define CKF_GENERATE (1UL << 15) -#define CKF_GENERATE_KEY_PAIR (1UL << 16) -#define CKF_WRAP (1UL << 17) -#define CKF_UNWRAP (1UL << 18) -#define CKF_DERIVE (1UL << 19) -#define CKF_EXTENSION ((unsigned long) (1UL << 31)) - - -/* Flags for C_WaitForSlotEvent. */ -#define CKF_DONT_BLOCK (1UL) - - -typedef unsigned long ck_rv_t; - - -typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, - ck_notification_t event, void *application); - -/* Forward reference. */ -struct ck_function_list; - -#define _CK_DECLARE_FUNCTION(name, args) \ -typedef ck_rv_t (*CK_ ## name) args; \ -ck_rv_t CK_SPEC name args - -_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); -_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); -_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); -_CK_DECLARE_FUNCTION (C_GetFunctionList, - (struct ck_function_list **function_list)); - -_CK_DECLARE_FUNCTION (C_GetSlotList, - (unsigned char token_present, ck_slot_id_t *slot_list, - unsigned long *count)); -_CK_DECLARE_FUNCTION (C_GetSlotInfo, - (ck_slot_id_t slot_id, struct ck_slot_info *info)); -_CK_DECLARE_FUNCTION (C_GetTokenInfo, - (ck_slot_id_t slot_id, struct ck_token_info *info)); -_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, - (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); -_CK_DECLARE_FUNCTION (C_GetMechanismList, - (ck_slot_id_t slot_id, - ck_mechanism_type_t *mechanism_list, - unsigned long *count)); -_CK_DECLARE_FUNCTION (C_GetMechanismInfo, - (ck_slot_id_t slot_id, ck_mechanism_type_t type, - struct ck_mechanism_info *info)); -_CK_DECLARE_FUNCTION (C_InitToken, - (ck_slot_id_t slot_id, unsigned char *pin, - unsigned long pin_len, unsigned char *label)); -_CK_DECLARE_FUNCTION (C_InitPIN, - (ck_session_handle_t session, unsigned char *pin, - unsigned long pin_len)); -_CK_DECLARE_FUNCTION (C_SetPIN, - (ck_session_handle_t session, unsigned char *old_pin, - unsigned long old_len, unsigned char *new_pin, - unsigned long new_len)); - -_CK_DECLARE_FUNCTION (C_OpenSession, - (ck_slot_id_t slot_id, ck_flags_t flags, - void *application, ck_notify_t notify, - ck_session_handle_t *session)); -_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); -_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); -_CK_DECLARE_FUNCTION (C_GetSessionInfo, - (ck_session_handle_t session, - struct ck_session_info *info)); -_CK_DECLARE_FUNCTION (C_GetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long *operation_state_len)); -_CK_DECLARE_FUNCTION (C_SetOperationState, - (ck_session_handle_t session, - unsigned char *operation_state, - unsigned long operation_state_len, - ck_object_handle_t encryption_key, - ck_object_handle_t authentiation_key)); -_CK_DECLARE_FUNCTION (C_Login, - (ck_session_handle_t session, ck_user_type_t user_type, - unsigned char *pin, unsigned long pin_len)); -_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); - -_CK_DECLARE_FUNCTION (C_CreateObject, - (ck_session_handle_t session, - struct ck_attribute *templ, - unsigned long count, ck_object_handle_t *object)); -_CK_DECLARE_FUNCTION (C_CopyObject, - (ck_session_handle_t session, ck_object_handle_t object, - struct ck_attribute *templ, unsigned long count, - ck_object_handle_t *new_object)); -_CK_DECLARE_FUNCTION (C_DestroyObject, - (ck_session_handle_t session, - ck_object_handle_t object)); -_CK_DECLARE_FUNCTION (C_GetObjectSize, - (ck_session_handle_t session, - ck_object_handle_t object, - unsigned long *size)); -_CK_DECLARE_FUNCTION (C_GetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_SetAttributeValue, - (ck_session_handle_t session, - ck_object_handle_t object, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_FindObjectsInit, - (ck_session_handle_t session, - struct ck_attribute *templ, - unsigned long count)); -_CK_DECLARE_FUNCTION (C_FindObjects, - (ck_session_handle_t session, - ck_object_handle_t *object, - unsigned long max_object_count, - unsigned long *object_count)); -_CK_DECLARE_FUNCTION (C_FindObjectsFinal, - (ck_session_handle_t session)); - -_CK_DECLARE_FUNCTION (C_EncryptInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Encrypt, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *encrypted_data, - unsigned long *encrypted_data_len)); -_CK_DECLARE_FUNCTION (C_EncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_EncryptFinal, - (ck_session_handle_t session, - unsigned char *last_encrypted_part, - unsigned long *last_encrypted_part_len)); - -_CK_DECLARE_FUNCTION (C_DecryptInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Decrypt, - (ck_session_handle_t session, - unsigned char *encrypted_data, - unsigned long encrypted_data_len, - unsigned char *data, unsigned long *data_len)); -_CK_DECLARE_FUNCTION (C_DecryptUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, unsigned long *part_len)); -_CK_DECLARE_FUNCTION (C_DecryptFinal, - (ck_session_handle_t session, - unsigned char *last_part, - unsigned long *last_part_len)); - -_CK_DECLARE_FUNCTION (C_DigestInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism)); -_CK_DECLARE_FUNCTION (C_Digest, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *digest, - unsigned long *digest_len)); -_CK_DECLARE_FUNCTION (C_DigestUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_DigestKey, - (ck_session_handle_t session, ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_DigestFinal, - (ck_session_handle_t session, - unsigned char *digest, - unsigned long *digest_len)); - -_CK_DECLARE_FUNCTION (C_SignInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Sign, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); -_CK_DECLARE_FUNCTION (C_SignUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_SignFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long *signature_len)); -_CK_DECLARE_FUNCTION (C_SignRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_SignRecover, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long *signature_len)); - -_CK_DECLARE_FUNCTION (C_VerifyInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_Verify, - (ck_session_handle_t session, - unsigned char *data, unsigned long data_len, - unsigned char *signature, - unsigned long signature_len)); -_CK_DECLARE_FUNCTION (C_VerifyUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len)); -_CK_DECLARE_FUNCTION (C_VerifyFinal, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len)); -_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t key)); -_CK_DECLARE_FUNCTION (C_VerifyRecover, - (ck_session_handle_t session, - unsigned char *signature, - unsigned long signature_len, - unsigned char *data, - unsigned long *data_len)); - -_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len)); -_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, - (ck_session_handle_t session, - unsigned char *part, unsigned long part_len, - unsigned char *encrypted_part, - unsigned long *encrypted_part_len)); -_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, - (ck_session_handle_t session, - unsigned char *encrypted_part, - unsigned long encrypted_part_len, - unsigned char *part, - unsigned long *part_len)); - -_CK_DECLARE_FUNCTION (C_GenerateKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - struct ck_attribute *templ, - unsigned long count, - ck_object_handle_t *key)); -_CK_DECLARE_FUNCTION (C_GenerateKeyPair, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - struct ck_attribute *public_key_template, - unsigned long public_key_attribute_count, - struct ck_attribute *private_key_template, - unsigned long private_key_attribute_count, - ck_object_handle_t *public_key, - ck_object_handle_t *private_key)); -_CK_DECLARE_FUNCTION (C_WrapKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t wrapping_key, - ck_object_handle_t key, - unsigned char *wrapped_key, - unsigned long *wrapped_key_len)); -_CK_DECLARE_FUNCTION (C_UnwrapKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t unwrapping_key, - unsigned char *wrapped_key, - unsigned long wrapped_key_len, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key)); -_CK_DECLARE_FUNCTION (C_DeriveKey, - (ck_session_handle_t session, - struct ck_mechanism *mechanism, - ck_object_handle_t base_key, - struct ck_attribute *templ, - unsigned long attribute_count, - ck_object_handle_t *key)); - -_CK_DECLARE_FUNCTION (C_SeedRandom, - (ck_session_handle_t session, unsigned char *seed, - unsigned long seed_len)); -_CK_DECLARE_FUNCTION (C_GenerateRandom, - (ck_session_handle_t session, - unsigned char *random_data, - unsigned long random_len)); - -_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); -_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); - - -struct ck_function_list -{ - struct ck_version version; - CK_C_Initialize C_Initialize; - CK_C_Finalize C_Finalize; - CK_C_GetInfo C_GetInfo; - CK_C_GetFunctionList C_GetFunctionList; - CK_C_GetSlotList C_GetSlotList; - CK_C_GetSlotInfo C_GetSlotInfo; - CK_C_GetTokenInfo C_GetTokenInfo; - CK_C_GetMechanismList C_GetMechanismList; - CK_C_GetMechanismInfo C_GetMechanismInfo; - CK_C_InitToken C_InitToken; - CK_C_InitPIN C_InitPIN; - CK_C_SetPIN C_SetPIN; - CK_C_OpenSession C_OpenSession; - CK_C_CloseSession C_CloseSession; - CK_C_CloseAllSessions C_CloseAllSessions; - CK_C_GetSessionInfo C_GetSessionInfo; - CK_C_GetOperationState C_GetOperationState; - CK_C_SetOperationState C_SetOperationState; - CK_C_Login C_Login; - CK_C_Logout C_Logout; - CK_C_CreateObject C_CreateObject; - CK_C_CopyObject C_CopyObject; - CK_C_DestroyObject C_DestroyObject; - CK_C_GetObjectSize C_GetObjectSize; - CK_C_GetAttributeValue C_GetAttributeValue; - CK_C_SetAttributeValue C_SetAttributeValue; - CK_C_FindObjectsInit C_FindObjectsInit; - CK_C_FindObjects C_FindObjects; - CK_C_FindObjectsFinal C_FindObjectsFinal; - CK_C_EncryptInit C_EncryptInit; - CK_C_Encrypt C_Encrypt; - CK_C_EncryptUpdate C_EncryptUpdate; - CK_C_EncryptFinal C_EncryptFinal; - CK_C_DecryptInit C_DecryptInit; - CK_C_Decrypt C_Decrypt; - CK_C_DecryptUpdate C_DecryptUpdate; - CK_C_DecryptFinal C_DecryptFinal; - CK_C_DigestInit C_DigestInit; - CK_C_Digest C_Digest; - CK_C_DigestUpdate C_DigestUpdate; - CK_C_DigestKey C_DigestKey; - CK_C_DigestFinal C_DigestFinal; - CK_C_SignInit C_SignInit; - CK_C_Sign C_Sign; - CK_C_SignUpdate C_SignUpdate; - CK_C_SignFinal C_SignFinal; - CK_C_SignRecoverInit C_SignRecoverInit; - CK_C_SignRecover C_SignRecover; - CK_C_VerifyInit C_VerifyInit; - CK_C_Verify C_Verify; - CK_C_VerifyUpdate C_VerifyUpdate; - CK_C_VerifyFinal C_VerifyFinal; - CK_C_VerifyRecoverInit C_VerifyRecoverInit; - CK_C_VerifyRecover C_VerifyRecover; - CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; - CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; - CK_C_SignEncryptUpdate C_SignEncryptUpdate; - CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; - CK_C_GenerateKey C_GenerateKey; - CK_C_GenerateKeyPair C_GenerateKeyPair; - CK_C_WrapKey C_WrapKey; - CK_C_UnwrapKey C_UnwrapKey; - CK_C_DeriveKey C_DeriveKey; - CK_C_SeedRandom C_SeedRandom; - CK_C_GenerateRandom C_GenerateRandom; - CK_C_GetFunctionStatus C_GetFunctionStatus; - CK_C_CancelFunction C_CancelFunction; - CK_C_WaitForSlotEvent C_WaitForSlotEvent; -}; - - -typedef ck_rv_t (*ck_createmutex_t) (void **mutex); -typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); -typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); -typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); - - -struct ck_c_initialize_args -{ - ck_createmutex_t create_mutex; - ck_destroymutex_t destroy_mutex; - ck_lockmutex_t lock_mutex; - ck_unlockmutex_t unlock_mutex; - ck_flags_t flags; - void *reserved; -}; - - -#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) -#define CKF_OS_LOCKING_OK (1UL << 1) - -#define CKR_OK (0UL) -#define CKR_CANCEL (1UL) -#define CKR_HOST_MEMORY (2UL) -#define CKR_SLOT_ID_INVALID (3UL) -#define CKR_GENERAL_ERROR (5UL) -#define CKR_FUNCTION_FAILED (6UL) -#define CKR_ARGUMENTS_BAD (7UL) -#define CKR_NO_EVENT (8UL) -#define CKR_NEED_TO_CREATE_THREADS (9UL) -#define CKR_CANT_LOCK (0xaUL) -#define CKR_ATTRIBUTE_READ_ONLY (0x10UL) -#define CKR_ATTRIBUTE_SENSITIVE (0x11UL) -#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) -#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) -#define CKR_DATA_INVALID (0x20UL) -#define CKR_DATA_LEN_RANGE (0x21UL) -#define CKR_DEVICE_ERROR (0x30UL) -#define CKR_DEVICE_MEMORY (0x31UL) -#define CKR_DEVICE_REMOVED (0x32UL) -#define CKR_ENCRYPTED_DATA_INVALID (0x40UL) -#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) -#define CKR_FUNCTION_CANCELED (0x50UL) -#define CKR_FUNCTION_NOT_PARALLEL (0x51UL) -#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) -#define CKR_KEY_HANDLE_INVALID (0x60UL) -#define CKR_KEY_SIZE_RANGE (0x62UL) -#define CKR_KEY_TYPE_INCONSISTENT (0x63UL) -#define CKR_KEY_NOT_NEEDED (0x64UL) -#define CKR_KEY_CHANGED (0x65UL) -#define CKR_KEY_NEEDED (0x66UL) -#define CKR_KEY_INDIGESTIBLE (0x67UL) -#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) -#define CKR_KEY_NOT_WRAPPABLE (0x69UL) -#define CKR_KEY_UNEXTRACTABLE (0x6aUL) -#define CKR_MECHANISM_INVALID (0x70UL) -#define CKR_MECHANISM_PARAM_INVALID (0x71UL) -#define CKR_OBJECT_HANDLE_INVALID (0x82UL) -#define CKR_OPERATION_ACTIVE (0x90UL) -#define CKR_OPERATION_NOT_INITIALIZED (0x91UL) -#define CKR_PIN_INCORRECT (0xa0UL) -#define CKR_PIN_INVALID (0xa1UL) -#define CKR_PIN_LEN_RANGE (0xa2UL) -#define CKR_PIN_EXPIRED (0xa3UL) -#define CKR_PIN_LOCKED (0xa4UL) -#define CKR_SESSION_CLOSED (0xb0UL) -#define CKR_SESSION_COUNT (0xb1UL) -#define CKR_SESSION_HANDLE_INVALID (0xb3UL) -#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) -#define CKR_SESSION_READ_ONLY (0xb5UL) -#define CKR_SESSION_EXISTS (0xb6UL) -#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) -#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) -#define CKR_SIGNATURE_INVALID (0xc0UL) -#define CKR_SIGNATURE_LEN_RANGE (0xc1UL) -#define CKR_TEMPLATE_INCOMPLETE (0xd0UL) -#define CKR_TEMPLATE_INCONSISTENT (0xd1UL) -#define CKR_TOKEN_NOT_PRESENT (0xe0UL) -#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) -#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) -#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) -#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) -#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) -#define CKR_USER_ALREADY_LOGGED_IN (0x100UL) -#define CKR_USER_NOT_LOGGED_IN (0x101UL) -#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) -#define CKR_USER_TYPE_INVALID (0x103UL) -#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) -#define CKR_USER_TOO_MANY_TYPES (0x105UL) -#define CKR_WRAPPED_KEY_INVALID (0x110UL) -#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) -#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) -#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) -#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) -#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) -#define CKR_RANDOM_NO_RNG (0x121UL) -#define CKR_DOMAIN_PARAMS_INVALID (0x130UL) -#define CKR_BUFFER_TOO_SMALL (0x150UL) -#define CKR_SAVED_STATE_INVALID (0x160UL) -#define CKR_INFORMATION_SENSITIVE (0x170UL) -#define CKR_STATE_UNSAVEABLE (0x180UL) -#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) -#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) -#define CKR_MUTEX_BAD (0x1a0UL) -#define CKR_MUTEX_NOT_LOCKED (0x1a1UL) -#define CKR_FUNCTION_REJECTED (0x200UL) -#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) - - - -/* Compatibility layer. */ - -#ifdef CRYPTOKI_COMPAT - -#undef CK_DEFINE_FUNCTION -#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name - -/* For NULL. */ -#include - -typedef unsigned char CK_BYTE; -typedef unsigned char CK_CHAR; -typedef unsigned char CK_UTF8CHAR; -typedef unsigned char CK_BBOOL; -typedef unsigned long int CK_ULONG; -typedef long int CK_LONG; -typedef CK_BYTE *CK_BYTE_PTR; -typedef CK_CHAR *CK_CHAR_PTR; -typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; -typedef CK_ULONG *CK_ULONG_PTR; -typedef void *CK_VOID_PTR; -typedef void **CK_VOID_PTR_PTR; -#define CK_FALSE 0 -#define CK_TRUE 1 -#ifndef CK_DISABLE_TRUE_FALSE -#ifndef FALSE -#define FALSE 0 -#endif -#ifndef TRUE -#define TRUE 1 -#endif -#endif - -typedef struct ck_version CK_VERSION; -typedef struct ck_version *CK_VERSION_PTR; - -typedef struct ck_info CK_INFO; -typedef struct ck_info *CK_INFO_PTR; - -typedef ck_slot_id_t *CK_SLOT_ID_PTR; - -typedef struct ck_slot_info CK_SLOT_INFO; -typedef struct ck_slot_info *CK_SLOT_INFO_PTR; - -typedef struct ck_token_info CK_TOKEN_INFO; -typedef struct ck_token_info *CK_TOKEN_INFO_PTR; - -typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; - -typedef struct ck_session_info CK_SESSION_INFO; -typedef struct ck_session_info *CK_SESSION_INFO_PTR; - -typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; - -typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; - -typedef struct ck_attribute CK_ATTRIBUTE; -typedef struct ck_attribute *CK_ATTRIBUTE_PTR; - -typedef struct ck_date CK_DATE; -typedef struct ck_date *CK_DATE_PTR; - -typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; - -typedef struct ck_mechanism CK_MECHANISM; -typedef struct ck_mechanism *CK_MECHANISM_PTR; - -typedef struct ck_mechanism_info CK_MECHANISM_INFO; -typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; - -typedef struct ck_function_list CK_FUNCTION_LIST; -typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; -typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; - -typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; -typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; - -#define NULL_PTR NULL - -/* Delete the helper macros defined at the top of the file. */ -#undef ck_flags_t -#undef ck_version - -#undef ck_info -#undef cryptoki_version -#undef manufacturer_id -#undef library_description -#undef library_version - -#undef ck_notification_t -#undef ck_slot_id_t - -#undef ck_slot_info -#undef slot_description -#undef hardware_version -#undef firmware_version - -#undef ck_token_info -#undef serial_number -#undef max_session_count -#undef session_count -#undef max_rw_session_count -#undef rw_session_count -#undef max_pin_len -#undef min_pin_len -#undef total_public_memory -#undef free_public_memory -#undef total_private_memory -#undef free_private_memory -#undef utc_time - -#undef ck_session_handle_t -#undef ck_user_type_t -#undef ck_state_t - -#undef ck_session_info -#undef slot_id -#undef device_error - -#undef ck_object_handle_t -#undef ck_object_class_t -#undef ck_hw_feature_type_t -#undef ck_key_type_t -#undef ck_certificate_type_t -#undef ck_attribute_type_t - -#undef ck_attribute -#undef value -#undef value_len - -#undef ck_date - -#undef ck_mechanism_type_t - -#undef ck_mechanism -#undef parameter -#undef parameter_len - -#undef ck_mechanism_info -#undef min_key_size -#undef max_key_size - -#undef ck_rv_t -#undef ck_notify_t - -#undef ck_function_list - -#undef ck_createmutex_t -#undef ck_destroymutex_t -#undef ck_lockmutex_t -#undef ck_unlockmutex_t - -#undef ck_c_initialize_args -#undef create_mutex -#undef destroy_mutex -#undef lock_mutex -#undef unlock_mutex -#undef reserved - -#endif /* CRYPTOKI_COMPAT */ - - -/* System dependencies. */ -#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) -#pragma pack(pop, cryptoki) -#endif - -#if defined(__cplusplus) -} -#endif - -#endif /* PKCS11_H */ diff --git a/module/util.c b/module/util.c deleted file mode 100644 index 516e70b..0000000 --- a/module/util.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#include "config.h" - -#include "util.h" - -#include - -void* -xrealloc (void *memory, size_t length) -{ - void *allocated = realloc (memory, length); - if (!allocated) - free (memory); - return allocated; -} diff --git a/module/util.h b/module/util.h deleted file mode 100644 index 73f06ec..0000000 --- a/module/util.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2011 Collabora Ltd - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above - * copyright notice, this list of conditions and the - * following disclaimer. - * * Redistributions in binary form must reproduce the - * above copyright notice, this list of conditions and - * the following disclaimer in the documentation and/or - * other materials provided with the distribution. - * * The names of contributors to this software may not be - * used to endorse or promote products derived from this - * software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS - * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED - * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, - * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH - * DAMAGE. - * - * - * CONTRIBUTORS - * Stef Walter - */ - -#ifndef __UTIL_H__ -#define __UTIL_H__ - -#include - -void* xrealloc (void *memory, size_t length); - -#endif /* __UTIL_H__ */ diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am new file mode 100644 index 0000000..989f482 --- /dev/null +++ b/p11-kit/Makefile.am @@ -0,0 +1,40 @@ + +incdir = $(includedir)/p11-kit + +inc_HEADERS = \ + p11-kit.h \ + p11-kit-uri.h \ + pkcs11.h + +MODULE_SRCS = \ + conf.c conf.h \ + hash.c hash.h \ + util.c util.h \ + p11-kit-lib.c \ + p11-kit-proxy.c \ + p11-kit-private.h \ + p11-kit-messages.c \ + p11-kit-uri.c \ + $(inc_HEADERS) + +lib_LTLIBRARIES = \ + libp11-kit.la + +noinst_LTLIBRARIES = \ + libp11-kit-testable.la + +libp11_kit_la_LDFLAGS = \ + -no-undefined -export-symbols-regex '^C_GetFunctionList|^p11_kit_' + +libp11_kit_la_SOURCES = $(MODULE_SRCS) + +libp11_kit_testable_la_LDFLAGS = \ + -no-undefined + +libp11_kit_testable_la_SOURCES = $(MODULE_SRCS) + +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = p11-kit.pc + +EXTRA_DIST = \ + p11-kit.pc.in \ No newline at end of file diff --git a/p11-kit/conf.c b/p11-kit/conf.c new file mode 100644 index 0000000..6c83407 --- /dev/null +++ b/p11-kit/conf.c @@ -0,0 +1,245 @@ +/* + * Copyright (c) 2005, Stefan Walter + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "conf.h" + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void +errmsg (conf_error_func error_func, const char* msg, ...) +{ + #define MAX_MSGLEN 1024 + char buf[MAX_MSGLEN]; + va_list ap; + + if (!error_func) + return; + + va_start (ap, msg); + vsnprintf (buf, MAX_MSGLEN, msg, ap); + buf[MAX_MSGLEN - 1] = 0; + error_func (buf); + va_end (ap); +} + +static void +strcln (char* data, char ch) +{ + char* p; + for (p = data; *data; data++, p++) { + while (*data == ch) + data++; + *p = *data; + } + + /* Renull terminate */ + *p = 0; +} + +static char* +strbtrim (const char* data) +{ + while (*data && isspace (*data)) + ++data; + return (char*)data; +} + +static void +stretrim (char* data) +{ + char* t = data + strlen (data); + while (t > data && isspace (*(t - 1))) { + t--; + *t = 0; + } +} + +static char* +strtrim (char* data) +{ + data = (char*)strbtrim (data); + stretrim (data); + return data; +} + +/* ----------------------------------------------------------------------------- + * CONFIG PARSER + */ + +static char* +read_config_file (const char* filename, int flags, + conf_error_func error_func) +{ + char* config = NULL; + FILE* f = NULL; + long len; + + assert (filename); + + f = fopen (filename, "r"); + if (f == NULL) { + if ((flags & CONF_IGNORE_MISSING) && + (errno == ENOENT || errno == ENOTDIR)) { + config = strdup ("\n"); + if (!config) + errno = ENOMEM; + return config; + } + errmsg (error_func, "couldn't open config file: %s", filename); + return NULL; + } + + /* Figure out size */ + if (fseek (f, 0, SEEK_END) == -1 || + (len = ftell (f)) == -1 || + fseek (f, 0, SEEK_SET) == -1) { + errmsg (error_func, "couldn't seek config file: %s", filename); + return NULL; + } + + if ((config = (char*)malloc (len + 2)) == NULL) { + errmsg (error_func, "out of memory"); + errno = ENOMEM; + return NULL; + } + + /* And read in one block */ + if (fread (config, 1, len, f) != len) { + errmsg (error_func, "couldn't read config file: %s", filename); + return NULL; + } + + fclose (f); + + /* Null terminate the data */ + config[len] = '\n'; + config[len + 1] = 0; + + /* Remove nasty dos line endings */ + strcln (config, '\r'); + + return config; +} + +hash_t* +conf_parse_file (const char* filename, int flags, + conf_error_func error_func) +{ + char *name; + char *value; + hash_t *ht = NULL; + char *config; + char *next; + char *end; + + assert (filename); + + /* Adds an extra newline to end of file */ + config = read_config_file (filename, flags, error_func); + if (!config) + return NULL; + + ht = hash_create (hash_string_hash, hash_string_equal, free, free); + next = config; + + /* Go through lines and process them */ + while ((end = strchr (next, '\n')) != NULL) { + *end = 0; + name = strbtrim (next); + next = end + 1; + + /* Empty lines / comments at start */ + if (!*name || *name == '#') + continue; + + /* Look for the break between name: value on the same line */ + value = name + strcspn (name, ":"); + if (!*value) { + errmsg (error_func, "%s: invalid config line: %s", filename, name); + errno = EINVAL; + break; + } + + /* Null terminate and split value part */ + *value = 0; + value++; + + name = strtrim (name); + value = strtrim (value); + + name = strdup (name); + if (!name) { + errno = ENOMEM; + break; + } + value = strdup (value); + if (!value) { + free (name); + errno = ENOMEM; + break; + } + if (!hash_set (ht, name, value)) { + free (name); + free (value); + errno = ENOMEM; + break; + } + } + + /* Unsuccessful? */ + if (end != NULL) { + hash_free (ht); + ht = NULL; + } + + free (config); + return ht; +} diff --git a/p11-kit/conf.h b/p11-kit/conf.h new file mode 100644 index 0000000..84138d2 --- /dev/null +++ b/p11-kit/conf.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * Copyright (c) 2005, Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __CONF_H__ +#define __CONF_H__ + +#include "hash.h" + +enum { + CONF_IGNORE_MISSING = 0x01, +}; + +typedef void (*conf_error_func) (const char *message); + +hash_t* conf_parse_file (const char *filename, + int flags, + conf_error_func error_func); + +#endif /* __CONF_H__ */ diff --git a/p11-kit/hash.c b/p11-kit/hash.c new file mode 100644 index 0000000..836e717 --- /dev/null +++ b/p11-kit/hash.c @@ -0,0 +1,452 @@ +/* + * Copyright (c) 2004, Stefan Walter + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + */ + +/* + * Originally from apache 2.0 + * Modifications for general use by + */ + +/* Copyright 2000-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include +#include + +#include "hash.h" + +/* + * The internal form of a hash table. + * + * The table is an array indexed by the hash of the key; collisions + * are resolved by hanging a linked list of hash entries off each + * element of the array. Although this is a really simple design it + * isn't too bad given that pools have a low allocation overhead. + */ + +typedef struct hash_entry hash_entry_t; + +struct hash_entry +{ + hash_entry_t* next; + unsigned int hash; + void* key; + void* val; +}; + +/* + * The size of the array is always a power of two. We use the maximum + * index rather than the size so that we can use bitwise-AND for + * modular arithmetic. + * The count of hash entries may be greater depending on the chosen + * collision rate. + */ +struct hash { + hash_entry_t** array; + unsigned int count; + unsigned int max; + hash_hash_func hash_func; + hash_equal_func equal_func; + hash_destroy_func key_destroy_func; + hash_destroy_func value_destroy_func; +}; + +#define INITIAL_MAX 15 /* tunable == 2^n - 1 */ +#define int_malloc malloc +#define int_calloc calloc +#define int_free free + +/* + * Hash creation functions. + */ + +static hash_entry_t** +alloc_array(hash_t* ht, unsigned int max) +{ + return (hash_entry_t**)int_calloc (sizeof (*(ht->array)), (max + 1)); +} + +hash_t* +hash_create (hash_hash_func hash_func, + hash_equal_func equal_func, + hash_destroy_func key_destroy_func, + hash_destroy_func value_destroy_func) +{ + hash_t* ht; + + assert (hash_func); + assert (equal_func); + + ht = int_malloc (sizeof (hash_t)); + if (ht) { + ht->count = 0; + ht->max = INITIAL_MAX; + ht->hash_func = hash_func; + ht->equal_func = equal_func; + ht->key_destroy_func = key_destroy_func; + ht->value_destroy_func = value_destroy_func; + ht->array = alloc_array (ht, ht->max); + if (!ht->array) { + int_free (ht); + return NULL; + } + } + return ht; +} + +void +hash_free (hash_t* ht) +{ + hash_iter_t hi; + + if (!ht) + return; + + hash_iterate (ht, &hi); + while (hash_next (&hi, NULL, NULL)) { + if (ht->key_destroy_func) + ht->key_destroy_func (hi.ths->key); + if (ht->value_destroy_func) + ht->value_destroy_func (hi.ths->val); + } + + if (ht->array) + int_free (ht->array); + + int_free (ht); +} + +/* + * Hash iteration functions. + */ +int +hash_next (hash_iter_t* hi, void **key, void **value) +{ + hi->ths = hi->next; + while (!hi->ths) { + if (hi->index > hi->ht->max) + return 0; + hi->ths = hi->ht->array[hi->index++]; + } + hi->next = hi->ths->next; + if (key) + *key = hi->ths->key; + if (value) + *value = hi->ths->val; + return 1; +} + +void +hash_iterate (hash_t* ht, hash_iter_t *hi) +{ + hi->ht = ht; + hi->index = 0; + hi->ths = NULL; + hi->next = NULL; +} + +/* + * Expanding a hash table + */ + +static int +expand_array (hash_t* ht) +{ + hash_iter_t hi; + hash_entry_t** new_array; + unsigned int new_max; + + new_max = ht->max * 2 + 1; + new_array = alloc_array (ht, new_max); + + if(!new_array) + return 0; + + hash_iterate (ht, &hi); + while (hash_next (&hi, NULL, NULL)) { + unsigned int i = hi.ths->hash & new_max; + hi.ths->next = new_array[i]; + new_array[i] = hi.ths; + } + + if(ht->array) + int_free (ht->array); + + ht->array = new_array; + ht->max = new_max; + return 1; +} + +/* + * This is where we keep the details of the hash function and control + * the maximum collision rate. + * + * If val is non-NULL it creates and initializes a new hash entry if + * there isn't already one there; it returns an updatable pointer so + * that hash entries can be removed. + */ + +static hash_entry_t** +find_entry (hash_t* ht, const void* key, void* val) +{ + hash_entry_t** hep; + hash_entry_t* he; + unsigned int hash; + + /* Perform the hashing */ + hash = ht->hash_func (key); + + /* scan linked list */ + for (hep = &ht->array[hash & ht->max], he = *hep; + he; hep = &he->next, he = *hep) { + if(he->hash == hash && ht->equal_func (he->key, key)) + break; + } + + if(he || !val) + return hep; + + /* add a new entry for non-NULL val */ + he = int_malloc (sizeof (*he)); + + if(he) { + he->key = (void*)key; + he->next = NULL; + he->hash = hash; + he->val = val; + + *hep = he; + ht->count++; + } + + return hep; +} + +void* +hash_get (hash_t* ht, const void *key) +{ + hash_entry_t** he = find_entry (ht, key, NULL); + if (he && *he) + return (void*)((*he)->val); + else + return NULL; +} + +int +hash_set (hash_t* ht, void* key, void* val) +{ + hash_entry_t** hep = find_entry (ht, key, val); + if(hep && *hep) { + /* replace entry */ + (*hep)->val = val; + + /* check that the collision rate isn't too high */ + if (ht->count > ht->max) { + if (!expand_array (ht)) + return 0; + } + + return 1; + } + + return 0; +} + +int +hash_remove (hash_t* ht, const void* key) +{ + hash_entry_t** hep = find_entry (ht, key, NULL); + + if (hep && *hep) { + hash_entry_t* old = *hep; + *hep = (*hep)->next; + --ht->count; + if (ht->key_destroy_func) + ht->key_destroy_func (old->key); + if (ht->value_destroy_func) + ht->value_destroy_func (old->val); + free (old); + return 1; + } + + return 0; +} + +void +hash_clear (hash_t* ht) +{ + hash_entry_t *he, *next; + int i; + + /* Free all entries in the array */ + for (i = 0; i < ht->max; ++i) { + he = ht->array[i]; + while (he) { + next = he->next; + if (ht->key_destroy_func) + ht->key_destroy_func (he->key); + if (ht->value_destroy_func) + ht->value_destroy_func (he->val); + free (he); + he = next; + } + } + + memset (ht->array, 0, ht->max * sizeof (hash_entry_t*)); + ht->count = 0; +} + +unsigned int +hash_count (hash_t* ht) +{ + return ht->count; +} + +unsigned int +hash_string_hash (const void *string) +{ + unsigned int hash; + const unsigned char *p; + + assert (string); + + /* + * This is the popular `times 33' hash algorithm which is used by + * perl and also appears in Berkeley DB. This is one of the best + * known hash functions for strings because it is both computed + * very fast and distributes very well. + * + * The originator may be Dan Bernstein but the code in Berkeley DB + * cites Chris Torek as the source. The best citation I have found + * is "Chris Torek, Hash function for text in C, Usenet message + * <27038@mimsy.umd.edu> in comp.lang.c , October, 1990." in Rich + * Salz's USENIX 1992 paper about INN which can be found at + * . + * + * The magic of number 33, i.e. why it works better than many other + * constants, prime or not, has never been adequately explained by + * anyone. So I try an explanation: if one experimentally tests all + * multipliers between 1 and 256 (as I did while writing a low-level + * data structure library some time ago) one detects that even + * numbers are not useable at all. The remaining 128 odd numbers + * (except for the number 1) work more or less all equally well. + * They all distribute in an acceptable way and this way fill a hash + * table with an average percent of approx. 86%. + * + * If one compares the chi^2 values of the variants (see + * Bob Jenkins ``Hashing Frequently Asked Questions'' at + * http://burtleburtle.net/bob/hash/hashfaq.html for a description + * of chi^2), the number 33 not even has the best value. But the + * number 33 and a few other equally good numbers like 17, 31, 63, + * 127 and 129 have nevertheless a great advantage to the remaining + * numbers in the large set of possible multipliers: their multiply + * operation can be replaced by a faster operation based on just one + * shift plus either a single addition or subtraction operation. And + * because a hash function has to both distribute good _and_ has to + * be very fast to compute, those few numbers should be preferred. + * + * -- Ralf S. Engelschall + */ + + hash = 0; + + for(p = string; *p; p++) + hash = hash * 33 + *p; + + return hash; +} + +int +hash_string_equal (const void *string_one, const void *string_two) +{ + assert (string_one); + assert (string_two); + + return strcmp (string_one, string_two) == 0; +} + +unsigned int +hash_ulongptr_hash (const void *to_ulong) +{ + assert (to_ulong); + return (unsigned int)*((unsigned long*)to_ulong); +} + +int +hash_ulongptr_equal (const void *ulong_one, const void *ulong_two) +{ + assert (ulong_one); + assert (ulong_two); + return *((unsigned long*)ulong_one) == *((unsigned long*)ulong_two); +} + +unsigned int +hash_intptr_hash (const void *to_int) +{ + assert (to_int); + return (unsigned int)*((unsigned long*)to_int); +} + +int +hash_intptr_equal (const void *int_one, const void *int_two) +{ + assert (int_one); + assert (int_two); + return *((unsigned long*)int_one) == *((unsigned long*)int_two); +} + +unsigned int +hash_direct_hash (const void *ptr) +{ + return (unsigned int)ptr; +} + +int +hash_direct_equal (const void *ptr_one, const void *ptr_two) +{ + return ptr_one == ptr_two; +} diff --git a/p11-kit/hash.h b/p11-kit/hash.h new file mode 100644 index 0000000..eb3c496 --- /dev/null +++ b/p11-kit/hash.h @@ -0,0 +1,187 @@ +/* + * Copyright (c) 2004, Stefan Walter + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Waler + */ + +/* + * Originally from apache 2.0 + * Modifications for general use by + */ + +/* Copyright 2000-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __HSH_H__ +#define __HSH_H__ + +#include + +/* + * ARGUMENT DOCUMENTATION + * + * ht: The hashtable + * key: Pointer to the key value + * klen: The length of the key + * val: Pointer to the value + * hi: A hashtable iterator + * stamp: A unix timestamp + */ + + +/* ---------------------------------------------------------------------------------- + * TYPES + */ + +/* Abstract type for hash tables. */ +typedef struct hash hash_t; + +/* Type for scanning hash tables. */ +typedef struct hash_iter +{ + hash_t* ht; + struct hash_entry* ths; + struct hash_entry* next; + unsigned int index; +} hash_iter_t; + +typedef unsigned int (*hash_hash_func) (const void *data); + +typedef int (*hash_equal_func) (const void *one, + const void *two); + +typedef void (*hash_destroy_func) (void *data); + +/* ----------------------------------------------------------------------------- + * MAIN + */ + +/* + * hash_create : Create a hash table + * - returns an allocated hashtable + */ +hash_t* hash_create (hash_hash_func hash_func, + hash_equal_func equal_func, + hash_destroy_func key_destroy_func, + hash_destroy_func value_destroy_func); + +/* + * hash_free : Free a hash table + */ +void hash_free (hash_t* ht); + +/* + * hash_count: Number of values in hash table + * - returns the number of entries in hash table + */ +unsigned int hash_count (hash_t* ht); + +/* + * hash_get: Retrieves a value from the hash table + * - returns the value of the entry + */ +void* hash_get (hash_t* ht, + const void *key); + +/* + * hash_set: Set a value in the hash table + * - returns 1 if the entry was added properly + */ +int hash_set (hash_t* ht, + void *key, + void *value); + +/* + * hash_remove: Remove a value from the hash table + * - returns 1 if the entry was found + */ +int hash_remove (hash_t* ht, + const void* key); + +/* + * hash_first: Start enumerating through the hash table + * - returns a hash iterator + */ +void hash_iterate (hash_t* ht, + hash_iter_t *hi); + +/* + * hash_next: Enumerate through hash table + * - sets key and value to key and/or value + * - returns whether there was another entry + */ +int hash_next (hash_iter_t* hi, + void **key, + void **value); + +/* + * hash_clear: Clear all values from has htable. + */ +void hash_clear (hash_t* ht); + +/* ----------------------------------------------------------------------------- + * HASH FUNCTIONS + */ + +unsigned int hash_string_hash (const void *string); + +int hash_string_equal (const void *string_one, + const void *string_two); + +unsigned int hash_ulongptr_hash (const void *to_ulong); + +int hash_ulongptr_equal (const void *ulong_one, + const void *ulong_two); + +unsigned int hash_intptr_hash (const void *to_int); + +int hash_intptr_equal (const void *int_one, + const void *int_two); + +unsigned int hash_direct_hash (const void *ptr); + +int hash_direct_equal (const void *ptr_one, + const void *ptr_two); + +#endif /* __HASH_H__ */ diff --git a/p11-kit/p11-kit-lib.c b/p11-kit/p11-kit-lib.c new file mode 100644 index 0000000..f57f3d1 --- /dev/null +++ b/p11-kit/p11-kit-lib.c @@ -0,0 +1,1130 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * Copyright (C) 2008 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "conf.h" +#include "hash.h" +#include "pkcs11.h" +#include "p11-kit.h" +#include "p11-kit-private.h" + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/** + * SECTION:p11-kit + * @title: Modules + * @short_description: Module loading and initializing + * + * PKCS\#11 modules are used by crypto libraries and applications to access + * crypto objects (like keys and certificates) and to perform crypto operations. + * + * In order for applications to behave consistently with regard to the user's + * installed PKCS\#11 modules, each module must be registered so that applications + * or libraries know that they should load it. + * + * The functions here provide support for initializing registered modules. The + * p11_kit_initialize_registered() function should be used to load and initialize + * the registered modules. When done, the p11_kit_finalize_registered() function + * should be used to release those modules and associated resources. + * + * In addition p11_kit_registered_option() can be used to access other parts + * of the module configuration. + * + * When multiple consumers of a module (such as libraries or applications) are + * in the same process, coordination of the initialization and finalization + * of PKCS\#11 modules is required. The functions here automatically provide + * initialization reference counting to make this work. + * + * If a consumer wishes to load an arbitrary PKCS\#11 module that's not + * registered, that module should be initialized with p11_kit_initialize_module() + * and finalized with p11_kit_finalize_module(). The module's own + * C_Initialize and C_Finalize methods should not + * be called directly. + * + * Modules are represented by a pointer to their CK_FUNCTION_LIST + * entry points. This means that callers can load modules elsewhere, using + * dlopen() for example, and then still use these methods on them. + */ + +typedef struct _Module { + char *name; + hash_t *config; + void *dl_module; + CK_FUNCTION_LIST_PTR funcs; + int ref_count; + int initialize_count; + CK_C_INITIALIZE_ARGS init_args; +} Module; + +/* + * This is the mutex that protects the global data of this library + * and the pkcs11 proxy module. Note that we *never* call into our + * underlying pkcs11 modules while holding this mutex. Therefore it + * doesn't have to be recursive and we can keep things simple. + */ +pthread_mutex_t _p11_mutex = PTHREAD_MUTEX_INITIALIZER; + +/* + * Shared data between threads, protected by the mutex, a structure so + * we can audit thread safety easier. + */ +static struct _Shared { + hash_t *modules; + hash_t *config; +} gl = { NULL, NULL }; + +/* ----------------------------------------------------------------------------- + * UTILITIES + */ + +static void +warning (const char* msg, ...) +{ + char buffer[512]; + va_list va; + + va_start (va, msg); + + vsnprintf(buffer, sizeof (buffer) - 1, msg, va); + buffer[sizeof (buffer) - 1] = 0; + fprintf (stderr, "p11-kit: %s\n", buffer); + + va_end (va); +} + +static void +conf_error (const char *buffer) +{ + /* called from conf.c */ + fprintf (stderr, "p11-kit: %s\n", buffer); +} + +static char* +strconcat (const char *first, ...) +{ + size_t length = 0; + const char *arg; + char *result, *at; + va_list va; + + va_start (va, first); + + for (arg = first; arg; arg = va_arg (va, const char*)) + length += strlen (arg); + + va_end (va); + + at = result = malloc (length); + if (!result) + return NULL; + + va_start (va, first); + + for (arg = first; arg; arg = va_arg (va, const char*)) { + length = strlen (arg); + memcpy (at, arg, length); + at += length; + } + + va_end (va); + + *at = 0; + return result; +} + +static int +strequal (const char *one, const char *two) +{ + return strcmp (one, two) == 0; +} + +/* ----------------------------------------------------------------------------- + * P11-KIT FUNCTIONALITY + */ + +static CK_RV +create_mutex (CK_VOID_PTR_PTR mut) +{ + pthread_mutex_t *pmutex; + int err; + + pmutex = malloc (sizeof (pthread_mutex_t)); + if (!pmutex) + return CKR_HOST_MEMORY; + err = pthread_mutex_init (pmutex, NULL); + if (err == ENOMEM) + return CKR_HOST_MEMORY; + else if (err != 0) + return CKR_GENERAL_ERROR; + *mut = pmutex; + return CKR_OK; +} + +static CK_RV +destroy_mutex (CK_VOID_PTR mut) +{ + pthread_mutex_t *pmutex = mut; + int err; + + err = pthread_mutex_destroy (pmutex); + if (err == EINVAL) + return CKR_MUTEX_BAD; + else if (err != 0) + return CKR_GENERAL_ERROR; + free (pmutex); + return CKR_OK; +} + +static CK_RV +lock_mutex (CK_VOID_PTR mut) +{ + pthread_mutex_t *pmutex = mut; + int err; + + err = pthread_mutex_lock (pmutex); + if (err == EINVAL) + return CKR_MUTEX_BAD; + else if (err != 0) + return CKR_GENERAL_ERROR; + return CKR_OK; +} + +static CK_RV +unlock_mutex (CK_VOID_PTR mut) +{ + pthread_mutex_t *pmutex = mut; + int err; + + err = pthread_mutex_unlock (pmutex); + if (err == EINVAL) + return CKR_MUTEX_BAD; + else if (err == EPERM) + return CKR_MUTEX_NOT_LOCKED; + else if (err != 0) + return CKR_GENERAL_ERROR; + return CKR_OK; +} + +static void +free_module_unlocked (void *data) +{ + Module *module = data; + + assert (module); + + /* Module must be finalized */ + assert (module->initialize_count == 0); + + /* Module must have no outstanding references */ + assert (module->ref_count == 0); + + if (module->dl_module) + dlclose (module->dl_module); + hash_free (module->config); + free (module->name); + free (module); +} + +static Module* +alloc_module_unlocked (void) +{ + Module *module; + + module = calloc (1, sizeof (Module)); + if (!module) + return NULL; + + module->init_args.CreateMutex = create_mutex; + module->init_args.DestroyMutex = destroy_mutex; + module->init_args.LockMutex = lock_mutex; + module->init_args.UnlockMutex = unlock_mutex; + module->init_args.flags = CKF_OS_LOCKING_OK; + + return module; +} + +static CK_RV +load_module_from_config_unlocked (const char *configfile, const char *name) +{ + Module *module, *prev; + const char *path; + CK_C_GetFunctionList gfl; + CK_RV rv; + + assert (configfile); + + module = alloc_module_unlocked (); + if (!module) + return CKR_HOST_MEMORY; + + module->config = conf_parse_file (configfile, 0, conf_error); + if (!module->config) { + free_module_unlocked (module); + if (errno == ENOMEM) + return CKR_HOST_MEMORY; + return CKR_GENERAL_ERROR; + } + + module->name = strdup (name); + if (!module->name) { + free_module_unlocked (module); + return CKR_HOST_MEMORY; + } + + path = hash_get (module->config, "module"); + if (path == NULL) { + free_module_unlocked (module); + warning ("no module path specified in config: %s", configfile); + return CKR_GENERAL_ERROR; + } + + module->dl_module = dlopen (path, RTLD_LOCAL | RTLD_NOW); + if (module->dl_module == NULL) { + warning ("couldn't load module: %s: %s", path, dlerror ()); + free_module_unlocked (module); + return CKR_GENERAL_ERROR; + } + + gfl = dlsym (module->dl_module, "C_GetFunctionList"); + if (!gfl) { + warning ("couldn't find C_GetFunctionList entry point in module: %s: %s", + path, dlerror ()); + free_module_unlocked (module); + return CKR_GENERAL_ERROR; + } + + rv = gfl (&module->funcs); + if (rv != CKR_OK) { + warning ("call to C_GetFunctiontList failed in module: %s: %s", + path, p11_kit_strerror (rv)); + free_module_unlocked (module); + return rv; + } + + prev = hash_get (gl.modules, module->funcs); + + /* Replace previous module that was loaded explicitly? */ + if (prev && !prev->name) { + module->ref_count = prev->ref_count; + module->initialize_count = prev->initialize_count; + prev->ref_count = 0; + prev->initialize_count = 0; + hash_set (gl.modules, module->funcs, module); + prev = NULL; /* freed by hash above */ + } + + /* Refuse to load duplicate module */ + if (prev) { + warning ("duplicate configured module: %s: %s", + module->name, path); + free_module_unlocked (module); + return CKR_GENERAL_ERROR; + } + + return CKR_OK; +} + +static CK_RV +load_modules_from_config_unlocked (const char *directory) +{ + struct dirent *dp; + CK_RV rv = CKR_OK; + DIR *dir; + char *path; + + /* First we load all the modules */ + dir = opendir (directory); + if (!dir) { + if (errno == ENOENT || errno == ENOTDIR) + warning ("couldn't list directory: %s", directory); + return CKR_GENERAL_ERROR; + } + + /* We're within a global mutex, so readdir is safe */ + while ((dp = readdir(dir)) != NULL) { + path = strconcat (directory, "/", dp->d_name); + if (!path) { + rv = CKR_HOST_MEMORY; + break; + } + + rv = load_module_from_config_unlocked (path, dp->d_name); + free (path); + + if (rv != CKR_OK) + break; + } + + closedir (dir); + + return rv; +} + +static char* +expand_user_path (const char *path) +{ + const char *env; + struct passwd *pwd; + + if (path[0] == '~' && path[1] == '/') { + env = getenv ("HOME"); + if (env && env[0]) { + return strconcat (env, path + 1, NULL); + } else { + pwd = getpwuid (getuid ()); + if (!pwd) + return NULL; + return strconcat (pwd->pw_dir, path + 1, NULL); + } + } + + return strdup (path); +} + +enum { + USER_CONFIG_INVALID = 0, + USER_CONFIG_NONE = 1, + USER_CONFIG_MERGE, + USER_CONFIG_OVERRIDE +}; + +static int +user_config_mode (hash_t *config, int defmode) +{ + const char *mode; + + /* Whether we should use or override from user directory */ + mode = hash_get (config, "user-config"); + if (mode == NULL) { + return defmode; + } else if (strequal (mode, "none")) { + return USER_CONFIG_NONE; + } else if (strequal (mode, "merge")) { + return USER_CONFIG_MERGE; + } else if (strequal (mode, "override")) { + return USER_CONFIG_OVERRIDE; + } else { + warning ("invalid mode for 'user-config': %s", mode); + return USER_CONFIG_INVALID; + } +} + +static CK_RV +load_config_files_unlocked (int *user_mode) +{ + hash_t *config = NULL; + hash_t *uconfig = NULL; + void *key = NULL; + void *value = NULL; + char *path; + int mode; + CK_RV rv = CKR_GENERAL_ERROR; + hash_iter_t hi; + + /* Should only be called after everything has been unloaded */ + assert (!gl.config); + + /* Load the main configuration */ + config = conf_parse_file (P11_SYSTEM_CONF, CONF_IGNORE_MISSING, conf_error); + if (!config) { + rv = (errno == ENOMEM) ? CKR_HOST_MEMORY : CKR_GENERAL_ERROR; + goto finished; + } + + /* Whether we should use or override from user directory */ + mode = user_config_mode (config, USER_CONFIG_INVALID); + if (mode == USER_CONFIG_INVALID) + goto finished; + + if (mode != USER_CONFIG_NONE) { + path = expand_user_path (P11_USER_CONF); + if (!path) + goto finished; + + /* Load up the user configuration */ + uconfig = conf_parse_file (path, CONF_IGNORE_MISSING, conf_error); + free (path); + + if (!uconfig) { + rv = (errno == ENOMEM) ? CKR_HOST_MEMORY : CKR_GENERAL_ERROR; + goto finished; + } + + /* Figure out what the user mode is */ + mode = user_config_mode (uconfig, mode); + if (mode == USER_CONFIG_INVALID) + goto finished; + + /* Merge everything into the system config */ + if (mode == USER_CONFIG_MERGE) { + hash_iterate (uconfig, &hi); + while (hash_next (&hi, &key, &value)) { + key = strdup (key); + if (key == NULL) + goto finished; + value = strdup (value); + if (value == NULL) + goto finished; + if (!hash_set (config, key, value)) + goto finished; + key = NULL; + value = NULL; + } + + /* Override the system config */ + } else if (mode == USER_CONFIG_OVERRIDE) { + hash_free (config); + config = uconfig; + uconfig = NULL; + } + } + + gl.config = config; + config = NULL; + rv = CKR_OK; + + if (user_mode) + *user_mode = mode; + +finished: + hash_free (config); + hash_free (uconfig); + free (key); + free (value); + return rv; +} + +static CK_RV +load_registered_modules_unlocked (void) +{ + char *path; + int mode; + CK_RV rv; + + rv = load_config_files_unlocked (&mode); + if (rv != CKR_OK) + return rv; + + assert (gl.config); + assert (mode != USER_CONFIG_INVALID); + + /* Load each module from the main list */ + if (mode != USER_CONFIG_OVERRIDE) { + rv = load_modules_from_config_unlocked (P11_SYSTEM_MODULES); + if (rv != CKR_OK); + return rv; + } + + /* Load each module from the user list */ + if (mode != USER_CONFIG_NONE) { + path = expand_user_path (P11_USER_MODULES); + if (!path) + rv = CKR_GENERAL_ERROR; + else + rv = load_modules_from_config_unlocked (path); + free (path); + if (rv != CKR_OK); + return rv; + } + + return CKR_OK; +} + +static CK_RV +initialize_module_unlocked_reentrant (Module *module) +{ + CK_RV rv = CKR_OK; + + assert (module); + + /* + * Initialize first, so module doesn't get freed out from + * underneath us when the mutex is unlocked below. + */ + ++module->ref_count; + + if (!module->initialize_count) { + + _p11_unlock (); + + assert (module->funcs); + rv = module->funcs->C_Initialize (&module->init_args); + + _p11_lock (); + + /* + * Because we have the mutex unlocked above, two initializes could + * race. Therefore we need to take CKR_CRYPTOKI_ALREADY_INITIALIZED + * into account. + * + * We also need to take into account where in a race both calls return + * CKR_OK (which is not according to the spec but may happen, I mean we + * do it in this module, so it's not unimaginable). + */ + + if (rv == CKR_OK) + ++module->initialize_count; + else if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) + rv = CKR_OK; + else + --module->ref_count; + } + + return rv; +} + +static void +reinitialize_after_fork (void) +{ + hash_iter_t it; + Module *module; + + /* WARNING: This function must be reentrant */ + + _p11_lock (); + + if (gl.modules) { + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) { + module->initialize_count = 0; + + /* WARNING: Reentrancy can occur here */ + initialize_module_unlocked_reentrant (module); + } + } + + _p11_unlock (); + + _p11_kit_proxy_after_fork (); +} + +static CK_RV +init_globals_unlocked (void) +{ + static int once = 0; + + if (!gl.modules) + gl.modules = hash_create (hash_direct_hash, hash_direct_equal, + NULL, free_module_unlocked); + if (!gl.modules) + return CKR_HOST_MEMORY; + + if (once) + return CKR_OK; + + pthread_atfork (NULL, NULL, reinitialize_after_fork); + once = 1; + + return CKR_OK; +} + +static void +free_modules_when_no_refs_unlocked (void) +{ + Module *module; + hash_iter_t it; + + /* Check if any modules have a ref count */ + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) { + if (module->ref_count) + return; + } + + hash_free (gl.modules); + gl.modules = NULL; + hash_free (gl.config); + gl.config = NULL; +} + +static CK_RV +finalize_module_unlocked_reentrant (Module *module) +{ + assert (module); + + /* + * We leave module info around until all are finalized + * so we can encounter these zombie Module structures. + */ + if (module->ref_count == 0) + return CKR_ARGUMENTS_BAD; + + if (--module->ref_count > 0) + return CKR_OK; + + /* + * Becuase of the mutex unlock below, we temporarily increase + * the ref count. This prevents module from being freed out + * from ounder us. + */ + ++module->ref_count; + + while (module->initialize_count > 0) { + + _p11_unlock (); + + assert (module->funcs); + module->funcs->C_Finalize (NULL); + + _p11_lock (); + + if (module->initialize_count > 0) + --module->initialize_count; + } + + /* Match the increment above */ + --module->ref_count; + + free_modules_when_no_refs_unlocked (); + return CKR_OK; +} + +static Module* +find_module_for_name_unlocked (const char *name) +{ + Module *module; + hash_iter_t it; + + assert (name); + + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) + if (module->ref_count && module->name && strcmp (name, module->name)) + return module; + return NULL; +} + +CK_RV +_p11_kit_initialize_registered_unlocked_reentrant (void) +{ + Module *module; + hash_iter_t it; + CK_RV rv; + + rv = init_globals_unlocked (); + if (rv == CKR_OK) + rv = load_registered_modules_unlocked (); + if (rv == CKR_OK) { + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) { + + /* Skip all modules that aren't registered */ + if (!module->name) + continue; + + rv = initialize_module_unlocked_reentrant (module); + + if (rv != CKR_OK) + break; + } + } + + return rv; +} + +/** + * p11_kit_initialize_registered: + * + * Initialize all the registered PKCS\#11 modules. + * + * If this is the first time this function is called multiple times + * consecutively within a single process, then it merely increments an + * initialization reference count for each of these modules. + * + * Use p11_kit_finalize_registered() to finalize these registered modules once + * the caller is done with them. + * + * Returns: CKR_OK if the initialization succeeded, or an error code. + */ +CK_RV +p11_kit_initialize_registered (void) +{ + CK_RV rv; + + /* WARNING: This function must be reentrant */ + + _p11_lock (); + + /* WARNING: Reentrancy can occur here */ + rv = _p11_kit_initialize_registered_unlocked_reentrant (); + + _p11_unlock (); + + /* Cleanup any partial initialization */ + if (rv != CKR_OK) + p11_kit_finalize_registered (); + + return rv; +} + +CK_RV +_p11_kit_finalize_registered_unlocked_reentrant (void) +{ + Module *module; + hash_iter_t it; + Module **to_finalize; + int i, count; + + if (!gl.modules) + return CKR_CRYPTOKI_NOT_INITIALIZED; + + /* WARNING: This function must be reentrant */ + + to_finalize = calloc (hash_count (gl.modules), sizeof (Module*)); + if (!to_finalize) + return CKR_HOST_MEMORY; + + count = 0; + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) { + + /* Skip all modules that aren't registered */ + if (module->name) + to_finalize[count++] = module; + } + + for (i = 0; i < count; ++i) { + /* WARNING: Reentrant calls can occur here */ + finalize_module_unlocked_reentrant (to_finalize[i]); + } + + free (to_finalize); + return CKR_OK; +} + +/** + * p11_kit_finalize_registered: + * + * Finalize all the registered PKCS\#11 modules. These should have been + * initialized with p11_kit_initialize_registered(). + * + * If p11_kit_initialize_registered() has been called more than once in this + * process, then this function must be called the same number of times before + * actual finalization will occur. + * + * Returns: CKR_OK if the finalization succeeded, or an error code. + */ + +CK_RV +p11_kit_finalize_registered (void) +{ + CK_RV rv; + + /* WARNING: This function must be reentrant */ + + _p11_lock (); + + /* WARNING: Reentrant calls can occur here */ + rv = _p11_kit_finalize_registered_unlocked_reentrant (); + + _p11_unlock (); + + return rv; +} + +CK_FUNCTION_LIST_PTR_PTR +_p11_kit_registered_modules_unlocked (void) +{ + CK_FUNCTION_LIST_PTR_PTR result; + Module *module; + hash_iter_t it; + int i = 0; + + result = calloc (hash_count (gl.modules) + 1, sizeof (CK_FUNCTION_LIST_PTR)); + if (result) { + hash_iterate (gl.modules, &it); + while (hash_next (&it, NULL, (void**)&module)) { + if (module->ref_count && module->name) + result[i++] = module->funcs; + } + } + + return result; +} + +/** + * p11_kit_registered_modules: + * + * Get a list of all the registered PKCS\#11 modules. This list will be valid + * once the p11_kit_initialize_registered() function has been called. + * + * The returned value is a NULL terminated array of + * CK_FUNCTION_LIST_PTR pointers. + * + * Returns: A list of all the registered modules. Use the free() function to + * free the list. + */ +CK_FUNCTION_LIST_PTR_PTR +p11_kit_registered_modules (void) +{ + CK_FUNCTION_LIST_PTR_PTR result; + + _p11_lock (); + + result = _p11_kit_registered_modules_unlocked (); + + _p11_unlock (); + + return result; +} + +/** + * p11_kit_registered_module_to_name: + * @funcs: pointer to a registered module + * + * Get the name of a registered PKCS\#11 module. + * + * You can use p11_kit_registered_modules() to get a list of all the registered + * modules. This name is specified by the registered module configuration. + * + * Returns: A newly allocated string containing the module name, or + * NULL if no such registered module exists. Use free() to + * free this string. + */ +char* +p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR funcs) +{ + Module *module; + char *name = NULL; + + if (!funcs) + return NULL; + + _p11_lock (); + + module = gl.modules ? hash_get (gl.modules, funcs) : NULL; + if (module && module->name) + name = strdup (module->name); + + _p11_unlock (); + + return name; +} + +/** + * p11_kit_registered_name_to_module: + * @name: name of a registered module + * + * Lookup a registered PKCS\#11 module by its name. This name is specified by + * the registered module configuration. + * + * Returns: a pointer to a PKCS\#11 module, or NULL if this name was + * not found. + */ +CK_FUNCTION_LIST_PTR +p11_kit_registered_name_to_module (const char *name) +{ + CK_FUNCTION_LIST_PTR funcs = NULL; + Module *module; + + _p11_lock (); + + if (gl.modules) { + module = find_module_for_name_unlocked (name); + if (module) + funcs = module->funcs; + } + + _p11_unlock (); + + return funcs; +} + +/** + * p11_kit_registered_option: + * @funcs: a pointer to a registered module + * @field: the name of the option to lookup. + * + * Lookup a configured option for a registered PKCS\#11 module. If a + * NULL funcs argument is specified, then this will lookup + * the configuration option in the global config file. + * + * Returns: A newly allocated string containing the option value, or + * NULL if the registered module or the option were not found. + * Use free() to free the returned string. + */ +char* +p11_kit_registered_option (CK_FUNCTION_LIST_PTR funcs, const char *field) +{ + Module *module; + char *option = NULL; + hash_t *config; + + if (!field) + return NULL; + + _p11_lock (); + + if (funcs == NULL) { + config = gl.config; + + } else { + module = gl.modules ? hash_get (gl.modules, funcs) : NULL; + if (module) + config = module->config; + } + + if (config) { + option = hash_get (module->config, field); + if (option) + option = strdup (option); + } + + _p11_unlock (); + + return option; +} + +/** + * p11_kit_initialize_module: + * @funcs: loaded module to initialize. + * + * Initialize an arbitrary PKCS\#11 module. Normally using the + * p11_kit_initialize_registered() is preferred. + * + * Using this function to initialize modules allows coordination between + * multiple users of the same module in a single process. It should be called + * on modules that have been loaded (with dlopen() for example) but not yet + * initialized. The caller should not yet have called the module's + * C_Initialize method. This function will call + * C_Initialize as necessary. + * + * Subsequent calls to this function for the same module will result in an + * initialization count being incremented for the module. It is safe (although + * usually unnecessary) to use this function on registered modules. + * + * The module must be finalized with p11_kit_finalize_module() instead of + * calling its C_Finalize method directly. + * + * This function does not accept a CK_C_INITIALIZE_ARGS argument. + * Custom initialization arguments cannot be supported when multiple consumers + * load the same module. + * + * Returns: CKR_OK if the initialization was successful. + */ +CK_RV +p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs) +{ + Module *module; + Module *allocated = NULL; + CK_RV rv = CKR_OK; + + /* WARNING: This function must be reentrant for the same arguments */ + + _p11_lock (); + + rv = init_globals_unlocked (); + if (rv == CKR_OK) { + + module = hash_get (gl.modules, funcs); + if (module == NULL) { + allocated = module = alloc_module_unlocked (); + module->funcs = funcs; + } + + /* WARNING: Reentrancy can occur here */ + rv = initialize_module_unlocked_reentrant (module); + + /* If this was newly allocated, add it to the list */ + if (rv == CKR_OK && allocated) { + hash_set (gl.modules, allocated->funcs, allocated); + allocated = NULL; + } + + free (allocated); + } + + _p11_unlock (); + + return rv; +} + +/** + * p11_kit_finalize_module: + * @funcs: loaded module to finalize. + * + * Finalize an arbitrary PKCS\#11 module. The module must have been initialized + * using p11_kit_initialize_module(). In most cases callers will want to use + * p11_kit_finalize_registered() instead of this function. + * + * Using this function to finalize modules allows coordination between + * multiple users of the same module in a single process. The caller should + * call the module's C_Finalize method. This function will call + * C_Finalize as necessary. + * + * If the module was initialized more than once, then this function will + * decrement an initialization count for the module. When the count reaches zero + * the module will be truly finalized. It is safe (although usually unnecessary) + * to use this function on registered modules if (and only if) they were + * initialized using p11_kit_initialize_module() for some reason. + * + * Returns: CKR_OK if the finalization was successful. + */ +CK_RV +p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs) +{ + Module *module; + CK_RV rv = CKR_OK; + + /* WARNING: This function must be reentrant for the same arguments */ + + _p11_lock (); + + module = gl.modules ? hash_get (gl.modules, funcs) : NULL; + if (module == NULL) { + rv = CKR_ARGUMENTS_BAD; + } else { + /* WARNING: Rentrancy can occur here */ + rv = finalize_module_unlocked_reentrant (module); + } + + _p11_unlock (); + + return rv; +} diff --git a/p11-kit/p11-kit-messages.c b/p11-kit/p11-kit-messages.c new file mode 100644 index 0000000..0920a37 --- /dev/null +++ b/p11-kit/p11-kit-messages.c @@ -0,0 +1,242 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "pkcs11.h" +#include "p11-kit.h" + +/** + * SECTION:p11-kit-util + * @title: Utilities + * @short_description: Message Utilities + * + * Utility functions for working with PKCS\#11. + */ + +#ifdef ENABLE_NLS +#include +#define _(x) dgettext(PACKAGE_NAME, x) +#else +#define _(x) x +#endif + +/** + * p11_kit_strerror: + * @rv: The PKCS\#11 return value to get a message for. + * + * Get a message for a PKCS\#11 return value or error code. Do not + * pass CKR_OK or other such non errors to this function. + * + * Returns: The user readable and localized message. + **/ +const char* +p11_kit_strerror (CK_RV rv) +{ + switch (rv) { + + /* These are not really errors, or not current */ + case CKR_OK: + case CKR_NO_EVENT: + case CKR_FUNCTION_NOT_PARALLEL: + case CKR_SESSION_PARALLEL_NOT_SUPPORTED: + return ""; + + case CKR_CANCEL: + case CKR_FUNCTION_CANCELED: + return _("The operation was cancelled"); + + case CKR_HOST_MEMORY: + return _("Insufficient memory available"); + case CKR_SLOT_ID_INVALID: + return _("The specified slot ID is not valid"); + case CKR_GENERAL_ERROR: + return _("Internal error"); + case CKR_FUNCTION_FAILED: + return _("The operation failed"); + case CKR_ARGUMENTS_BAD: + return _("Invalid arguments"); + case CKR_NEED_TO_CREATE_THREADS: + return _("The module cannot create needed threads"); + case CKR_CANT_LOCK: + return _("The module cannot lock data properly"); + case CKR_ATTRIBUTE_READ_ONLY: + return _("The field is read-only"); + case CKR_ATTRIBUTE_SENSITIVE: + return _("The field is sensitive and cannot be revealed"); + case CKR_ATTRIBUTE_TYPE_INVALID: + return _("The field is invalid or does not exist"); + case CKR_ATTRIBUTE_VALUE_INVALID: + return _("Invalid value for field"); + case CKR_DATA_INVALID: + return _("The data is not valid or unrecognized"); + case CKR_DATA_LEN_RANGE: + return _("The data is too long"); + case CKR_DEVICE_ERROR: + return _("An error occurred on the device"); + case CKR_DEVICE_MEMORY: + return _("Insufficient memory available on the device"); + case CKR_DEVICE_REMOVED: + return _("The device was removed or unplugged"); + case CKR_ENCRYPTED_DATA_INVALID: + return _("The encrypted data is not valid or unrecognized"); + case CKR_ENCRYPTED_DATA_LEN_RANGE: + return _("The encrypted data is too long"); + case CKR_FUNCTION_NOT_SUPPORTED: + return _("This operation is not supported"); + case CKR_KEY_HANDLE_INVALID: + return _("The key is missing or invalid"); + case CKR_KEY_SIZE_RANGE: + return _("The key is the wrong size"); + case CKR_KEY_TYPE_INCONSISTENT: + return _("The key is of the wrong type"); + case CKR_KEY_NOT_NEEDED: + return _("No key is needed"); + case CKR_KEY_CHANGED: + return _("The key is different than before"); + case CKR_KEY_NEEDED: + return _("A key is needed"); + case CKR_KEY_INDIGESTIBLE: + return _("Cannot include the key in the digest"); + case CKR_KEY_FUNCTION_NOT_PERMITTED: + return _("This operation cannot be done with this key"); + case CKR_KEY_NOT_WRAPPABLE: + return _("The key cannot be wrapped"); + case CKR_KEY_UNEXTRACTABLE: + return _("Cannot export this key"); + case CKR_MECHANISM_INVALID: + return _("The crypto mechanism is invalid or unrecognized"); + case CKR_MECHANISM_PARAM_INVALID: + return _("The crypto mechanism has an invalid argument"); + case CKR_OBJECT_HANDLE_INVALID: + return _("The object is missing or invalid"); + case CKR_OPERATION_ACTIVE: + return _("Another operation is already taking place"); + case CKR_OPERATION_NOT_INITIALIZED: + return _("No operation is taking place"); + case CKR_PIN_INCORRECT: + return _("The password or PIN is incorrect"); + case CKR_PIN_INVALID: + return _("The password or PIN is invalid"); + case CKR_PIN_LEN_RANGE: + return _("The password or PIN is of an invalid length"); + case CKR_PIN_EXPIRED: + return _("The password or PIN has expired"); + case CKR_PIN_LOCKED: + return _("The password or PIN is locked"); + case CKR_SESSION_CLOSED: + return _("The session is closed"); + case CKR_SESSION_COUNT: + return _("Too many sessions are active"); + case CKR_SESSION_HANDLE_INVALID: + return _("The session is invalid"); + case CKR_SESSION_READ_ONLY: + return _("The session is read-only"); + case CKR_SESSION_EXISTS: + return _("An open session exists"); + case CKR_SESSION_READ_ONLY_EXISTS: + return _("A read-only session exists"); + case CKR_SESSION_READ_WRITE_SO_EXISTS: + return _("An administrator session exists"); + case CKR_SIGNATURE_INVALID: + return _("The signature is bad or corrupted"); + case CKR_SIGNATURE_LEN_RANGE: + return _("The signature is unrecognized or corrupted"); + case CKR_TEMPLATE_INCOMPLETE: + return _("Certain required fields are missing"); + case CKR_TEMPLATE_INCONSISTENT: + return _("Certain fields have invalid values"); + case CKR_TOKEN_NOT_PRESENT: + return _("The device is not present or unplugged"); + case CKR_TOKEN_NOT_RECOGNIZED: + return _("The device is invalid or unrecognizable"); + case CKR_TOKEN_WRITE_PROTECTED: + return _("The device is write protected"); + case CKR_UNWRAPPING_KEY_HANDLE_INVALID: + return _("Cannot import because the key is invalid"); + case CKR_UNWRAPPING_KEY_SIZE_RANGE: + return _("Cannot import because the key is of the wrong size"); + case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: + return _("Cannot import because the key is of the wrong type"); + case CKR_USER_ALREADY_LOGGED_IN: + return _("You are already logged in"); + case CKR_USER_NOT_LOGGED_IN: + return _("No user has logged in"); + case CKR_USER_PIN_NOT_INITIALIZED: + return _("The user's password or PIN is not set"); + case CKR_USER_TYPE_INVALID: + return _("The user is of an invalid type"); + case CKR_USER_ANOTHER_ALREADY_LOGGED_IN: + return _("Another user is already logged in"); + case CKR_USER_TOO_MANY_TYPES: + return _("Too many users of different types are logged in"); + case CKR_WRAPPED_KEY_INVALID: + return _("Cannot import an invalid key"); + case CKR_WRAPPED_KEY_LEN_RANGE: + return _("Cannot import a key of the wrong size"); + case CKR_WRAPPING_KEY_HANDLE_INVALID: + return _("Cannot export because the key is invalid"); + case CKR_WRAPPING_KEY_SIZE_RANGE: + return _("Cannot export because the key is of the wrong size"); + case CKR_WRAPPING_KEY_TYPE_INCONSISTENT: + return _("Cannot export because the key is of the wrong type"); + case CKR_RANDOM_SEED_NOT_SUPPORTED: + return _("Unable to initialize the random number generator"); + case CKR_RANDOM_NO_RNG: + return _("No random number generator available"); + case CKR_DOMAIN_PARAMS_INVALID: + return _("The crypto mechanism has an invalid parameter"); + case CKR_BUFFER_TOO_SMALL: + return _("Not enough space to store the result"); + case CKR_SAVED_STATE_INVALID: + return _("The saved state is invalid"); + case CKR_INFORMATION_SENSITIVE: + return _("The information is sensitive and cannot be revealed"); + case CKR_STATE_UNSAVEABLE: + return _("The state cannot be saved"); + case CKR_CRYPTOKI_NOT_INITIALIZED: + return _("The module has not been initialized"); + case CKR_CRYPTOKI_ALREADY_INITIALIZED: + return _("The module has already been initialized"); + case CKR_MUTEX_BAD: + return _("Cannot lock data"); + case CKR_MUTEX_NOT_LOCKED: + return _("The data cannot be locked"); + case CKR_FUNCTION_REJECTED: + return _("The signature request was rejected by the user"); + + default: + return _("Unknown error"); + } +} diff --git a/p11-kit/p11-kit-private.h b/p11-kit/p11-kit-private.h new file mode 100644 index 0000000..5fbe1eb --- /dev/null +++ b/p11-kit/p11-kit-private.h @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_KIT_PRIVATE_H__ +#define __P11_KIT_PRIVATE_H__ + +extern pthread_mutex_t _p11_mutex; + +#define _p11_lock() pthread_mutex_lock (&_p11_mutex); + +#define _p11_unlock() pthread_mutex_unlock (&_p11_mutex); + +CK_FUNCTION_LIST_PTR_PTR _p11_kit_registered_modules_unlocked (void); + +CK_RV _p11_kit_initialize_registered_unlocked_reentrant (void); + +CK_RV _p11_kit_finalize_registered_unlocked_reentrant (void); + +void _p11_kit_proxy_after_fork (void); + +#endif /* __P11_KIT_PRIVATE_H__ */ diff --git a/p11-kit/p11-kit-proxy.c b/p11-kit/p11-kit-proxy.c new file mode 100644 index 0000000..fd28a19 --- /dev/null +++ b/p11-kit/p11-kit-proxy.c @@ -0,0 +1,1382 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * Copyright (C) 2008 Stefan Walter + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "hash.h" +#include "pkcs11.h" +#include "p11-kit.h" +#include "p11-kit-private.h" +#include "util.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* Start wrap slots slightly higher for testing */ +#define MAPPING_OFFSET 0x10 +#define FIRST_HANDLE 0x10 + +typedef struct _Mapping { + CK_SLOT_ID wrap_slot; + CK_SLOT_ID real_slot; + CK_FUNCTION_LIST_PTR funcs; +} Mapping; + +typedef struct _Session { + CK_SESSION_HANDLE wrap_session; + CK_SESSION_HANDLE real_session; + CK_SLOT_ID wrap_slot; +} Session; + +/* Forward declaration */ +static CK_FUNCTION_LIST proxy_function_list; + +/* + * Shared data between threads, protected by the mutex, a structure so + * we can audit thread safety easier. + */ +static struct _Shared { + Mapping *mappings; + unsigned int n_mappings; + int mappings_refs; + hash_t *sessions; + CK_ULONG last_handle; +} gl = { NULL, 0, 0, NULL, FIRST_HANDLE }; + +#define MANUFACTURER_ID "PKCS#11 Kit " +#define LIBRARY_DESCRIPTION "PKCS#11 Kit Proxy Module " +#define LIBRARY_VERSION_MAJOR 1 +#define LIBRARY_VERSION_MINOR 1 + +/* ----------------------------------------------------------------------------- + * PKCS#11 PROXY MODULE + */ + +static CK_RV +map_slot_unlocked (CK_SLOT_ID slot, Mapping *mapping) +{ + assert (mapping); + + if (slot < MAPPING_OFFSET) + return CKR_SLOT_ID_INVALID; + slot -= MAPPING_OFFSET; + + if (slot > gl.n_mappings) { + return CKR_SLOT_ID_INVALID; + } else { + assert (gl.mappings); + memcpy (mapping, &gl.mappings[slot], sizeof (Mapping)); + return CKR_OK; + } +} + +static CK_RV +map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping) +{ + CK_RV rv; + + assert (mapping); + + _p11_lock (); + + if (!gl.mappings) + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + else + rv = map_slot_unlocked (*slot, mapping); + if (rv == CKR_OK) + *slot = mapping->real_slot; + + _p11_unlock (); + + return rv; +} + +static CK_RV +map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *session) +{ + CK_RV rv = CKR_OK; + Session *sess; + + assert (handle); + assert (mapping); + + _p11_lock (); + + if (!gl.sessions) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + assert (gl.sessions); + sess = hash_get (gl.sessions, &handle); + if (sess != NULL) { + *handle = sess->real_session; + rv = map_slot_unlocked (sess->wrap_slot, mapping); + if (session != NULL) + memcpy (session, sess, sizeof (Session)); + } else { + rv = CKR_SESSION_HANDLE_INVALID; + } + } + + _p11_unlock (); + + return rv; +} + +static void +finalize_mappings_unlocked (void) +{ + assert (gl.mappings_refs); + + if (--gl.mappings_refs) + return; + + /* No more mappings */ + free (gl.mappings); + gl.mappings = NULL; + gl.n_mappings = 0; + + /* no more sessions */ + hash_free (gl.sessions); + gl.sessions = NULL; +} + +void +_p11_kit_proxy_after_fork (void) +{ + /* + * After a fork the callers are supposed to call C_Initialize and all. + * In addition the underlying libraries may change their state so free + * up any mappings and all + */ + + _p11_lock (); + + gl.mappings_refs = 1; + finalize_mappings_unlocked (); + assert (!gl.mappings); + + _p11_unlock (); +} + +static CK_RV +proxy_C_Finalize (CK_VOID_PTR reserved) +{ + CK_RV rv; + + /* WARNING: This function must be reentrant */ + + if (reserved) + return CKR_ARGUMENTS_BAD; + + _p11_lock (); + + /* WARNING: Reentrancy can occur here */ + rv = _p11_kit_finalize_registered_unlocked_reentrant (); + + /* + * If modules are all gone, then this was the last + * finalize, so cleanup our mappings + */ + if (gl.mappings_refs) + finalize_mappings_unlocked (); + + _p11_unlock (); + + return rv; +} + +static CK_RV +initialize_mappings_unlocked_reentrant (void) +{ + CK_FUNCTION_LIST_PTR *funcss, *f; + CK_FUNCTION_LIST_PTR funcs; + Mapping *mappings = NULL; + int n_mappings = 0; + CK_SLOT_ID_PTR slots; + CK_ULONG i, count; + CK_RV rv; + + assert (!gl.mappings); + + funcss = _p11_kit_registered_modules_unlocked (); + for (f = funcss; *f; ++f) { + funcs = *f; + + assert (funcs); + slots = NULL; + + _p11_unlock (); + + /* Ask module for its slots */ + rv = (funcs->C_GetSlotList) (FALSE, NULL, &count); + if (rv == CKR_OK && count) { + slots = calloc (sizeof (CK_SLOT_ID), count); + if (!slots) + rv = CKR_HOST_MEMORY; + else + rv = (funcs->C_GetSlotList) (FALSE, slots, &count); + } + + _p11_lock (); + + if (rv != CKR_OK) { + free (slots); + break; + } + + mappings = xrealloc (mappings, sizeof (Mapping) * (n_mappings + count)); + if (!mappings) { + free (slots); + rv = CKR_HOST_MEMORY; + break; + } + + /* And now add a mapping for each of those slots */ + for (i = 0; i < count; ++i) { + mappings[n_mappings].funcs = funcs; + mappings[n_mappings].wrap_slot = n_mappings + MAPPING_OFFSET; + mappings[n_mappings].real_slot = slots[i]; + ++n_mappings; + } + + free (slots); + } + + /* Another thread raced us here due to above reentrancy */ + if (gl.mappings) { + free (mappings); + return CKR_OK; + } + + assert (!gl.sessions); + gl.sessions = hash_create (hash_ulongptr_hash, hash_ulongptr_equal, NULL, free); + ++gl.mappings_refs; + + /* Any cleanup necessary for failure will happen at caller */ + return rv; +} + +static CK_RV +proxy_C_Initialize (CK_VOID_PTR init_args) +{ + CK_RV rv; + + /* WARNING: This function must be reentrant */ + + _p11_lock (); + + /* WARNING: Reentrancy can occur here */ + rv = _p11_kit_initialize_registered_unlocked_reentrant (); + + /* WARNING: Reentrancy can occur here */ + if (rv == CKR_OK && !gl.mappings_refs == 0) + rv = initialize_mappings_unlocked_reentrant (); + + _p11_unlock (); + + if (rv != CKR_OK) + proxy_C_Finalize (NULL); + + return rv; +} + +static CK_RV +proxy_C_GetInfo (CK_INFO_PTR info) +{ + CK_RV rv = CKR_OK; + + if (info == NULL) + return CKR_ARGUMENTS_BAD; + + _p11_lock (); + + if (!gl.mappings) + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + _p11_unlock (); + + if (rv != CKR_OK) + return rv; + + info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR; + info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR; + info->libraryVersion.major = LIBRARY_VERSION_MAJOR; + info->libraryVersion.minor = LIBRARY_VERSION_MINOR; + info->flags = 0; + strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32); + strncpy ((char*)info->libraryDescription, LIBRARY_DESCRIPTION, 32); + return CKR_OK; +} + +static CK_RV +proxy_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + /* Can be called before C_Initialize */ + + if (!list) + return CKR_ARGUMENTS_BAD; + *list = &proxy_function_list; + return CKR_OK; +} + +static CK_RV +proxy_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + CK_SLOT_INFO info; + Mapping *mapping; + CK_ULONG index; + CK_RV rv = CKR_OK; + int i; + + if (!count) + return CKR_ARGUMENTS_BAD; + + _p11_lock (); + + if (!gl.mappings) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + index = 0; + + /* Go through and build up a map */ + for (i = 0; i < gl.n_mappings; ++i) { + mapping = &gl.mappings[i]; + + /* Skip ones without a token if requested */ + if (token_present) { + rv = (mapping->funcs->C_GetSlotInfo) (mapping->real_slot, &info); + if (rv != CKR_OK) + break; + if (!(info.flags & CKF_TOKEN_PRESENT)) + continue; + } + + /* Fill in the slot if we can */ + if (slot_list && *count > index) + slot_list[index] = mapping->wrap_slot; + + ++index; + } + + if (slot_list && *count < index) + rv = CKR_BUFFER_TOO_SMALL; + + *count = index; + } + + _p11_unlock (); + + return rv; +} + +static CK_RV +proxy_C_GetSlotInfo (CK_SLOT_ID id, CK_SLOT_INFO_PTR info) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetSlotInfo) (id, info); +} + +static CK_RV +proxy_C_GetTokenInfo (CK_SLOT_ID id, CK_TOKEN_INFO_PTR info) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetTokenInfo) (id, info); +} + +static CK_RV +proxy_C_GetMechanismList (CK_SLOT_ID id, CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetMechanismList) (id, mechanism_list, count); +} + +static CK_RV +proxy_C_GetMechanismInfo (CK_SLOT_ID id, CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetMechanismInfo) (id, type, info); +} + +static CK_RV +proxy_C_InitToken (CK_SLOT_ID id, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, CK_UTF8CHAR_PTR label) +{ + Mapping map; + CK_RV rv; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_InitToken) (id, pin, pin_len, label); +} + +static CK_RV +proxy_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +static CK_RV +proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data, + CK_NOTIFY callback, CK_SESSION_HANDLE_PTR handle) +{ + Session *sess; + Mapping map; + CK_RV rv; + + if (handle == NULL) + return CKR_ARGUMENTS_BAD; + + rv = map_slot_to_real (&id, &map); + if (rv != CKR_OK) + return rv; + + rv = (map.funcs->C_OpenSession) (id, flags, user_data, callback, handle); + + if (rv == CKR_OK) { + _p11_lock (); + + if (!gl.sessions) { + /* + * The underlying module should have returned an error, so this + * code should never be reached with properly behaving modules. + * That's why we don't cleanup and close the newly opened session here + * or anything like that. + */ + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + + } else { + sess = calloc (1, sizeof (Session)); + sess->wrap_slot = map.wrap_slot; + sess->real_session = *handle; + sess->wrap_session = ++gl.last_handle; /* TODO: Handle wrapping, and then collisions */ + hash_set (gl.sessions, &sess->wrap_session, sess); + *handle = sess->wrap_session; + } + + _p11_unlock (); + } + + return rv; +} + +static CK_RV +proxy_C_CloseSession (CK_SESSION_HANDLE handle) +{ + CK_SESSION_HANDLE key; + Mapping map; + CK_RV rv; + + key = handle; + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + rv = (map.funcs->C_CloseSession) (handle); + + if (rv == CKR_OK) { + _p11_lock (); + + if (gl.sessions) + hash_remove (gl.sessions, &key); + + _p11_unlock (); + } + + return rv; +} + +static CK_RV +proxy_C_CloseAllSessions (CK_SLOT_ID id) +{ + CK_SESSION_HANDLE_PTR to_close; + CK_RV rv = CKR_OK; + Session *sess; + CK_ULONG i, count = 0; + hash_iter_t iter; + + _p11_lock (); + + if (!gl.sessions) { + rv = CKR_CRYPTOKI_NOT_INITIALIZED; + } else { + to_close = calloc (sizeof (CK_SESSION_HANDLE), hash_count (gl.sessions)); + if (!to_close) { + rv = CKR_HOST_MEMORY; + } else { + hash_iterate (gl.sessions, &iter); + count = 0; + while (hash_next (&iter, NULL, (void**)&sess)) { + if (sess->wrap_slot == id && to_close) + to_close[count++] = sess->wrap_session; + } + } + } + + _p11_unlock (); + + if (rv != CKR_OK) + return rv; + + for (i = 0; i < count; ++i) + proxy_C_CloseSession (to_close[i]); + + free (to_close); + return CKR_OK; +} + +static CK_RV +proxy_C_GetFunctionStatus (CK_SESSION_HANDLE handle) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetFunctionStatus) (handle); +} + +static CK_RV +proxy_C_CancelFunction (CK_SESSION_HANDLE handle) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_CancelFunction) (handle); +} + +static CK_RV +proxy_C_GetSessionInfo (CK_SESSION_HANDLE handle, CK_SESSION_INFO_PTR info) +{ + Mapping map; + CK_RV rv; + + if (info == NULL) + return CKR_ARGUMENTS_BAD; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + rv = (map.funcs->C_GetSessionInfo) (handle, info); + if (rv == CKR_OK) + info->slotID = map.wrap_slot; + + return rv; +} + +static CK_RV +proxy_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_InitPIN) (handle, pin, pin_len); +} + +static CK_RV +proxy_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_SetPIN) (handle, old_pin, old_pin_len, new_pin, new_pin_len); +} + +static CK_RV +proxy_C_GetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len); +} + +static CK_RV +proxy_C_SetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key); +} + +static CK_RV +proxy_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_Login) (handle, user_type, pin, pin_len); +} + +static CK_RV +proxy_C_Logout (CK_SESSION_HANDLE handle) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Logout) (handle); +} + +static CK_RV +proxy_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template, + CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + + return (map.funcs->C_CreateObject) (handle, template, count, new_object); +} + +static CK_RV +proxy_C_CopyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_CopyObject) (handle, object, template, count, new_object); +} + +static CK_RV +proxy_C_DestroyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DestroyObject) (handle, object); +} + +static CK_RV +proxy_C_GetObjectSize (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetObjectSize) (handle, object, size); +} + +static CK_RV +proxy_C_GetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, CK_ULONG count) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GetAttributeValue) (handle, object, template, count); +} + +static CK_RV +proxy_C_SetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, CK_ULONG count) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SetAttributeValue) (handle, object, template, count); +} + +static CK_RV +proxy_C_FindObjectsInit (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_FindObjectsInit) (handle, template, count); +} + +static CK_RV +proxy_C_FindObjects (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, CK_ULONG_PTR count) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_FindObjects) (handle, objects, max_count, count); +} + +static CK_RV +proxy_C_FindObjectsFinal (CK_SESSION_HANDLE handle) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_FindObjectsFinal) (handle); +} + +static CK_RV +proxy_C_EncryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_EncryptInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_Encrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Encrypt) (handle, data, data_len, encrypted_data, encrypted_data_len); +} + +static CK_RV +proxy_C_EncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, + CK_ULONG part_len, CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len); +} + +static CK_RV +proxy_C_EncryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len); +} + +static CK_RV +proxy_C_DecryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_Decrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, data, data_len); +} + +static CK_RV +proxy_C_DecryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, CK_BYTE_PTR part, CK_ULONG_PTR part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len); +} + +static CK_RV +proxy_C_DecryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len); +} + +static CK_RV +proxy_C_DigestInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestInit) (handle, mechanism); +} + +static CK_RV +proxy_C_Digest (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR digest, CK_ULONG_PTR digest_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Digest) (handle, data, data_len, digest, digest_len); +} + +static CK_RV +proxy_C_DigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestUpdate) (handle, part, part_len); +} + +static CK_RV +proxy_C_DigestKey (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestKey) (handle, key); +} + +static CK_RV +proxy_C_DigestFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestFinal) (handle, digest, digest_len); +} + +static CK_RV +proxy_C_SignInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_Sign (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Sign) (handle, data, data_len, signature, signature_len); +} + +static CK_RV +proxy_C_SignUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignUpdate) (handle, part, part_len); +} + +static CK_RV +proxy_C_SignFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignFinal) (handle, signature, signature_len); +} + +static CK_RV +proxy_C_SignRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignRecoverInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_SignRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignRecover) (handle, data, data_len, signature, signature_len); +} + +static CK_RV +proxy_C_VerifyInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_Verify (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len, + CK_BYTE_PTR signature, CK_ULONG signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_Verify) (handle, data, data_len, signature, signature_len); +} + +static CK_RV +proxy_C_VerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyUpdate) (handle, part, part_len); +} + +static CK_RV +proxy_C_VerifyFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyFinal) (handle, signature, signature_len); +} + +static CK_RV +proxy_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key); +} + +static CK_RV +proxy_C_VerifyRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature, + CK_ULONG signature_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, data, data_len); +} + +static CK_RV +proxy_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, + CK_ULONG part_len, CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); +} + +static CK_RV +proxy_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len); +} + +static CK_RV +proxy_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, + CK_ULONG part_len, CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len); +} + +static CK_RV +proxy_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len); +} + +static CK_RV +proxy_C_GenerateKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key); +} + +static CK_RV +proxy_C_GenerateKeyPair (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, CK_OBJECT_HANDLE_PTR priv_key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key); +} + +static CK_RV +proxy_C_WrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, CK_ULONG_PTR wrapped_key_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len); +} + +static CK_RV +proxy_C_UnwrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, CK_ATTRIBUTE_PTR template, + CK_ULONG count, CK_OBJECT_HANDLE_PTR key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key); +} + +static CK_RV +proxy_C_DeriveKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, CK_ATTRIBUTE_PTR template, + CK_ULONG count, CK_OBJECT_HANDLE_PTR key) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key); +} + +static CK_RV +proxy_C_SeedRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR seed, CK_ULONG seed_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_SeedRandom) (handle, seed, seed_len); +} + +static CK_RV +proxy_C_GenerateRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + Mapping map; + CK_RV rv; + + rv = map_session_to_real (&handle, &map, NULL); + if (rv != CKR_OK) + return rv; + return (map.funcs->C_GenerateRandom) (handle, random_data, random_len); +} + +/* -------------------------------------------------------------------- + * MODULE ENTRY POINT + */ + +static CK_FUNCTION_LIST proxy_function_list = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ + proxy_C_Initialize, + proxy_C_Finalize, + proxy_C_GetInfo, + proxy_C_GetFunctionList, + proxy_C_GetSlotList, + proxy_C_GetSlotInfo, + proxy_C_GetTokenInfo, + proxy_C_GetMechanismList, + proxy_C_GetMechanismInfo, + proxy_C_InitToken, + proxy_C_InitPIN, + proxy_C_SetPIN, + proxy_C_OpenSession, + proxy_C_CloseSession, + proxy_C_CloseAllSessions, + proxy_C_GetSessionInfo, + proxy_C_GetOperationState, + proxy_C_SetOperationState, + proxy_C_Login, + proxy_C_Logout, + proxy_C_CreateObject, + proxy_C_CopyObject, + proxy_C_DestroyObject, + proxy_C_GetObjectSize, + proxy_C_GetAttributeValue, + proxy_C_SetAttributeValue, + proxy_C_FindObjectsInit, + proxy_C_FindObjects, + proxy_C_FindObjectsFinal, + proxy_C_EncryptInit, + proxy_C_Encrypt, + proxy_C_EncryptUpdate, + proxy_C_EncryptFinal, + proxy_C_DecryptInit, + proxy_C_Decrypt, + proxy_C_DecryptUpdate, + proxy_C_DecryptFinal, + proxy_C_DigestInit, + proxy_C_Digest, + proxy_C_DigestUpdate, + proxy_C_DigestKey, + proxy_C_DigestFinal, + proxy_C_SignInit, + proxy_C_Sign, + proxy_C_SignUpdate, + proxy_C_SignFinal, + proxy_C_SignRecoverInit, + proxy_C_SignRecover, + proxy_C_VerifyInit, + proxy_C_Verify, + proxy_C_VerifyUpdate, + proxy_C_VerifyFinal, + proxy_C_VerifyRecoverInit, + proxy_C_VerifyRecover, + proxy_C_DigestEncryptUpdate, + proxy_C_DecryptDigestUpdate, + proxy_C_SignEncryptUpdate, + proxy_C_DecryptVerifyUpdate, + proxy_C_GenerateKey, + proxy_C_GenerateKeyPair, + proxy_C_WrapKey, + proxy_C_UnwrapKey, + proxy_C_DeriveKey, + proxy_C_SeedRandom, + proxy_C_GenerateRandom, + proxy_C_GetFunctionStatus, + proxy_C_CancelFunction, + proxy_C_WaitForSlotEvent +}; + +CK_RV +C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list) +{ + return proxy_C_GetFunctionList (list); +} diff --git a/p11-kit/p11-kit-uri.c b/p11-kit/p11-kit-uri.c new file mode 100644 index 0000000..5004ba1 --- /dev/null +++ b/p11-kit/p11-kit-uri.c @@ -0,0 +1,1195 @@ +/* + * Copyright (C) 2011 Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "pkcs11.h" +#include "p11-kit-uri.h" +#include "util.h" + +#include +#include +#include +#include +#include + +/** + * SECTION:p11-kit-uri + * @title: URIs + * @short_description: Parsing and formatting PKCS\#11 URIs + * + * PKCS\#11 URIs can be used in configuration files or applications to represent + * PKCS\#11 modules, tokens or objects. An example of a URI might be: + * + * + * pkcs11:token=The\%20Software\%20PKCS\#11\%20softtoken; + * manufacturer=Snake\%20Oil,\%20Inc.;serial=;object=my-certificate; + * model=1.0;objecttype=cert;id=\%69\%95\%3e\%5c\%f4\%bd\%ec\%91 + * + * + * You can use p11_kit_uri_parse() to parse such a URI, and p11_kit_uri_format() + * to build one. URIs are represented by the #P11KitUri structure. You can match + * a parsed URI against PKCS\#11 tokens with p11_kit_uri_match_token_info() + * or attributes with p11_kit_uri_match_attributes(). + * + * Since URIs can represent different sorts of things, when parsing or formatting + * a URI a 'context' can be used to indicate which sort of URI is expected. + * + * URIs have an unrecognized flag. This flag is set during parsing + * if any parts of the URI are not recognized. This may be because the part is + * from a newer version of the PKCS\#11 spec or because that part was not valid + * inside of the desired context used when parsing. + */ + +/** + * P11KitUri: + * + * A structure representing a PKCS\#11 URI. There are no public fields + * visible in this structure. Use the various accessor functions. + */ + +/** + * P11KitUriType: + * @P11_KIT_URI_IS_MODULE: The URI represents one or more modules + * @P11_KIT_URI_IS_TOKEN: The URI represents one or more tokens + * @P11_KIT_URI_IS_OBJECT: The URI represents one or more objects + * @P11_KIT_URI_IS_ANY: The URI can represent anything + * + * A PKCS\#11 URI can represent different kinds of things. This flag is used by + * p11_kit_uri_parse() to denote in what context the URI will be used. + */ + +/** + * P11KitUriResult: + * @P11_KIT_URI_OK: Success + * @P11_KIT_URI_NO_MEMORY: Memory allocation failed + * @P11_KIT_URI_BAD_SCHEME: The URI had a bad scheme + * @P11_KIT_URI_BAD_ENCODING: The URI had a bad encoding + * @P11_KIT_URI_BAD_SYNTAX: The URI had a bad syntax + * @P11_KIT_URI_BAD_VERSION: The URI contained a bad version number + * @P11_KIT_URI_NOT_FOUND: A requested part of the URI was not found + * + * Error codes returned by various functions. The functions each clearly state + * which error codes they are capable of returning. + */ + +/** + * P11_KIT_URI_SCHEME: + * + * String of URI scheme for PKCS\#11 URIs. + */ + +/** + * P11_KIT_URI_SCHEME_LEN: + * + * Length of %P11_KIT_URI_SCHEME. + */ + +enum { + CLASS_IDX, + LABEL_IDX, + ID_IDX, + NUM_ATTRS, +}; + +struct _P11KitUri { + int unrecognized; + CK_INFO module; + CK_TOKEN_INFO token; + CK_ATTRIBUTE attrs[NUM_ATTRS]; +}; + +const static char HEX_CHARS[] = "0123456789abcdef"; + +static int +url_decode (const char *value, const char *end, + unsigned char** output, size_t *length) +{ + char *a, *b; + unsigned char *result, *p; + + assert (output); + assert (value <= end); + + /* String can only get shorter */ + result = malloc ((end - value) + 1); + if (!result) + return P11_KIT_URI_NO_MEMORY; + + /* Now loop through looking for escapes */ + p = result; + while (value != end) { + /* + * A percent sign followed by two hex digits means + * that the digits represent an escaped character. + */ + if (*value == '%') { + value++; + if (value + 2 > end) { + free (result); + return P11_KIT_URI_BAD_ENCODING; + } + a = strchr (HEX_CHARS, tolower (value[0])); + b = strchr (HEX_CHARS, tolower (value[1])); + if (!a || !b) { + free (result); + return P11_KIT_URI_BAD_ENCODING; + } + *p = (a - HEX_CHARS) << 4; + *(p++) |= (b - HEX_CHARS); + value += 2; + } else { + *(p++) = *(value++); + } + } + + *p = 0; + if (length) + *length = p - result; + *output = result; + return P11_KIT_URI_OK; +} + +static char* +url_encode (const unsigned char *value, const unsigned char *end, size_t *length) +{ + char *p; + char *result; + + assert (value <= end); + + /* Just allocate for worst case */ + result = malloc (((end - value) * 3) + 1); + if (!result) + return NULL; + + /* Now loop through looking for escapes */ + p = result; + while (value != end) { + + /* These characters we let through verbatim */ + if (*value && (isalnum (*value) || strchr ("_-.", *value) != NULL)) { + *(p++) = *(value++); + + /* All others get encoded */ + } else { + *(p++) = '%'; + *(p++) = HEX_CHARS[((unsigned char)*value) >> 4]; + *(p++) = HEX_CHARS[((unsigned char)*value) & 0x0F]; + ++value; + } + } + + *p = 0; + if (length) + *length = p - result; + return result; +} + +static int +attribute_to_idx (CK_ATTRIBUTE_TYPE type) +{ + switch (type) { + case CKA_CLASS: + return CLASS_IDX; + case CKA_LABEL: + return LABEL_IDX; + case CKA_ID: + return ID_IDX; + default: + return -1; + } +} + +static CK_ATTRIBUTE_TYPE +idx_to_attribute (int idx) +{ + switch (idx) { + case CLASS_IDX: + return CKA_CLASS; + case LABEL_IDX: + return CKA_LABEL; + case ID_IDX: + return CKA_ID; + default: + assert (0); + } +} + +static int +match_struct_string (const unsigned char *inuri, const unsigned char *real, + size_t length) +{ + assert (inuri); + assert (real); + assert (length > 0); + + /* NULL matches anything */ + if (inuri[0] == 0) + return 1; + + return memcmp (inuri, real, length) == 0 ? 1 : 0; +} + +static int +match_struct_version (CK_VERSION_PTR inuri, CK_VERSION_PTR real) +{ + /* This matches anything */ + if (inuri->major == (CK_BYTE)-1 && inuri->minor == (CK_BYTE)-1) + return 1; + + return memcmp (inuri, real, sizeof (CK_VERSION)); +} + +/** + * p11_kit_uri_get_module_info: + * @uri: the URI + * + * Get the CK_INFO structure associated with this URI. + * + * If this is a parsed URI, then the fields corresponding to library parts of + * the URI will be filled in. Any library URI parts that were missing will have + * their fields filled with zeros. + * + * If the caller wishes to setup information for building a URI, then relevant + * fields should be filled in. Fields that should not appear as parts in the + * resulting URI should be filled with zeros. + * + * Returns: A pointer to the CK_INFO structure. + */ +CK_INFO_PTR +p11_kit_uri_get_module_info (P11KitUri *uri) +{ + assert (uri); + return &uri->module; +} + +/** + * p11_kit_uri_match_module_info: + * @uri: the URI + * @info: the structure to match against the URI + * + * Match a CK_INFO structure against the library parts of this URI. + * + * Only the fields of the CK_INFO structure that are valid for use + * in a URI will be matched. A URI part that was not specified in the URI will + * match any value in the structure. If during the URI parsing any unrecognized + * parts were encountered then this match will fail. + * + * Returns: 1 if the URI matches, 0 if not. + */ +int +p11_kit_uri_match_module_info (P11KitUri *uri, CK_INFO_PTR info) +{ + assert (uri); + assert (info); + + if (uri->unrecognized) + return 0; + + return (match_struct_string (uri->module.libraryDescription, + info->libraryDescription, + sizeof (info->libraryDescription)) && + match_struct_string (uri->module.manufacturerID, + info->manufacturerID, + sizeof (info->manufacturerID)) && + match_struct_version (&uri->module.libraryVersion, + &info->libraryVersion)); +} + +/** + * p11_kit_uri_get_token_info: + * @uri: the URI + * + * Get the CK_TOKEN_INFO structure associated with this URI. + * + * If this is a parsed URI, then the fields corresponding to token parts of + * the URI will be filled in. Any token URI parts that were missing will have + * their fields filled with zeros. + * + * If the caller wishes to setup information for building a URI, then relevant + * fields should be filled in. Fields that should not appear as parts in the + * resulting URI should be filled with zeros. + * + * Returns: A pointer to the CK_INFO structure. + */ +CK_TOKEN_INFO_PTR +p11_kit_uri_get_token_info (P11KitUri *uri) +{ + assert (uri); + return &uri->token; +} + +/** + * p11_kit_uri_match_token_info: + * @uri: the URI + * @token_info: the structure to match against the URI + * + * Match a CK_TOKEN_INFO structure against the token parts of this + * URI. + * + * Only the fields of the CK_TOKEN_INFO structure that are valid + * for use in a URI will be matched. A URI part that was not specified in the + * URI will match any value in the structure. If during the URI parsing any + * unrecognized parts were encountered then this match will fail. + * + * Returns: 1 if the URI matches, 0 if not. + */ +int +p11_kit_uri_match_token_info (P11KitUri *uri, CK_TOKEN_INFO_PTR token_info) +{ + assert (uri); + assert (token_info); + + if (uri->unrecognized) + return 0; + + return (match_struct_string (uri->token.label, + token_info->label, + sizeof (token_info->label)) && + match_struct_string (uri->token.manufacturerID, + token_info->manufacturerID, + sizeof (token_info->manufacturerID)) && + match_struct_string (uri->token.model, + token_info->model, + sizeof (token_info->model)) && + match_struct_string (uri->token.serialNumber, + token_info->serialNumber, + sizeof (token_info->serialNumber))); +} + +/** + * p11_kit_uri_get_attribute_types: + * @uri: The URI + * @n_types: A location at which to return the number of types returned + * + * Get the types of the attributes present in this URI. + * + * Returns: A newly allocated array of CK_ATTRIBUTE_TYPE. This + * should be freed with free() when done. + */ +CK_ATTRIBUTE_TYPE* +p11_kit_uri_get_attribute_types (P11KitUri *uri, int *n_types) +{ + CK_ATTRIBUTE_TYPE *result; + int i, j; + + assert (uri); + assert (n_types); + + result = calloc (NUM_ATTRS, sizeof (CK_ATTRIBUTE_TYPE)); + if (result == NULL) + return NULL; + + for (i = 0, j = 0; i < NUM_ATTRS; ++i) { + if (uri->attrs[i].ulValueLen != (CK_ULONG)-1) + result[j++] = uri->attrs[i].type; + } + + *n_types = j; + return result; +} + +/** + * p11_kit_uri_get_attribute: + * @uri: The URI + * @attr_type: The attribute type + * + * Get a pointer to an attribute present in this URI. + * + * Returns: A pointer to the attribute, or NULL if not present. + * The attribute is owned by the URI and should not be freed. + */ +CK_ATTRIBUTE_PTR +p11_kit_uri_get_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type) +{ + int idx; + + assert (uri); + + idx = attribute_to_idx (attr_type); + if (idx < 0) + return NULL; + + assert (idx < NUM_ATTRS); + if (uri->attrs[idx].ulValueLen == (CK_ULONG)-1) + return NULL; + return &uri->attrs[idx]; +} + +/** + * p11_kit_uri_set_attribute: + * @uri: The URI + * @attr: The attribute to set + * + * Set an attribute on the URI. + * + * Only attributes that map to parts in a PKCS\#11 URI will be accepted. + * + * Returns: %P11_KIT_URI_OK if the attribute was successfully set. + * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI. + * %P11_KIT_URI_NO_MEMORY if allocation failed. + */ +int +p11_kit_uri_set_attribute (P11KitUri *uri, CK_ATTRIBUTE_PTR attr) +{ + void *value = NULL; + int idx; + int ret; + + assert (uri); + assert (attr); + + if (attr->pValue && attr->ulValueLen && attr->ulValueLen != (CK_ULONG)-1) { + value = malloc (attr->ulValueLen); + if (!value) + return P11_KIT_URI_NO_MEMORY; + memcpy (value, attr->pValue, attr->ulValueLen); + } + + ret = p11_kit_uri_clear_attribute (uri, attr->type); + if (ret < 0){ + free (value); + return ret; + } + + idx = attribute_to_idx (attr->type); + assert (idx >= 0 && idx < NUM_ATTRS); + + memcpy (&uri->attrs[idx], attr, sizeof (CK_ATTRIBUTE)); + uri->attrs[idx].pValue = value; + + return P11_KIT_URI_OK; +} + +/** + * p11_kit_uri_clear_attribute: + * @uri: The URI + * @attr_type: The type of the attribute to clear + * + * Clear an attribute on the URI. + * + * Only attributes that map to parts in a PKCS\#11 URI will be accepted. + * + * Returns: %P11_KIT_URI_OK if the attribute was successfully cleared. + * %P11_KIT_URI_NOT_FOUND if the attribute was not valid for a URI. + */ +int +p11_kit_uri_clear_attribute (P11KitUri *uri, CK_ATTRIBUTE_TYPE attr_type) +{ + int idx; + + assert (uri); + + idx = attribute_to_idx (attr_type); + if (idx < 0) + return P11_KIT_URI_NOT_FOUND; + assert (idx < NUM_ATTRS); + + free (uri->attrs[idx].pValue); + uri->attrs[idx].pValue = NULL; + uri->attrs[idx].ulValueLen = (CK_ULONG)-1; + return P11_KIT_URI_OK; +} + +static int +match_attributes (CK_ATTRIBUTE_PTR one, CK_ATTRIBUTE_PTR two) +{ + assert (one); + assert (two); + + if (one->type != two->type) + return 0; + if (one->ulValueLen != two->ulValueLen) + return 0; + if (one->pValue == two->pValue) + return 1; + if (!one->pValue || !two->pValue) + return 0; + return memcmp (one->pValue, two->pValue, one->ulValueLen) == 0; +} + +/** + * p11_kit_uri_match_attributes: + * @uri: The URI + * @attrs: The attributes to match + * @n_attrs: The number of attributes + * + * Match a attributes against the object parts of this URI. + * + * Only the attributes that are valid for use in a URI will be matched. A URI + * part that was not specified in the URI will match any attribute value. If + * during the URI parsing any unrecognized parts were encountered then this + * match will fail. + * + * Returns: 1 if the URI matches, 0 if not. + */ +int +p11_kit_uri_match_attributes (P11KitUri *uri, CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs) +{ + CK_ULONG j; + int i; + + assert (uri); + assert (attrs || !n_attrs); + + if (uri->unrecognized) + return 0; + + for (i = 0; i < NUM_ATTRS; ++i) { + if (uri->attrs[i].ulValueLen == (CK_ULONG)-1) + continue; + for (j = 0; j < n_attrs; ++j) { + if (attrs[j].type == uri->attrs[i].type) { + if (!match_attributes (&uri->attrs[i], &attrs[j])) + return 0; + break; + } + } + } + + return 1; +} + +/** + * p11_kit_uri_set_unrecognized: + * @uri: The URI + * @unrecognized: The new unregognized flag value + * + * Set the unrecognized flag on this URI. + * + * The unrecognized flag is automatically set to 1 when during parsing any part + * of the URI is unrecognized. If the unrecognized flag is set to 1, then + * matching against this URI will always fail. + */ +void +p11_kit_uri_set_unrecognized (P11KitUri *uri, int unrecognized) +{ + assert (uri); + uri->unrecognized = unrecognized; +} + +/** + * p11_kit_uri_any_unrecognized: + * @uri: The URI + * + * Get the unrecognized flag for this URI. + * + * The unrecognized flag is automatically set to 1 when during parsing any part + * of the URI is unrecognized. If the unrecognized flag is set to 1, then + * matching against this URI will always fail. + * + * Returns: 1 if unrecognized flag is set, 0 otherwise. + */ +int +p11_kit_uri_any_unrecognized (P11KitUri *uri) +{ + assert (uri); + return uri->unrecognized; +} + +/** + * p11_kit_uri_new: + * + * Create a new blank PKCS\#11 URI. + * + * The new URI is in the right state to parse a string into. All relevant fields + * are zeroed out. Formatting this URI will produce a valid but empty URI. + * + * Returns: A newly allocated URI. This should be freed with p11_kit_uri_free(). + */ +P11KitUri* +p11_kit_uri_new (void) +{ + P11KitUri *uri; + int i; + + uri = calloc (1, sizeof (P11KitUri)); + if (!uri) + return NULL; + + /* So that it matches anything */ + uri->module.libraryVersion.major = (CK_BYTE)-1; + uri->module.libraryVersion.minor = (CK_BYTE)-1; + + for (i = 0; i < NUM_ATTRS; ++i) { + uri->attrs[i].type = idx_to_attribute (i); + uri->attrs[i].ulValueLen = (CK_ULONG)-1; + } + + return uri; +} + +static size_t +space_strlen (const unsigned char *string, size_t max_length) +{ + size_t i = max_length - 1; + + assert (string); + + while (i > 0 && string[i] == ' ') + --i; + return i + 1; +} + +static int +format_raw_string (char **string, size_t *length, int *is_first, + const char *name, const char *value) +{ + size_t namelen; + size_t vallen; + + /* Not set */ + if (!value) + return 1; + + namelen = strlen (name); + vallen = strlen (value); + + *string = xrealloc (*string, *length + namelen + vallen + 3); + if (!*string) + return 0; + + if (!*is_first) + (*string)[(*length)++] = ';'; + memcpy ((*string) + *length, name, namelen); + *length += namelen; + (*string)[(*length)++] = '='; + memcpy ((*string) + *length, value, vallen); + *length += vallen; + (*string)[*length] = 0; + *is_first = 0; + + return 1; +} + + +static int +format_struct_string (char **string, size_t *length, int *is_first, + const char *name, const unsigned char *value, + size_t value_max) +{ + char *encoded; + size_t len; + int ret; + + /* Not set */ + if (!value[0]) + return 1; + + len = space_strlen (value, value_max); + encoded = url_encode (value, value + len, NULL); + if (!encoded) + return 0; + + ret = format_raw_string (string, length, is_first, name, encoded); + free (encoded); + + return ret; +} + +static int +format_attribute_string (char **string, size_t *length, int *is_first, + const char *name, CK_ATTRIBUTE_PTR attr) +{ + unsigned char *value; + char *encoded; + int ret; + + /* Not set */; + if (attr->ulValueLen == (CK_ULONG)-1) + return 1; + + value = attr->pValue; + encoded = url_encode (value, value + attr->ulValueLen, NULL); + if (!encoded) + return 0; + + ret = format_raw_string (string, length, is_first, name, encoded); + free (encoded); + + return ret; +} + +static int +format_attribute_class (char **string, size_t *length, int *is_first, + const char *name, CK_ATTRIBUTE_PTR attr) +{ + CK_OBJECT_CLASS klass; + const char *value; + + /* Not set */; + if (attr->ulValueLen != sizeof (klass)) + return 1; + + klass = *((CK_OBJECT_CLASS*)attr->pValue); + switch (klass) { + case CKO_DATA: + value = "data"; + break; + case CKO_SECRET_KEY: + value = "secretkey"; + break; + case CKO_CERTIFICATE: + value = "cert"; + break; + case CKO_PUBLIC_KEY: + value = "public"; + break; + case CKO_PRIVATE_KEY: + value = "private"; + break; + } + + return format_raw_string (string, length, is_first, name, value); +} + +static int +format_struct_version (char **string, size_t *length, int *is_first, + const char *name, CK_VERSION_PTR version) +{ + char buffer[64]; + + /* Not set */ + if (version->major == (CK_BYTE)-1 && version->minor == (CK_BYTE)-1) + return 1; + + snprintf (buffer, sizeof (buffer), "%d.%d", + (int)version->major, (int)version->minor); + return format_raw_string (string, length, is_first, name, buffer); +} + +/** + * p11_kit_uri_format: + * @uri: The URI. + * @uri_type: The type of URI that should be produced. + * @string: Location to store a newly allocated string. + * + * Format a PKCS\#11 URI into a string. + * + * Fields which are zeroed out will not be included in the resulting string. + * Attributes which are not present will also not be included. + * + * The uri_type of URI specified limits the different parts of the resulting + * URI. To format a URI containing all possible information use + * %P11_KIT_URI_IS_ANY + * + * The resulting string should be freed with free(). + * + * Returns: %P11_KIT_URI_OK if the URI was formatted successfully. + * %P11_KIT_URI_NO_MEMORY if memory allocation failed. + */ +int +p11_kit_uri_format (P11KitUri *uri, P11KitUriType uri_type, char **string) +{ + char *result = NULL; + size_t length = 0; + int is_first = 1; + + result = malloc (128); + if (!result) + return P11_KIT_URI_NO_MEMORY; + + length = P11_KIT_URI_SCHEME_LEN; + memcpy (result, P11_KIT_URI_SCHEME, length); + result[length] = 0; + + if (uri_type & P11_KIT_URI_IS_MODULE) { + if (!format_struct_string (&result, &length, &is_first, "library-description", + uri->module.libraryDescription, + sizeof (uri->module.libraryDescription)) || + !format_struct_version (&result, &length, &is_first, "library-version", + &uri->module.libraryVersion) || + !format_struct_string (&result, &length, &is_first, "library-manufacturer", + uri->module.manufacturerID, + sizeof (uri->module.manufacturerID))) { + free (result); + return P11_KIT_URI_NO_MEMORY; + } + } + + if (uri_type & P11_KIT_URI_IS_TOKEN) { + if (!format_struct_string (&result, &length, &is_first, "model", + uri->token.model, + sizeof (uri->token.model)) || + !format_struct_string (&result, &length, &is_first, "manufacturer", + uri->token.manufacturerID, + sizeof (uri->token.manufacturerID)) || + !format_struct_string (&result, &length, &is_first, "serial", + uri->token.serialNumber, + sizeof (uri->token.serialNumber)) || + !format_struct_string (&result, &length, &is_first, "token", + uri->token.label, + sizeof (uri->token.label))) { + free (result); + return P11_KIT_URI_NO_MEMORY; + } + } + + if (uri_type & P11_KIT_URI_IS_OBJECT) { + if (!format_attribute_string (&result, &length, &is_first, "id", + &uri->attrs[ID_IDX]) || + !format_attribute_string (&result, &length, &is_first, "object", + &uri->attrs[LABEL_IDX])) { + free (result); + return P11_KIT_URI_NO_MEMORY; + } + + if (!format_attribute_class (&result, &length, &is_first, "objecttype", + &uri->attrs[CLASS_IDX])) { + free (result); + return P11_KIT_URI_NO_MEMORY; + } + } + + *string = result; + return P11_KIT_URI_OK; +} + +static int +parse_string_attribute (const char *name, const char *start, const char *end, + P11KitUri *uri) +{ + unsigned char *value; + size_t length; + int idx, ret; + + assert (start <= end); + + if (strcmp ("id", name) == 0) + idx = ID_IDX; + else if (strcmp ("object", name) == 0) + idx = LABEL_IDX; + else + return 0; + + ret = url_decode (start, end, &value, &length); + if (ret < 0) + return ret; + + free (uri->attrs[idx].pValue); + uri->attrs[idx].pValue = value; + uri->attrs[idx].ulValueLen = length; + return 1; +} + +static int +equals_segment (const char *start, const char *end, const char *match) +{ + size_t len = strlen (match); + assert (start <= end); + return (end - start == len) && memcmp (start, match, len) == 0; +} + +static int +parse_class_attribute (const char *name, const char *start, const char *end, + P11KitUri *uri) +{ + CK_OBJECT_CLASS klass = 0; + void *value; + + assert (start <= end); + + if (strcmp ("objecttype", name) != 0) + return 0; + + if (equals_segment (start, end, "cert")) + klass = CKO_CERTIFICATE; + else if (equals_segment (start, end, "public")) + klass = CKO_PUBLIC_KEY; + else if (equals_segment (start, end, "private")) + klass = CKO_PRIVATE_KEY; + else if (equals_segment (start, end, "secretkey")) + klass = CKO_SECRET_KEY; + else if (equals_segment (start, end, "data")) + klass = CKO_DATA; + else { + uri->unrecognized = 1; + return 1; + } + + value = malloc (sizeof (klass)); + if (value == NULL) + return P11_KIT_URI_NO_MEMORY; + + free (uri->attrs[CLASS_IDX].pValue); + memcpy (value, &klass, sizeof (klass)); + uri->attrs[CLASS_IDX].pValue = value; + uri->attrs[CLASS_IDX].ulValueLen = sizeof (klass); + + return 1; +} + +static int +parse_struct_info (unsigned char *where, size_t length, const char *start, + const char *end, P11KitUri *uri) +{ + unsigned char *value; + size_t value_length; + int ret; + + assert (start <= end); + + ret = url_decode (start, end, &value, &value_length); + if (ret < 0) + return ret; + + /* Too long, shouldn't match anything */ + if (value_length > length) { + free (value); + uri->unrecognized = 1; + return 1; + } + + memset (where, ' ', length); + memcpy (where, value, value_length); + + free (value); + return 1; +} + +static int +parse_token_info (const char *name, const char *start, const char *end, + P11KitUri *uri) +{ + unsigned char *where; + size_t length; + + assert (start <= end); + + if (strcmp (name, "model") == 0) { + where = uri->token.model; + length = sizeof (uri->token.model); + } else if (strcmp (name, "manufacturer") == 0) { + where = uri->token.manufacturerID; + length = sizeof (uri->token.manufacturerID); + } else if (strcmp (name, "serial") == 0) { + where = uri->token.serialNumber; + length = sizeof (uri->token.serialNumber); + } else if (strcmp (name, "token") == 0) { + where = uri->token.label; + length = sizeof (uri->token.label); + } else { + return 0; + } + + return parse_struct_info (where, length, start, end, uri); +} + +static int +atoin (const char *start, const char *end) +{ + int ret = 0; + while (start != end) { + if (*start < '0' || *start > '9') + return -1; + ret *= 10; + ret += (*start - '0'); + ++start; + } + return ret; +} + +static int +parse_struct_version (const char *start, const char *end, CK_VERSION_PTR version) +{ + const char *dot; + int val; + + assert (start <= end); + + dot = memchr (start, '.', end - start); + if (!dot) + dot = end; + + if (dot == start) + return P11_KIT_URI_BAD_VERSION; + val = atoin (start, dot); + if (val < 0 || val >= 255) + return P11_KIT_URI_BAD_VERSION; + version->major = (CK_BYTE)val; + version->minor = 0; + + if (dot != end) { + if (dot + 1 == end) + return P11_KIT_URI_BAD_VERSION; + val = atoin (dot + 1, end); + if (val < 0 || val >= 255) + return P11_KIT_URI_BAD_VERSION; + version->minor = (CK_BYTE)val; + } + + return 1; +} + +static int +parse_module_info (const char *name, const char *start, const char *end, + P11KitUri *uri) +{ + unsigned char *where; + size_t length; + + assert (start <= end); + + if (strcmp (name, "library-description") == 0) { + where = uri->module.libraryDescription; + length = sizeof (uri->module.libraryDescription); + } else if (strcmp (name, "library-manufacturer") == 0) { + where = uri->module.manufacturerID; + length = sizeof (uri->module.manufacturerID); + } else if (strcmp (name, "library-version") == 0) { + return parse_struct_version (start, end, + &uri->module.libraryVersion); + } else { + return 0; + } + + return parse_struct_info (where, length, start, end, uri); +} + +/** + * p11_kit_uri_parse: + * @string: The string to parse + * @uri_type: The type of URI that is expected + * @uri: The blank URI to parse the values into + * + * Parse a PKCS\#11 URI string. + * + * PKCS\#11 URIs can represent tokens, objects or modules. The uri_type argument + * allows the caller to specify what type of URI is expected and the sorts of + * objects the URI should match. %P11_KIT_URI_IS_ANY can be used to parse a URI + * for any context. It's then up to the caller to make sense of the way that + * it is used. + * + * If the PKCS\#11 URI contains unrecognized URI parts or parts not applicable + * to the specified context, then the unrecognized flag will be set. This will + * prevent the URI from matching using the various match functions. + * + * Returns: %P11_KIT_URI_OK if the URI was parsed successfully. + * %P11_KIT_URI_BAD_SCHEME if this was not a PKCS\#11 URI. + * %P11_KIT_URI_BAD_SYNTAX if the URI syntax was bad. + * %P11_KIT_URI_NO_MEMORY if memory allocation failed. + * %P11_KIT_URI_BAD_VERSION if a version number was bad. + * %P11_KIT_URI_BAD_ENCODING if the URI encoding was invalid. + */ +int +p11_kit_uri_parse (const char *string, P11KitUriType uri_type, + P11KitUri *uri) +{ + const char *spos, *epos; + char *key = NULL; + int ret = -1; + int i; + + assert (string); + assert (uri); + + if (strncmp (string, P11_KIT_URI_SCHEME, P11_KIT_URI_SCHEME_LEN) != 0) + return P11_KIT_URI_BAD_SCHEME; + + string += P11_KIT_URI_SCHEME_LEN; + + /* Clear everything out */ + memset (&uri->module, 0, sizeof (uri->module)); + memset (&uri->token, 0, sizeof (uri->module)); + for (i = 0; i < NUM_ATTRS; ++i) + uri->attrs[i].ulValueLen = (CK_ULONG)-1; + uri->module.libraryVersion.major = (CK_BYTE)-1; + uri->module.libraryVersion.minor = (CK_BYTE)-1; + uri->unrecognized = 0; + + for (;;) { + spos = strchr (string, ';'); + if (spos == NULL) { + spos = string + strlen (string); + assert (*spos == '\0'); + if (spos == string) + break; + } + + epos = strchr (string, '='); + if (epos == NULL || spos == string || epos == string || epos >= spos) + return P11_KIT_URI_BAD_SYNTAX; + + key = malloc ((epos - string) + 1); + if (key == NULL) + return P11_KIT_URI_NO_MEMORY; + memcpy (key, string, epos - string); + key[epos - string] = 0; + epos++; + + ret = 0; + if (uri_type & P11_KIT_URI_IS_OBJECT) + ret = parse_string_attribute (key, epos, spos, uri); + if (ret == 0 && uri_type & P11_KIT_URI_IS_OBJECT) + ret = parse_class_attribute (key, epos, spos, uri); + if (ret == 0 && uri_type & P11_KIT_URI_IS_TOKEN) + ret = parse_token_info (key, epos, spos, uri); + if (ret == 0 && uri_type & P11_KIT_URI_IS_MODULE) + ret = parse_module_info (key, epos, spos, uri); + free (key); + + if (ret < 0) + return ret; + if (ret == 0) + uri->unrecognized = 1; + + if (*spos == '\0') + break; + string = spos + 1; + } + + return P11_KIT_URI_OK; +} + +/** + * p11_kit_uri_free: + * @uri: The URI + * + * Free a PKCS\#11 URI. + */ +void +p11_kit_uri_free (P11KitUri *uri) +{ + int i; + + if (!uri) + return; + + for (i = 0; i < NUM_ATTRS; ++i) + free (uri->attrs[i].pValue); + + free (uri); +} diff --git a/p11-kit/p11-kit-uri.h b/p11-kit/p11-kit-uri.h new file mode 100644 index 0000000..a3e52ed --- /dev/null +++ b/p11-kit/p11-kit-uri.h @@ -0,0 +1,105 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "pkcs11.h" + +#ifndef __P11_KIT_URI_H__ +#define __P11_KIT_URI_H__ + +#define P11_KIT_URI_SCHEME "pkcs11:" +#define P11_KIT_URI_SCHEME_LEN 7 + +typedef enum { + P11_KIT_URI_OK = 0, + P11_KIT_URI_NO_MEMORY = -1, + P11_KIT_URI_BAD_SCHEME = -2, + P11_KIT_URI_BAD_ENCODING = -3, + P11_KIT_URI_BAD_SYNTAX = -4, + P11_KIT_URI_BAD_VERSION = -5, + P11_KIT_URI_NOT_FOUND = -6, +} P11KitUriResult; + +typedef enum { + P11_KIT_URI_IS_MODULE = (1 << 1), + P11_KIT_URI_IS_TOKEN = (1 << 2) | P11_KIT_URI_IS_MODULE, + P11_KIT_URI_IS_OBJECT = (1 << 3) | P11_KIT_URI_IS_TOKEN, + P11_KIT_URI_IS_ANY = 0x0000FFFF, +} P11KitUriType; + +typedef struct _P11KitUri P11KitUri; + +CK_INFO_PTR p11_kit_uri_get_module_info (P11KitUri *uri); + +int p11_kit_uri_match_module_info (P11KitUri *uri, + CK_INFO_PTR info); + +CK_TOKEN_INFO_PTR p11_kit_uri_get_token_info (P11KitUri *uri); + +int p11_kit_uri_match_token_info (P11KitUri *uri, + CK_TOKEN_INFO_PTR token_info); + +CK_ATTRIBUTE_TYPE* p11_kit_uri_get_attribute_types (P11KitUri *uri, + int *n_types); + +CK_ATTRIBUTE_PTR p11_kit_uri_get_attribute (P11KitUri *uri, + CK_ATTRIBUTE_TYPE attr_type); + +int p11_kit_uri_set_attribute (P11KitUri *uri, + CK_ATTRIBUTE_PTR attr); + +int p11_kit_uri_clear_attribute (P11KitUri *uri, + CK_ATTRIBUTE_TYPE attr_type); + +int p11_kit_uri_match_attributes (P11KitUri *uri, + CK_ATTRIBUTE_PTR attrs, + CK_ULONG n_attrs); + +void p11_kit_uri_set_unrecognized (P11KitUri *uri, + int unrecognized); + +int p11_kit_uri_any_unrecognized (P11KitUri *uri); + +P11KitUri* p11_kit_uri_new (void); + +int p11_kit_uri_format (P11KitUri *uri, + P11KitUriType uri_type, + char **string); + +int p11_kit_uri_parse (const char *string, + P11KitUriType uri_type, + P11KitUri *uri); + +void p11_kit_uri_free (P11KitUri *uri); + +#endif /* __P11_KIT_URI_H__ */ diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h new file mode 100644 index 0000000..b035f56 --- /dev/null +++ b/p11-kit/p11-kit.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2011, Collabora Ltd. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef __P11_KIT_H__ +#define __P11_KIT_H__ + +#include "pkcs11.h" + +CK_RV p11_kit_initialize_registered (void); + +CK_RV p11_kit_finalize_registered (void); + +CK_FUNCTION_LIST_PTR* p11_kit_registered_modules (void); + +char* p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR funcs); + +CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module (const char *name); + +char* p11_kit_registered_option (CK_FUNCTION_LIST_PTR funcs, + const char *field); + +CK_RV p11_kit_initialize_module (CK_FUNCTION_LIST_PTR funcs); + +CK_RV p11_kit_finalize_module (CK_FUNCTION_LIST_PTR funcs); + +const char* p11_kit_strerror (CK_RV rv); + +#endif /* __P11_KIT_H__ */ diff --git a/p11-kit/p11-kit.pc b/p11-kit/p11-kit.pc new file mode 100644 index 0000000..ce763cc --- /dev/null +++ b/p11-kit/p11-kit.pc @@ -0,0 +1,17 @@ +prefix=/usr +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=${prefix}/include +datarootdir=${prefix}/share +datadir=${datarootdir} +sysconfdir=/etc +p11_system_conf=/etc/pkcs11/pkcs11.conf +p11_system_modules=/etc/pkcs11/modules +p11_user_conf=~/.pkcs11/pkcs11.conf +p11_user_modules=~/.pkcs11/modules + +Name: p11-kit +Description: Library and proxy module for properly loading and sharing PKCS#11 modules. +Version: 0.1 +Libs: -L${libdir} -lp11-kit +Cflags: -I${includedir}/p11-kit diff --git a/p11-kit/p11-kit.pc.in b/p11-kit/p11-kit.pc.in new file mode 100644 index 0000000..d80167e --- /dev/null +++ b/p11-kit/p11-kit.pc.in @@ -0,0 +1,17 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +datarootdir=@datarootdir@ +datadir=@datadir@ +sysconfdir=@sysconfdir@ +p11_system_conf=@p11_system_conf@ +p11_system_modules=@p11_system_modules@ +p11_user_conf=@p11_user_conf@ +p11_user_modules=@p11_user_modules@ + +Name: p11-kit +Description: Library and proxy module for properly loading and sharing PKCS#11 modules. +Version: @VERSION@ +Libs: -L${libdir} -lp11-kit +Cflags: -I${includedir}/p11-kit diff --git a/p11-kit/pkcs11.h b/p11-kit/pkcs11.h new file mode 100644 index 0000000..b8be30f --- /dev/null +++ b/p11-kit/pkcs11.h @@ -0,0 +1,1357 @@ +/* pkcs11.h + Copyright 2006, 2007 g10 Code GmbH + Copyright 2006 Andreas Jellinghaus + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even + the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. */ + +/* Please submit changes back to the Scute project at + http://www.scute.org/ (or send them to marcus@g10code.com), so that + they can be picked up by other projects from there as well. */ + +/* This file is a modified implementation of the PKCS #11 standard by + RSA Security Inc. It is mostly a drop-in replacement, with the + following change: + + This header file does not require any macro definitions by the user + (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros + for you (if useful, some are missing, let me know if you need + more). + + There is an additional API available that does comply better to the + GNU coding standard. It can be switched on by defining + CRYPTOKI_GNU before including this header file. For this, the + following changes are made to the specification: + + All structure types are changed to a "struct ck_foo" where CK_FOO + is the type name in PKCS #11. + + All non-structure types are changed to ck_foo_t where CK_FOO is the + lowercase version of the type name in PKCS #11. The basic types + (CK_ULONG et al.) are removed without substitute. + + All members of structures are modified in the following way: Type + indication prefixes are removed, and underscore characters are + inserted before words. Then the result is lowercased. + + Note that function names are still in the original case, as they + need for ABI compatibility. + + CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use + . + + If CRYPTOKI_COMPAT is defined before including this header file, + then none of the API changes above take place, and the API is the + one defined by the PKCS #11 standard. */ + +#ifndef PKCS11_H +#define PKCS11_H 1 + +#if defined(__cplusplus) +extern "C" { +#endif + + +/* The version of cryptoki we implement. The revision is changed with + each modification of this file. If you do not use the "official" + version of this file, please consider deleting the revision macro + (you may use a macro with a different name to keep track of your + versions). */ +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 20 +#define CRYPTOKI_VERSION_REVISION 6 + + +/* Compatibility interface is default, unless CRYPTOKI_GNU is + given. */ +#ifndef CRYPTOKI_GNU +#ifndef CRYPTOKI_COMPAT +#define CRYPTOKI_COMPAT 1 +#endif +#endif + +/* System dependencies. */ + +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) + +/* There is a matching pop below. */ +#pragma pack(push, cryptoki, 1) + +#ifdef CRYPTOKI_EXPORTS +#define CK_SPEC __declspec(dllexport) +#else +#define CK_SPEC __declspec(dllimport) +#endif + +#else + +#define CK_SPEC + +#endif + + +#ifdef CRYPTOKI_COMPAT + /* If we are in compatibility mode, switch all exposed names to the + PKCS #11 variant. There are corresponding #undefs below. */ + +#define ck_flags_t CK_FLAGS +#define ck_version _CK_VERSION + +#define ck_info _CK_INFO +#define cryptoki_version cryptokiVersion +#define manufacturer_id manufacturerID +#define library_description libraryDescription +#define library_version libraryVersion + +#define ck_notification_t CK_NOTIFICATION +#define ck_slot_id_t CK_SLOT_ID + +#define ck_slot_info _CK_SLOT_INFO +#define slot_description slotDescription +#define hardware_version hardwareVersion +#define firmware_version firmwareVersion + +#define ck_token_info _CK_TOKEN_INFO +#define serial_number serialNumber +#define max_session_count ulMaxSessionCount +#define session_count ulSessionCount +#define max_rw_session_count ulMaxRwSessionCount +#define rw_session_count ulRwSessionCount +#define max_pin_len ulMaxPinLen +#define min_pin_len ulMinPinLen +#define total_public_memory ulTotalPublicMemory +#define free_public_memory ulFreePublicMemory +#define total_private_memory ulTotalPrivateMemory +#define free_private_memory ulFreePrivateMemory +#define utc_time utcTime + +#define ck_session_handle_t CK_SESSION_HANDLE +#define ck_user_type_t CK_USER_TYPE +#define ck_state_t CK_STATE + +#define ck_session_info _CK_SESSION_INFO +#define slot_id slotID +#define device_error ulDeviceError + +#define ck_object_handle_t CK_OBJECT_HANDLE +#define ck_object_class_t CK_OBJECT_CLASS +#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE +#define ck_key_type_t CK_KEY_TYPE +#define ck_certificate_type_t CK_CERTIFICATE_TYPE +#define ck_attribute_type_t CK_ATTRIBUTE_TYPE + +#define ck_attribute _CK_ATTRIBUTE +#define value pValue +#define value_len ulValueLen + +#define ck_date _CK_DATE + +#define ck_mechanism_type_t CK_MECHANISM_TYPE + +#define ck_mechanism _CK_MECHANISM +#define parameter pParameter +#define parameter_len ulParameterLen + +#define ck_mechanism_info _CK_MECHANISM_INFO +#define min_key_size ulMinKeySize +#define max_key_size ulMaxKeySize + +#define ck_rv_t CK_RV +#define ck_notify_t CK_NOTIFY + +#define ck_function_list _CK_FUNCTION_LIST + +#define ck_createmutex_t CK_CREATEMUTEX +#define ck_destroymutex_t CK_DESTROYMUTEX +#define ck_lockmutex_t CK_LOCKMUTEX +#define ck_unlockmutex_t CK_UNLOCKMUTEX + +#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS +#define create_mutex CreateMutex +#define destroy_mutex DestroyMutex +#define lock_mutex LockMutex +#define unlock_mutex UnlockMutex +#define reserved pReserved + +#endif /* CRYPTOKI_COMPAT */ + + + +typedef unsigned long ck_flags_t; + +struct ck_version +{ + unsigned char major; + unsigned char minor; +}; + + +struct ck_info +{ + struct ck_version cryptoki_version; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + unsigned char library_description[32]; + struct ck_version library_version; +}; + + +typedef unsigned long ck_notification_t; + +#define CKN_SURRENDER (0UL) + + +typedef unsigned long ck_slot_id_t; + + +struct ck_slot_info +{ + unsigned char slot_description[64]; + unsigned char manufacturer_id[32]; + ck_flags_t flags; + struct ck_version hardware_version; + struct ck_version firmware_version; +}; + + +#define CKF_TOKEN_PRESENT (1UL << 0) +#define CKF_REMOVABLE_DEVICE (1UL << 1) +#define CKF_HW_SLOT (1UL << 2) +#define CKF_ARRAY_ATTRIBUTE (1UL << 30) + + +struct ck_token_info +{ + unsigned char label[32]; + unsigned char manufacturer_id[32]; + unsigned char model[16]; + unsigned char serial_number[16]; + ck_flags_t flags; + unsigned long max_session_count; + unsigned long session_count; + unsigned long max_rw_session_count; + unsigned long rw_session_count; + unsigned long max_pin_len; + unsigned long min_pin_len; + unsigned long total_public_memory; + unsigned long free_public_memory; + unsigned long total_private_memory; + unsigned long free_private_memory; + struct ck_version hardware_version; + struct ck_version firmware_version; + unsigned char utc_time[16]; +}; + + +#define CKF_RNG (1UL << 0) +#define CKF_WRITE_PROTECTED (1UL << 1) +#define CKF_LOGIN_REQUIRED (1UL << 2) +#define CKF_USER_PIN_INITIALIZED (1UL << 3) +#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) +#define CKF_CLOCK_ON_TOKEN (1UL << 6) +#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) +#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) +#define CKF_TOKEN_INITIALIZED (1UL << 10) +#define CKF_SECONDARY_AUTHENTICATION (1UL << 11) +#define CKF_USER_PIN_COUNT_LOW (1UL << 16) +#define CKF_USER_PIN_FINAL_TRY (1UL << 17) +#define CKF_USER_PIN_LOCKED (1UL << 18) +#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) +#define CKF_SO_PIN_COUNT_LOW (1UL << 20) +#define CKF_SO_PIN_FINAL_TRY (1UL << 21) +#define CKF_SO_PIN_LOCKED (1UL << 22) +#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) + +#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) +#define CK_EFFECTIVELY_INFINITE (0UL) + + +typedef unsigned long ck_session_handle_t; + +#define CK_INVALID_HANDLE (0UL) + + +typedef unsigned long ck_user_type_t; + +#define CKU_SO (0UL) +#define CKU_USER (1UL) +#define CKU_CONTEXT_SPECIFIC (2UL) + + +typedef unsigned long ck_state_t; + +#define CKS_RO_PUBLIC_SESSION (0UL) +#define CKS_RO_USER_FUNCTIONS (1UL) +#define CKS_RW_PUBLIC_SESSION (2UL) +#define CKS_RW_USER_FUNCTIONS (3UL) +#define CKS_RW_SO_FUNCTIONS (4UL) + + +struct ck_session_info +{ + ck_slot_id_t slot_id; + ck_state_t state; + ck_flags_t flags; + unsigned long device_error; +}; + +#define CKF_RW_SESSION (1UL << 1) +#define CKF_SERIAL_SESSION (1UL << 2) + + +typedef unsigned long ck_object_handle_t; + + +typedef unsigned long ck_object_class_t; + +#define CKO_DATA (0UL) +#define CKO_CERTIFICATE (1UL) +#define CKO_PUBLIC_KEY (2UL) +#define CKO_PRIVATE_KEY (3UL) +#define CKO_SECRET_KEY (4UL) +#define CKO_HW_FEATURE (5UL) +#define CKO_DOMAIN_PARAMETERS (6UL) +#define CKO_MECHANISM (7UL) +#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_hw_feature_type_t; + +#define CKH_MONOTONIC_COUNTER (1UL) +#define CKH_CLOCK (2UL) +#define CKH_USER_INTERFACE (3UL) +#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_key_type_t; + +#define CKK_RSA (0UL) +#define CKK_DSA (1UL) +#define CKK_DH (2UL) +#define CKK_ECDSA (3UL) +#define CKK_EC (3UL) +#define CKK_X9_42_DH (4UL) +#define CKK_KEA (5UL) +#define CKK_GENERIC_SECRET (0x10UL) +#define CKK_RC2 (0x11UL) +#define CKK_RC4 (0x12UL) +#define CKK_DES (0x13UL) +#define CKK_DES2 (0x14UL) +#define CKK_DES3 (0x15UL) +#define CKK_CAST (0x16UL) +#define CKK_CAST3 (0x17UL) +#define CKK_CAST128 (0x18UL) +#define CKK_RC5 (0x19UL) +#define CKK_IDEA (0x1aUL) +#define CKK_SKIPJACK (0x1bUL) +#define CKK_BATON (0x1cUL) +#define CKK_JUNIPER (0x1dUL) +#define CKK_CDMF (0x1eUL) +#define CKK_AES (0x1fUL) +#define CKK_BLOWFISH (0x20UL) +#define CKK_TWOFISH (0x21UL) +#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_certificate_type_t; + +#define CKC_X_509 (0UL) +#define CKC_X_509_ATTR_CERT (1UL) +#define CKC_WTLS (2UL) +#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +typedef unsigned long ck_attribute_type_t; + +#define CKA_CLASS (0UL) +#define CKA_TOKEN (1UL) +#define CKA_PRIVATE (2UL) +#define CKA_LABEL (3UL) +#define CKA_APPLICATION (0x10UL) +#define CKA_VALUE (0x11UL) +#define CKA_OBJECT_ID (0x12UL) +#define CKA_CERTIFICATE_TYPE (0x80UL) +#define CKA_ISSUER (0x81UL) +#define CKA_SERIAL_NUMBER (0x82UL) +#define CKA_AC_ISSUER (0x83UL) +#define CKA_OWNER (0x84UL) +#define CKA_ATTR_TYPES (0x85UL) +#define CKA_TRUSTED (0x86UL) +#define CKA_CERTIFICATE_CATEGORY (0x87UL) +#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) +#define CKA_URL (0x89UL) +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) +#define CKA_CHECK_VALUE (0x90UL) +#define CKA_KEY_TYPE (0x100UL) +#define CKA_SUBJECT (0x101UL) +#define CKA_ID (0x102UL) +#define CKA_SENSITIVE (0x103UL) +#define CKA_ENCRYPT (0x104UL) +#define CKA_DECRYPT (0x105UL) +#define CKA_WRAP (0x106UL) +#define CKA_UNWRAP (0x107UL) +#define CKA_SIGN (0x108UL) +#define CKA_SIGN_RECOVER (0x109UL) +#define CKA_VERIFY (0x10aUL) +#define CKA_VERIFY_RECOVER (0x10bUL) +#define CKA_DERIVE (0x10cUL) +#define CKA_START_DATE (0x110UL) +#define CKA_END_DATE (0x111UL) +#define CKA_MODULUS (0x120UL) +#define CKA_MODULUS_BITS (0x121UL) +#define CKA_PUBLIC_EXPONENT (0x122UL) +#define CKA_PRIVATE_EXPONENT (0x123UL) +#define CKA_PRIME_1 (0x124UL) +#define CKA_PRIME_2 (0x125UL) +#define CKA_EXPONENT_1 (0x126UL) +#define CKA_EXPONENT_2 (0x127UL) +#define CKA_COEFFICIENT (0x128UL) +#define CKA_PRIME (0x130UL) +#define CKA_SUBPRIME (0x131UL) +#define CKA_BASE (0x132UL) +#define CKA_PRIME_BITS (0x133UL) +#define CKA_SUB_PRIME_BITS (0x134UL) +#define CKA_VALUE_BITS (0x160UL) +#define CKA_VALUE_LEN (0x161UL) +#define CKA_EXTRACTABLE (0x162UL) +#define CKA_LOCAL (0x163UL) +#define CKA_NEVER_EXTRACTABLE (0x164UL) +#define CKA_ALWAYS_SENSITIVE (0x165UL) +#define CKA_KEY_GEN_MECHANISM (0x166UL) +#define CKA_MODIFIABLE (0x170UL) +#define CKA_ECDSA_PARAMS (0x180UL) +#define CKA_EC_PARAMS (0x180UL) +#define CKA_EC_POINT (0x181UL) +#define CKA_SECONDARY_AUTH (0x200UL) +#define CKA_AUTH_PIN_FLAGS (0x201UL) +#define CKA_ALWAYS_AUTHENTICATE (0x202UL) +#define CKA_WRAP_WITH_TRUSTED (0x210UL) +#define CKA_HW_FEATURE_TYPE (0x300UL) +#define CKA_RESET_ON_INIT (0x301UL) +#define CKA_HAS_RESET (0x302UL) +#define CKA_PIXEL_X (0x400UL) +#define CKA_PIXEL_Y (0x401UL) +#define CKA_RESOLUTION (0x402UL) +#define CKA_CHAR_ROWS (0x403UL) +#define CKA_CHAR_COLUMNS (0x404UL) +#define CKA_COLOR (0x405UL) +#define CKA_BITS_PER_PIXEL (0x406UL) +#define CKA_CHAR_SETS (0x480UL) +#define CKA_ENCODING_METHODS (0x481UL) +#define CKA_MIME_TYPES (0x482UL) +#define CKA_MECHANISM_TYPE (0x500UL) +#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) +#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) +#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) +#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +struct ck_attribute +{ + ck_attribute_type_t type; + void *value; + unsigned long value_len; +}; + + +struct ck_date +{ + unsigned char year[4]; + unsigned char month[2]; + unsigned char day[2]; +}; + + +typedef unsigned long ck_mechanism_type_t; + +#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) +#define CKM_RSA_PKCS (1UL) +#define CKM_RSA_9796 (2UL) +#define CKM_RSA_X_509 (3UL) +#define CKM_MD2_RSA_PKCS (4UL) +#define CKM_MD5_RSA_PKCS (5UL) +#define CKM_SHA1_RSA_PKCS (6UL) +#define CKM_RIPEMD128_RSA_PKCS (7UL) +#define CKM_RIPEMD160_RSA_PKCS (8UL) +#define CKM_RSA_PKCS_OAEP (9UL) +#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) +#define CKM_RSA_X9_31 (0xbUL) +#define CKM_SHA1_RSA_X9_31 (0xcUL) +#define CKM_RSA_PKCS_PSS (0xdUL) +#define CKM_SHA1_RSA_PKCS_PSS (0xeUL) +#define CKM_DSA_KEY_PAIR_GEN (0x10UL) +#define CKM_DSA (0x11UL) +#define CKM_DSA_SHA1 (0x12UL) +#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) +#define CKM_DH_PKCS_DERIVE (0x21UL) +#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) +#define CKM_X9_42_DH_DERIVE (0x31UL) +#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) +#define CKM_X9_42_MQV_DERIVE (0x33UL) +#define CKM_SHA256_RSA_PKCS (0x40UL) +#define CKM_SHA384_RSA_PKCS (0x41UL) +#define CKM_SHA512_RSA_PKCS (0x42UL) +#define CKM_SHA256_RSA_PKCS_PSS (0x43UL) +#define CKM_SHA384_RSA_PKCS_PSS (0x44UL) +#define CKM_SHA512_RSA_PKCS_PSS (0x45UL) +#define CKM_RC2_KEY_GEN (0x100UL) +#define CKM_RC2_ECB (0x101UL) +#define CKM_RC2_CBC (0x102UL) +#define CKM_RC2_MAC (0x103UL) +#define CKM_RC2_MAC_GENERAL (0x104UL) +#define CKM_RC2_CBC_PAD (0x105UL) +#define CKM_RC4_KEY_GEN (0x110UL) +#define CKM_RC4 (0x111UL) +#define CKM_DES_KEY_GEN (0x120UL) +#define CKM_DES_ECB (0x121UL) +#define CKM_DES_CBC (0x122UL) +#define CKM_DES_MAC (0x123UL) +#define CKM_DES_MAC_GENERAL (0x124UL) +#define CKM_DES_CBC_PAD (0x125UL) +#define CKM_DES2_KEY_GEN (0x130UL) +#define CKM_DES3_KEY_GEN (0x131UL) +#define CKM_DES3_ECB (0x132UL) +#define CKM_DES3_CBC (0x133UL) +#define CKM_DES3_MAC (0x134UL) +#define CKM_DES3_MAC_GENERAL (0x135UL) +#define CKM_DES3_CBC_PAD (0x136UL) +#define CKM_CDMF_KEY_GEN (0x140UL) +#define CKM_CDMF_ECB (0x141UL) +#define CKM_CDMF_CBC (0x142UL) +#define CKM_CDMF_MAC (0x143UL) +#define CKM_CDMF_MAC_GENERAL (0x144UL) +#define CKM_CDMF_CBC_PAD (0x145UL) +#define CKM_MD2 (0x200UL) +#define CKM_MD2_HMAC (0x201UL) +#define CKM_MD2_HMAC_GENERAL (0x202UL) +#define CKM_MD5 (0x210UL) +#define CKM_MD5_HMAC (0x211UL) +#define CKM_MD5_HMAC_GENERAL (0x212UL) +#define CKM_SHA_1 (0x220UL) +#define CKM_SHA_1_HMAC (0x221UL) +#define CKM_SHA_1_HMAC_GENERAL (0x222UL) +#define CKM_RIPEMD128 (0x230UL) +#define CKM_RIPEMD128_HMAC (0x231UL) +#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) +#define CKM_RIPEMD160 (0x240UL) +#define CKM_RIPEMD160_HMAC (0x241UL) +#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) +#define CKM_SHA256 (0x250UL) +#define CKM_SHA256_HMAC (0x251UL) +#define CKM_SHA256_HMAC_GENERAL (0x252UL) +#define CKM_SHA384 (0x260UL) +#define CKM_SHA384_HMAC (0x261UL) +#define CKM_SHA384_HMAC_GENERAL (0x262UL) +#define CKM_SHA512 (0x270UL) +#define CKM_SHA512_HMAC (0x271UL) +#define CKM_SHA512_HMAC_GENERAL (0x272UL) +#define CKM_CAST_KEY_GEN (0x300UL) +#define CKM_CAST_ECB (0x301UL) +#define CKM_CAST_CBC (0x302UL) +#define CKM_CAST_MAC (0x303UL) +#define CKM_CAST_MAC_GENERAL (0x304UL) +#define CKM_CAST_CBC_PAD (0x305UL) +#define CKM_CAST3_KEY_GEN (0x310UL) +#define CKM_CAST3_ECB (0x311UL) +#define CKM_CAST3_CBC (0x312UL) +#define CKM_CAST3_MAC (0x313UL) +#define CKM_CAST3_MAC_GENERAL (0x314UL) +#define CKM_CAST3_CBC_PAD (0x315UL) +#define CKM_CAST5_KEY_GEN (0x320UL) +#define CKM_CAST128_KEY_GEN (0x320UL) +#define CKM_CAST5_ECB (0x321UL) +#define CKM_CAST128_ECB (0x321UL) +#define CKM_CAST5_CBC (0x322UL) +#define CKM_CAST128_CBC (0x322UL) +#define CKM_CAST5_MAC (0x323UL) +#define CKM_CAST128_MAC (0x323UL) +#define CKM_CAST5_MAC_GENERAL (0x324UL) +#define CKM_CAST128_MAC_GENERAL (0x324UL) +#define CKM_CAST5_CBC_PAD (0x325UL) +#define CKM_CAST128_CBC_PAD (0x325UL) +#define CKM_RC5_KEY_GEN (0x330UL) +#define CKM_RC5_ECB (0x331UL) +#define CKM_RC5_CBC (0x332UL) +#define CKM_RC5_MAC (0x333UL) +#define CKM_RC5_MAC_GENERAL (0x334UL) +#define CKM_RC5_CBC_PAD (0x335UL) +#define CKM_IDEA_KEY_GEN (0x340UL) +#define CKM_IDEA_ECB (0x341UL) +#define CKM_IDEA_CBC (0x342UL) +#define CKM_IDEA_MAC (0x343UL) +#define CKM_IDEA_MAC_GENERAL (0x344UL) +#define CKM_IDEA_CBC_PAD (0x345UL) +#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) +#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) +#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) +#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) +#define CKM_XOR_BASE_AND_DATA (0x364UL) +#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) +#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) +#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) +#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) +#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) +#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) +#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) +#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) +#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) +#define CKM_SSL3_MD5_MAC (0x380UL) +#define CKM_SSL3_SHA1_MAC (0x381UL) +#define CKM_MD5_KEY_DERIVATION (0x390UL) +#define CKM_MD2_KEY_DERIVATION (0x391UL) +#define CKM_SHA1_KEY_DERIVATION (0x392UL) +#define CKM_PBE_MD2_DES_CBC (0x3a0UL) +#define CKM_PBE_MD5_DES_CBC (0x3a1UL) +#define CKM_PBE_MD5_CAST_CBC (0x3a2UL) +#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) +#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) +#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) +#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) +#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) +#define CKM_PBE_SHA1_RC4_128 (0x3a6UL) +#define CKM_PBE_SHA1_RC4_40 (0x3a7UL) +#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) +#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) +#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) +#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) +#define CKM_PKCS5_PBKD2 (0x3b0UL) +#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) +#define CKM_KEY_WRAP_LYNKS (0x400UL) +#define CKM_KEY_WRAP_SET_OAEP (0x401UL) +#define CKM_SKIPJACK_KEY_GEN (0x1000UL) +#define CKM_SKIPJACK_ECB64 (0x1001UL) +#define CKM_SKIPJACK_CBC64 (0x1002UL) +#define CKM_SKIPJACK_OFB64 (0x1003UL) +#define CKM_SKIPJACK_CFB64 (0x1004UL) +#define CKM_SKIPJACK_CFB32 (0x1005UL) +#define CKM_SKIPJACK_CFB16 (0x1006UL) +#define CKM_SKIPJACK_CFB8 (0x1007UL) +#define CKM_SKIPJACK_WRAP (0x1008UL) +#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) +#define CKM_SKIPJACK_RELAYX (0x100aUL) +#define CKM_KEA_KEY_PAIR_GEN (0x1010UL) +#define CKM_KEA_KEY_DERIVE (0x1011UL) +#define CKM_FORTEZZA_TIMESTAMP (0x1020UL) +#define CKM_BATON_KEY_GEN (0x1030UL) +#define CKM_BATON_ECB128 (0x1031UL) +#define CKM_BATON_ECB96 (0x1032UL) +#define CKM_BATON_CBC128 (0x1033UL) +#define CKM_BATON_COUNTER (0x1034UL) +#define CKM_BATON_SHUFFLE (0x1035UL) +#define CKM_BATON_WRAP (0x1036UL) +#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) +#define CKM_EC_KEY_PAIR_GEN (0x1040UL) +#define CKM_ECDSA (0x1041UL) +#define CKM_ECDSA_SHA1 (0x1042UL) +#define CKM_ECDH1_DERIVE (0x1050UL) +#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) +#define CKM_ECMQV_DERIVE (0x1052UL) +#define CKM_JUNIPER_KEY_GEN (0x1060UL) +#define CKM_JUNIPER_ECB128 (0x1061UL) +#define CKM_JUNIPER_CBC128 (0x1062UL) +#define CKM_JUNIPER_COUNTER (0x1063UL) +#define CKM_JUNIPER_SHUFFLE (0x1064UL) +#define CKM_JUNIPER_WRAP (0x1065UL) +#define CKM_FASTHASH (0x1070UL) +#define CKM_AES_KEY_GEN (0x1080UL) +#define CKM_AES_ECB (0x1081UL) +#define CKM_AES_CBC (0x1082UL) +#define CKM_AES_MAC (0x1083UL) +#define CKM_AES_MAC_GENERAL (0x1084UL) +#define CKM_AES_CBC_PAD (0x1085UL) +#define CKM_DSA_PARAMETER_GEN (0x2000UL) +#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) +#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) +#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + +struct ck_mechanism +{ + ck_mechanism_type_t mechanism; + void *parameter; + unsigned long parameter_len; +}; + + +struct ck_mechanism_info +{ + unsigned long min_key_size; + unsigned long max_key_size; + ck_flags_t flags; +}; + +#define CKF_HW (1UL << 0) +#define CKF_ENCRYPT (1UL << 8) +#define CKF_DECRYPT (1UL << 9) +#define CKF_DIGEST (1UL << 10) +#define CKF_SIGN (1UL << 11) +#define CKF_SIGN_RECOVER (1UL << 12) +#define CKF_VERIFY (1UL << 13) +#define CKF_VERIFY_RECOVER (1UL << 14) +#define CKF_GENERATE (1UL << 15) +#define CKF_GENERATE_KEY_PAIR (1UL << 16) +#define CKF_WRAP (1UL << 17) +#define CKF_UNWRAP (1UL << 18) +#define CKF_DERIVE (1UL << 19) +#define CKF_EXTENSION ((unsigned long) (1UL << 31)) + + +/* Flags for C_WaitForSlotEvent. */ +#define CKF_DONT_BLOCK (1UL) + + +typedef unsigned long ck_rv_t; + + +typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, + ck_notification_t event, void *application); + +/* Forward reference. */ +struct ck_function_list; + +#define _CK_DECLARE_FUNCTION(name, args) \ +typedef ck_rv_t (*CK_ ## name) args; \ +ck_rv_t CK_SPEC name args + +_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); +_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); +_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); +_CK_DECLARE_FUNCTION (C_GetFunctionList, + (struct ck_function_list **function_list)); + +_CK_DECLARE_FUNCTION (C_GetSlotList, + (unsigned char token_present, ck_slot_id_t *slot_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetSlotInfo, + (ck_slot_id_t slot_id, struct ck_slot_info *info)); +_CK_DECLARE_FUNCTION (C_GetTokenInfo, + (ck_slot_id_t slot_id, struct ck_token_info *info)); +_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, + (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); +_CK_DECLARE_FUNCTION (C_GetMechanismList, + (ck_slot_id_t slot_id, + ck_mechanism_type_t *mechanism_list, + unsigned long *count)); +_CK_DECLARE_FUNCTION (C_GetMechanismInfo, + (ck_slot_id_t slot_id, ck_mechanism_type_t type, + struct ck_mechanism_info *info)); +_CK_DECLARE_FUNCTION (C_InitToken, + (ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label)); +_CK_DECLARE_FUNCTION (C_InitPIN, + (ck_session_handle_t session, unsigned char *pin, + unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_SetPIN, + (ck_session_handle_t session, unsigned char *old_pin, + unsigned long old_len, unsigned char *new_pin, + unsigned long new_len)); + +_CK_DECLARE_FUNCTION (C_OpenSession, + (ck_slot_id_t slot_id, ck_flags_t flags, + void *application, ck_notify_t notify, + ck_session_handle_t *session)); +_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); +_CK_DECLARE_FUNCTION (C_GetSessionInfo, + (ck_session_handle_t session, + struct ck_session_info *info)); +_CK_DECLARE_FUNCTION (C_GetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long *operation_state_len)); +_CK_DECLARE_FUNCTION (C_SetOperationState, + (ck_session_handle_t session, + unsigned char *operation_state, + unsigned long operation_state_len, + ck_object_handle_t encryption_key, + ck_object_handle_t authentiation_key)); +_CK_DECLARE_FUNCTION (C_Login, + (ck_session_handle_t session, ck_user_type_t user_type, + unsigned char *pin, unsigned long pin_len)); +_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_CreateObject, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count, ck_object_handle_t *object)); +_CK_DECLARE_FUNCTION (C_CopyObject, + (ck_session_handle_t session, ck_object_handle_t object, + struct ck_attribute *templ, unsigned long count, + ck_object_handle_t *new_object)); +_CK_DECLARE_FUNCTION (C_DestroyObject, + (ck_session_handle_t session, + ck_object_handle_t object)); +_CK_DECLARE_FUNCTION (C_GetObjectSize, + (ck_session_handle_t session, + ck_object_handle_t object, + unsigned long *size)); +_CK_DECLARE_FUNCTION (C_GetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_SetAttributeValue, + (ck_session_handle_t session, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjectsInit, + (ck_session_handle_t session, + struct ck_attribute *templ, + unsigned long count)); +_CK_DECLARE_FUNCTION (C_FindObjects, + (ck_session_handle_t session, + ck_object_handle_t *object, + unsigned long max_object_count, + unsigned long *object_count)); +_CK_DECLARE_FUNCTION (C_FindObjectsFinal, + (ck_session_handle_t session)); + +_CK_DECLARE_FUNCTION (C_EncryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Encrypt, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *encrypted_data, + unsigned long *encrypted_data_len)); +_CK_DECLARE_FUNCTION (C_EncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_EncryptFinal, + (ck_session_handle_t session, + unsigned char *last_encrypted_part, + unsigned long *last_encrypted_part_len)); + +_CK_DECLARE_FUNCTION (C_DecryptInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Decrypt, + (ck_session_handle_t session, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len)); +_CK_DECLARE_FUNCTION (C_DecryptUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_DecryptFinal, + (ck_session_handle_t session, + unsigned char *last_part, + unsigned long *last_part_len)); + +_CK_DECLARE_FUNCTION (C_DigestInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism)); +_CK_DECLARE_FUNCTION (C_Digest, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *digest, + unsigned long *digest_len)); +_CK_DECLARE_FUNCTION (C_DigestUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_DigestKey, + (ck_session_handle_t session, ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_DigestFinal, + (ck_session_handle_t session, + unsigned char *digest, + unsigned long *digest_len)); + +_CK_DECLARE_FUNCTION (C_SignInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Sign, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_SignFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long *signature_len)); +_CK_DECLARE_FUNCTION (C_SignRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_SignRecover, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len)); + +_CK_DECLARE_FUNCTION (C_VerifyInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_Verify, + (ck_session_handle_t session, + unsigned char *data, unsigned long data_len, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len)); +_CK_DECLARE_FUNCTION (C_VerifyFinal, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len)); +_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t key)); +_CK_DECLARE_FUNCTION (C_VerifyRecover, + (ck_session_handle_t session, + unsigned char *signature, + unsigned long signature_len, + unsigned char *data, + unsigned long *data_len)); + +_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); +_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, + (ck_session_handle_t session, + unsigned char *part, unsigned long part_len, + unsigned char *encrypted_part, + unsigned long *encrypted_part_len)); +_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, + (ck_session_handle_t session, + unsigned char *encrypted_part, + unsigned long encrypted_part_len, + unsigned char *part, + unsigned long *part_len)); + +_CK_DECLARE_FUNCTION (C_GenerateKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *templ, + unsigned long count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_GenerateKeyPair, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + struct ck_attribute *public_key_template, + unsigned long public_key_attribute_count, + struct ck_attribute *private_key_template, + unsigned long private_key_attribute_count, + ck_object_handle_t *public_key, + ck_object_handle_t *private_key)); +_CK_DECLARE_FUNCTION (C_WrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t wrapping_key, + ck_object_handle_t key, + unsigned char *wrapped_key, + unsigned long *wrapped_key_len)); +_CK_DECLARE_FUNCTION (C_UnwrapKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t unwrapping_key, + unsigned char *wrapped_key, + unsigned long wrapped_key_len, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); +_CK_DECLARE_FUNCTION (C_DeriveKey, + (ck_session_handle_t session, + struct ck_mechanism *mechanism, + ck_object_handle_t base_key, + struct ck_attribute *templ, + unsigned long attribute_count, + ck_object_handle_t *key)); + +_CK_DECLARE_FUNCTION (C_SeedRandom, + (ck_session_handle_t session, unsigned char *seed, + unsigned long seed_len)); +_CK_DECLARE_FUNCTION (C_GenerateRandom, + (ck_session_handle_t session, + unsigned char *random_data, + unsigned long random_len)); + +_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); +_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); + + +struct ck_function_list +{ + struct ck_version version; + CK_C_Initialize C_Initialize; + CK_C_Finalize C_Finalize; + CK_C_GetInfo C_GetInfo; + CK_C_GetFunctionList C_GetFunctionList; + CK_C_GetSlotList C_GetSlotList; + CK_C_GetSlotInfo C_GetSlotInfo; + CK_C_GetTokenInfo C_GetTokenInfo; + CK_C_GetMechanismList C_GetMechanismList; + CK_C_GetMechanismInfo C_GetMechanismInfo; + CK_C_InitToken C_InitToken; + CK_C_InitPIN C_InitPIN; + CK_C_SetPIN C_SetPIN; + CK_C_OpenSession C_OpenSession; + CK_C_CloseSession C_CloseSession; + CK_C_CloseAllSessions C_CloseAllSessions; + CK_C_GetSessionInfo C_GetSessionInfo; + CK_C_GetOperationState C_GetOperationState; + CK_C_SetOperationState C_SetOperationState; + CK_C_Login C_Login; + CK_C_Logout C_Logout; + CK_C_CreateObject C_CreateObject; + CK_C_CopyObject C_CopyObject; + CK_C_DestroyObject C_DestroyObject; + CK_C_GetObjectSize C_GetObjectSize; + CK_C_GetAttributeValue C_GetAttributeValue; + CK_C_SetAttributeValue C_SetAttributeValue; + CK_C_FindObjectsInit C_FindObjectsInit; + CK_C_FindObjects C_FindObjects; + CK_C_FindObjectsFinal C_FindObjectsFinal; + CK_C_EncryptInit C_EncryptInit; + CK_C_Encrypt C_Encrypt; + CK_C_EncryptUpdate C_EncryptUpdate; + CK_C_EncryptFinal C_EncryptFinal; + CK_C_DecryptInit C_DecryptInit; + CK_C_Decrypt C_Decrypt; + CK_C_DecryptUpdate C_DecryptUpdate; + CK_C_DecryptFinal C_DecryptFinal; + CK_C_DigestInit C_DigestInit; + CK_C_Digest C_Digest; + CK_C_DigestUpdate C_DigestUpdate; + CK_C_DigestKey C_DigestKey; + CK_C_DigestFinal C_DigestFinal; + CK_C_SignInit C_SignInit; + CK_C_Sign C_Sign; + CK_C_SignUpdate C_SignUpdate; + CK_C_SignFinal C_SignFinal; + CK_C_SignRecoverInit C_SignRecoverInit; + CK_C_SignRecover C_SignRecover; + CK_C_VerifyInit C_VerifyInit; + CK_C_Verify C_Verify; + CK_C_VerifyUpdate C_VerifyUpdate; + CK_C_VerifyFinal C_VerifyFinal; + CK_C_VerifyRecoverInit C_VerifyRecoverInit; + CK_C_VerifyRecover C_VerifyRecover; + CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_C_SignEncryptUpdate C_SignEncryptUpdate; + CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_C_GenerateKey C_GenerateKey; + CK_C_GenerateKeyPair C_GenerateKeyPair; + CK_C_WrapKey C_WrapKey; + CK_C_UnwrapKey C_UnwrapKey; + CK_C_DeriveKey C_DeriveKey; + CK_C_SeedRandom C_SeedRandom; + CK_C_GenerateRandom C_GenerateRandom; + CK_C_GetFunctionStatus C_GetFunctionStatus; + CK_C_CancelFunction C_CancelFunction; + CK_C_WaitForSlotEvent C_WaitForSlotEvent; +}; + + +typedef ck_rv_t (*ck_createmutex_t) (void **mutex); +typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); +typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); +typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); + + +struct ck_c_initialize_args +{ + ck_createmutex_t create_mutex; + ck_destroymutex_t destroy_mutex; + ck_lockmutex_t lock_mutex; + ck_unlockmutex_t unlock_mutex; + ck_flags_t flags; + void *reserved; +}; + + +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) +#define CKF_OS_LOCKING_OK (1UL << 1) + +#define CKR_OK (0UL) +#define CKR_CANCEL (1UL) +#define CKR_HOST_MEMORY (2UL) +#define CKR_SLOT_ID_INVALID (3UL) +#define CKR_GENERAL_ERROR (5UL) +#define CKR_FUNCTION_FAILED (6UL) +#define CKR_ARGUMENTS_BAD (7UL) +#define CKR_NO_EVENT (8UL) +#define CKR_NEED_TO_CREATE_THREADS (9UL) +#define CKR_CANT_LOCK (0xaUL) +#define CKR_ATTRIBUTE_READ_ONLY (0x10UL) +#define CKR_ATTRIBUTE_SENSITIVE (0x11UL) +#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) +#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) +#define CKR_DATA_INVALID (0x20UL) +#define CKR_DATA_LEN_RANGE (0x21UL) +#define CKR_DEVICE_ERROR (0x30UL) +#define CKR_DEVICE_MEMORY (0x31UL) +#define CKR_DEVICE_REMOVED (0x32UL) +#define CKR_ENCRYPTED_DATA_INVALID (0x40UL) +#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) +#define CKR_FUNCTION_CANCELED (0x50UL) +#define CKR_FUNCTION_NOT_PARALLEL (0x51UL) +#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) +#define CKR_KEY_HANDLE_INVALID (0x60UL) +#define CKR_KEY_SIZE_RANGE (0x62UL) +#define CKR_KEY_TYPE_INCONSISTENT (0x63UL) +#define CKR_KEY_NOT_NEEDED (0x64UL) +#define CKR_KEY_CHANGED (0x65UL) +#define CKR_KEY_NEEDED (0x66UL) +#define CKR_KEY_INDIGESTIBLE (0x67UL) +#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) +#define CKR_KEY_NOT_WRAPPABLE (0x69UL) +#define CKR_KEY_UNEXTRACTABLE (0x6aUL) +#define CKR_MECHANISM_INVALID (0x70UL) +#define CKR_MECHANISM_PARAM_INVALID (0x71UL) +#define CKR_OBJECT_HANDLE_INVALID (0x82UL) +#define CKR_OPERATION_ACTIVE (0x90UL) +#define CKR_OPERATION_NOT_INITIALIZED (0x91UL) +#define CKR_PIN_INCORRECT (0xa0UL) +#define CKR_PIN_INVALID (0xa1UL) +#define CKR_PIN_LEN_RANGE (0xa2UL) +#define CKR_PIN_EXPIRED (0xa3UL) +#define CKR_PIN_LOCKED (0xa4UL) +#define CKR_SESSION_CLOSED (0xb0UL) +#define CKR_SESSION_COUNT (0xb1UL) +#define CKR_SESSION_HANDLE_INVALID (0xb3UL) +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) +#define CKR_SESSION_READ_ONLY (0xb5UL) +#define CKR_SESSION_EXISTS (0xb6UL) +#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) +#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) +#define CKR_SIGNATURE_INVALID (0xc0UL) +#define CKR_SIGNATURE_LEN_RANGE (0xc1UL) +#define CKR_TEMPLATE_INCOMPLETE (0xd0UL) +#define CKR_TEMPLATE_INCONSISTENT (0xd1UL) +#define CKR_TOKEN_NOT_PRESENT (0xe0UL) +#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) +#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) +#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) +#define CKR_USER_ALREADY_LOGGED_IN (0x100UL) +#define CKR_USER_NOT_LOGGED_IN (0x101UL) +#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) +#define CKR_USER_TYPE_INVALID (0x103UL) +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) +#define CKR_USER_TOO_MANY_TYPES (0x105UL) +#define CKR_WRAPPED_KEY_INVALID (0x110UL) +#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) +#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) +#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) +#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) +#define CKR_RANDOM_NO_RNG (0x121UL) +#define CKR_DOMAIN_PARAMS_INVALID (0x130UL) +#define CKR_BUFFER_TOO_SMALL (0x150UL) +#define CKR_SAVED_STATE_INVALID (0x160UL) +#define CKR_INFORMATION_SENSITIVE (0x170UL) +#define CKR_STATE_UNSAVEABLE (0x180UL) +#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) +#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) +#define CKR_MUTEX_BAD (0x1a0UL) +#define CKR_MUTEX_NOT_LOCKED (0x1a1UL) +#define CKR_FUNCTION_REJECTED (0x200UL) +#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) + + + +/* Compatibility layer. */ + +#ifdef CRYPTOKI_COMPAT + +#undef CK_DEFINE_FUNCTION +#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name + +/* For NULL. */ +#include + +typedef unsigned char CK_BYTE; +typedef unsigned char CK_CHAR; +typedef unsigned char CK_UTF8CHAR; +typedef unsigned char CK_BBOOL; +typedef unsigned long int CK_ULONG; +typedef long int CK_LONG; +typedef CK_BYTE *CK_BYTE_PTR; +typedef CK_CHAR *CK_CHAR_PTR; +typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; +typedef CK_ULONG *CK_ULONG_PTR; +typedef void *CK_VOID_PTR; +typedef void **CK_VOID_PTR_PTR; +#define CK_FALSE 0 +#define CK_TRUE 1 +#ifndef CK_DISABLE_TRUE_FALSE +#ifndef FALSE +#define FALSE 0 +#endif +#ifndef TRUE +#define TRUE 1 +#endif +#endif + +typedef struct ck_version CK_VERSION; +typedef struct ck_version *CK_VERSION_PTR; + +typedef struct ck_info CK_INFO; +typedef struct ck_info *CK_INFO_PTR; + +typedef ck_slot_id_t *CK_SLOT_ID_PTR; + +typedef struct ck_slot_info CK_SLOT_INFO; +typedef struct ck_slot_info *CK_SLOT_INFO_PTR; + +typedef struct ck_token_info CK_TOKEN_INFO; +typedef struct ck_token_info *CK_TOKEN_INFO_PTR; + +typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; + +typedef struct ck_session_info CK_SESSION_INFO; +typedef struct ck_session_info *CK_SESSION_INFO_PTR; + +typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; + +typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; + +typedef struct ck_attribute CK_ATTRIBUTE; +typedef struct ck_attribute *CK_ATTRIBUTE_PTR; + +typedef struct ck_date CK_DATE; +typedef struct ck_date *CK_DATE_PTR; + +typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; + +typedef struct ck_mechanism CK_MECHANISM; +typedef struct ck_mechanism *CK_MECHANISM_PTR; + +typedef struct ck_mechanism_info CK_MECHANISM_INFO; +typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; + +typedef struct ck_function_list CK_FUNCTION_LIST; +typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; +typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; + +typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; +typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; + +#define NULL_PTR NULL + +/* Delete the helper macros defined at the top of the file. */ +#undef ck_flags_t +#undef ck_version + +#undef ck_info +#undef cryptoki_version +#undef manufacturer_id +#undef library_description +#undef library_version + +#undef ck_notification_t +#undef ck_slot_id_t + +#undef ck_slot_info +#undef slot_description +#undef hardware_version +#undef firmware_version + +#undef ck_token_info +#undef serial_number +#undef max_session_count +#undef session_count +#undef max_rw_session_count +#undef rw_session_count +#undef max_pin_len +#undef min_pin_len +#undef total_public_memory +#undef free_public_memory +#undef total_private_memory +#undef free_private_memory +#undef utc_time + +#undef ck_session_handle_t +#undef ck_user_type_t +#undef ck_state_t + +#undef ck_session_info +#undef slot_id +#undef device_error + +#undef ck_object_handle_t +#undef ck_object_class_t +#undef ck_hw_feature_type_t +#undef ck_key_type_t +#undef ck_certificate_type_t +#undef ck_attribute_type_t + +#undef ck_attribute +#undef value +#undef value_len + +#undef ck_date + +#undef ck_mechanism_type_t + +#undef ck_mechanism +#undef parameter +#undef parameter_len + +#undef ck_mechanism_info +#undef min_key_size +#undef max_key_size + +#undef ck_rv_t +#undef ck_notify_t + +#undef ck_function_list + +#undef ck_createmutex_t +#undef ck_destroymutex_t +#undef ck_lockmutex_t +#undef ck_unlockmutex_t + +#undef ck_c_initialize_args +#undef create_mutex +#undef destroy_mutex +#undef lock_mutex +#undef unlock_mutex +#undef reserved + +#endif /* CRYPTOKI_COMPAT */ + + +/* System dependencies. */ +#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) +#pragma pack(pop, cryptoki) +#endif + +#if defined(__cplusplus) +} +#endif + +#endif /* PKCS11_H */ diff --git a/p11-kit/util.c b/p11-kit/util.c new file mode 100644 index 0000000..516e70b --- /dev/null +++ b/p11-kit/util.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#include "config.h" + +#include "util.h" + +#include + +void* +xrealloc (void *memory, size_t length) +{ + void *allocated = realloc (memory, length); + if (!allocated) + free (memory); + return allocated; +} diff --git a/p11-kit/util.h b/p11-kit/util.h new file mode 100644 index 0000000..73f06ec --- /dev/null +++ b/p11-kit/util.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2011 Collabora Ltd + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * + * CONTRIBUTORS + * Stef Walter + */ + +#ifndef __UTIL_H__ +#define __UTIL_H__ + +#include + +void* xrealloc (void *memory, size_t length); + +#endif /* __UTIL_H__ */ diff --git a/tests/Makefile.am b/tests/Makefile.am index 92dba16..3719a64 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,7 +1,7 @@ INCLUDES = \ -I$(top_srcdir) \ - -I$(top_srcdir)/module \ + -I$(top_srcdir)/p11-kit \ -Icutest \ -DSRCDIR=\"$(srcdir)\" @@ -11,13 +11,13 @@ noinst_PROGRAMS = \ uri-test hash_test_LDADD = \ - $(top_builddir)/module/libp11-kit-testable.la + $(top_builddir)/p11-kit/libp11-kit-testable.la conf_test_LDADD = \ - $(top_builddir)/module/libp11-kit-testable.la + $(top_builddir)/p11-kit/libp11-kit-testable.la uri_test_LDADD = \ - $(top_builddir)/module/libp11-kit-testable.la + $(top_builddir)/p11-kit/libp11-kit-testable.la check-am: ./hash-test diff --git a/tests/uri-test.c b/tests/uri-test.c index 40e301a..631d39f 100644 --- a/tests/uri-test.c +++ b/tests/uri-test.c @@ -79,7 +79,7 @@ test_uri_parse (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:", P11_KIT_URI_PARSE_MODULE, uri); + ret = p11_kit_uri_parse ("pkcs11:", P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, is_module_empty (uri)); @@ -98,8 +98,8 @@ test_uri_parse_bad_scheme (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("http:\\example.com\test", P11_KIT_URI_PARSE_ANY, uri); - CuAssertIntEquals (tc, P11_KIT_URI_BAD_PREFIX, ret); + ret = p11_kit_uri_parse ("http:\\example.com\test", P11_KIT_URI_IS_ANY, uri); + CuAssertIntEquals (tc, P11_KIT_URI_BAD_SCHEME, ret); p11_kit_uri_free (uri); } @@ -114,7 +114,7 @@ test_uri_parse_with_label (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label", P11_KIT_URI_PARSE_ANY, uri); + ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label", P11_KIT_URI_IS_ANY, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, is_module_empty (uri)); @@ -138,7 +138,7 @@ test_uri_parse_with_label_and_klass (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;objecttype=cert", P11_KIT_URI_PARSE_ANY, uri); + ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;objecttype=cert", P11_KIT_URI_IS_ANY, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); attr = p11_kit_uri_get_attribute (uri, CKA_LABEL); @@ -164,7 +164,7 @@ test_uri_parse_with_id (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:id=%54%45%53%54%00", P11_KIT_URI_PARSE_OBJECT, uri); + ret = p11_kit_uri_parse ("pkcs11:id=%54%45%53%54%00", P11_KIT_URI_IS_OBJECT, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); /* Note that there's a NULL in the attribute (end) */ @@ -186,7 +186,7 @@ test_uri_parse_with_bad_string_encoding (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:object=Test%", P11_KIT_URI_PARSE_OBJECT, uri); + ret = p11_kit_uri_parse ("pkcs11:object=Test%", P11_KIT_URI_IS_OBJECT, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_ENCODING, ret); p11_kit_uri_free (uri); @@ -201,7 +201,7 @@ test_uri_parse_with_bad_hex_encoding (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:object=T%xxest", P11_KIT_URI_PARSE_OBJECT, uri); + ret = p11_kit_uri_parse ("pkcs11:object=T%xxest", P11_KIT_URI_IS_OBJECT, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_ENCODING, ret); p11_kit_uri_free (uri); @@ -232,7 +232,7 @@ test_uri_parse_with_token (CuTest *tc) CuAssertPtrNotNull (tc, uri); ret = p11_kit_uri_parse ("pkcs11:token=Token%20Label;serial=3333;model=Deluxe;manufacturer=Me", - P11_KIT_URI_PARSE_TOKEN, uri); + P11_KIT_URI_IS_TOKEN, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); token = p11_kit_uri_get_token_info (uri); @@ -253,7 +253,7 @@ test_uri_parse_with_token_bad_encoding (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:token=Token%", P11_KIT_URI_PARSE_TOKEN, uri); + ret = p11_kit_uri_parse ("pkcs11:token=Token%", P11_KIT_URI_IS_TOKEN, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_ENCODING, ret); p11_kit_uri_free (uri); @@ -268,7 +268,7 @@ test_uri_parse_with_bad_syntax (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:token", P11_KIT_URI_PARSE_ANY, uri); + ret = p11_kit_uri_parse ("pkcs11:token", P11_KIT_URI_IS_ANY, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_SYNTAX, ret); p11_kit_uri_free (uri); @@ -285,7 +285,7 @@ test_uri_parse_with_library (CuTest *tc) CuAssertPtrNotNull (tc, uri); ret = p11_kit_uri_parse ("pkcs11:library-description=The%20Library;library-manufacturer=Me", - P11_KIT_URI_PARSE_MODULE, uri); + P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); info = p11_kit_uri_get_module_info (uri); @@ -305,7 +305,7 @@ test_uri_parse_with_library_bad_encoding (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:library-description=Library%", P11_KIT_URI_PARSE_MODULE, uri); + ret = p11_kit_uri_parse ("pkcs11:library-description=Library%", P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_ENCODING, ret); p11_kit_uri_free (uri); @@ -321,7 +321,7 @@ test_uri_build_empty (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertStrEquals (tc, "pkcs11:", string); free (string); @@ -355,14 +355,14 @@ test_uri_build_with_token_info (CuTest *tc) set_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me"); set_space_string (token->model, sizeof (token->model), "Deluxe"); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertPtrNotNull (tc, string); check = p11_kit_uri_new (); CuAssertPtrNotNull (tc, check); - ret = p11_kit_uri_parse (string, P11_KIT_URI_PARSE_TOKEN, check); + ret = p11_kit_uri_parse (string, P11_KIT_URI_IS_TOKEN, check); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); p11_kit_uri_match_token_info (check, p11_kit_uri_get_token_info (uri)); @@ -392,7 +392,7 @@ test_uri_build_with_token_null_info (CuTest *tc) token = p11_kit_uri_get_token_info (uri); set_space_string (token->label, sizeof (token->label), "The Label"); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, strstr (string, "token=The%20Label") != NULL); @@ -417,7 +417,7 @@ test_uri_build_with_token_empty_info (CuTest *tc) set_space_string (token->label, sizeof (token->label), ""); set_space_string (token->serialNumber, sizeof (token->serialNumber), ""); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, strstr (string, "token=") != NULL); @@ -457,13 +457,13 @@ test_uri_build_with_attributes (CuTest *tc) at.ulValueLen = sizeof (klass); ret = p11_kit_uri_set_attribute (uri, &at); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); check = p11_kit_uri_new (); CuAssertPtrNotNull (tc, check); - ret = p11_kit_uri_parse (string, P11_KIT_URI_PARSE_ANY, check); + ret = p11_kit_uri_parse (string, P11_KIT_URI_IS_ANY, check); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); attr = p11_kit_uri_get_attribute (check, CKA_LABEL); @@ -501,7 +501,7 @@ test_uri_parse_private_key (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:objecttype=private", P11_KIT_URI_PARSE_OBJECT, uri); + ret = p11_kit_uri_parse ("pkcs11:objecttype=private", P11_KIT_URI_IS_OBJECT, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); @@ -522,7 +522,7 @@ test_uri_parse_secret_key (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:objecttype=secretkey", P11_KIT_URI_PARSE_OBJECT, uri); + ret = p11_kit_uri_parse ("pkcs11:objecttype=secretkey", P11_KIT_URI_IS_OBJECT, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); @@ -543,33 +543,33 @@ test_uri_parse_library_version (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:library-version=2.101", P11_KIT_URI_PARSE_MODULE, uri); + ret = p11_kit_uri_parse ("pkcs11:library-version=2.101", P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); info = p11_kit_uri_get_module_info (uri); CuAssertIntEquals (tc, 2, info->libraryVersion.major); CuAssertIntEquals (tc, 101, info->libraryVersion.minor); - ret = p11_kit_uri_parse ("pkcs11:library-version=23", P11_KIT_URI_PARSE_MODULE, uri); + ret = p11_kit_uri_parse ("pkcs11:library-version=23", P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); info = p11_kit_uri_get_module_info (uri); CuAssertIntEquals (tc, 23, info->libraryVersion.major); CuAssertIntEquals (tc, 0, info->libraryVersion.minor); - ret = p11_kit_uri_parse ("pkcs11:library-version=23.", P11_KIT_URI_PARSE_MODULE, uri); + ret = p11_kit_uri_parse ("pkcs11:library-version=23.", P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret); - ret = p11_kit_uri_parse ("pkcs11:library-version=a.a", P11_KIT_URI_PARSE_MODULE, uri); + ret = p11_kit_uri_parse ("pkcs11:library-version=a.a", P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret); - ret = p11_kit_uri_parse ("pkcs11:library-version=.23", P11_KIT_URI_PARSE_MODULE, uri); + ret = p11_kit_uri_parse ("pkcs11:library-version=.23", P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret); - ret = p11_kit_uri_parse ("pkcs11:library-version=1000", P11_KIT_URI_PARSE_MODULE, uri); + ret = p11_kit_uri_parse ("pkcs11:library-version=1000", P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret); - ret = p11_kit_uri_parse ("pkcs11:library-version=2.1000", P11_KIT_URI_PARSE_MODULE, uri); + ret = p11_kit_uri_parse ("pkcs11:library-version=2.1000", P11_KIT_URI_IS_MODULE, uri); CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret); p11_kit_uri_free (uri); @@ -585,7 +585,7 @@ test_uri_parse_parse_unknown_objecttype (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:objecttype=unknown", P11_KIT_URI_PARSE_OBJECT, uri); + ret = p11_kit_uri_parse ("pkcs11:objecttype=unknown", P11_KIT_URI_IS_OBJECT, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); attr = p11_kit_uri_get_attribute (uri, CKA_CLASS); @@ -603,7 +603,7 @@ test_uri_parse_unrecognized (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:x-blah=some-value", P11_KIT_URI_PARSE_ANY, uri); + ret = p11_kit_uri_parse ("pkcs11:x-blah=some-value", P11_KIT_URI_IS_ANY, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); ret = p11_kit_uri_any_unrecognized (uri); @@ -622,7 +622,7 @@ test_uri_parse_too_long_is_unrecognized (CuTest *tc) CuAssertPtrNotNull (tc, uri); ret = p11_kit_uri_parse ("pkcs11:model=a-value-that-is-too-long-for-the-field-that-it-goes-with", - P11_KIT_URI_PARSE_ANY, uri); + P11_KIT_URI_IS_ANY, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); ret = p11_kit_uri_any_unrecognized (uri); @@ -651,7 +651,7 @@ test_uri_build_objecttype_cert (CuTest *tc) attr.ulValueLen = sizeof (klass); p11_kit_uri_set_attribute (uri, &attr); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, strstr (string, "objecttype=cert") != NULL); @@ -677,7 +677,7 @@ test_uri_build_objecttype_private (CuTest *tc) attr.ulValueLen = sizeof (klass); p11_kit_uri_set_attribute (uri, &attr); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, strstr (string, "objecttype=private") != NULL); @@ -703,7 +703,7 @@ test_uri_build_objecttype_public (CuTest *tc) attr.ulValueLen = sizeof (klass); p11_kit_uri_set_attribute (uri, &attr); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, strstr (string, "objecttype=public") != NULL); @@ -729,7 +729,7 @@ test_uri_build_objecttype_secret (CuTest *tc) attr.ulValueLen = sizeof (klass); p11_kit_uri_set_attribute (uri, &attr); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, strstr (string, "objecttype=secretkey") != NULL); @@ -751,7 +751,7 @@ test_uri_build_with_library (CuTest *tc) info = p11_kit_uri_get_module_info (uri); set_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Description"); - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, strstr (string, "library-description=The%20Description") != NULL); @@ -774,7 +774,7 @@ test_uri_build_library_version (CuTest *tc) info->libraryVersion.major = 2; info->libraryVersion.minor = 10; - ret = p11_kit_uri_format (uri, &string); + ret = p11_kit_uri_format (uri, P11_KIT_URI_IS_ANY, &string); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); CuAssertTrue (tc, strstr (string, "library-version=2.10") != NULL); @@ -817,7 +817,7 @@ test_uri_match_token (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:model=Giselle", P11_KIT_URI_PARSE_ANY, uri); + ret = p11_kit_uri_parse ("pkcs11:model=Giselle", P11_KIT_URI_IS_ANY, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); set_space_string (token.label, sizeof (token.label), "A label"); @@ -854,7 +854,7 @@ test_uri_match_module (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:library-description=Quiet", P11_KIT_URI_PARSE_ANY, uri); + ret = p11_kit_uri_parse ("pkcs11:library-description=Quiet", P11_KIT_URI_IS_ANY, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Quiet"); @@ -909,7 +909,7 @@ test_uri_match_attributes (CuTest *tc) uri = p11_kit_uri_new (); CuAssertPtrNotNull (tc, uri); - ret = p11_kit_uri_parse ("pkcs11:object=Fancy;id=Blah;objecttype=data", P11_KIT_URI_PARSE_ANY, uri); + ret = p11_kit_uri_parse ("pkcs11:object=Fancy;id=Blah;objecttype=data", P11_KIT_URI_IS_ANY, uri); CuAssertIntEquals (tc, P11_KIT_URI_OK, ret); ret = p11_kit_uri_match_attributes (uri, attrs, 4); -- cgit v1.2.1